TYPO3 Core

As a temporary solution, could you please try the attached patch?

have the same problem with extdirect stores which worked until some days before ...

These code snipepts are part of ext:ks_sitemgr

I do use ExtDirect with stores and get:

0 [internal function]: t3lib_extjs_ExtDirectRouter->route(Array,
Object(TYPO3AJAX))
#1 <..>\t3-4_5\t3lib\class.t3lib_div.php(5134):
call_user_func_array(Array, Array)
#2 <..>\t3-4_5\typo3\ajax.php(73):
t3lib_div::callUserFunction('t3lib/extjs/cla...', Array,
Object(TYPO3AJAX), false, true)
#3 {main}

I used the following code to register my extdirect functions:
$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ExtDirect']['TYPO3.ks_sitemgr.tabs'] =
'EXT:ks_sitemgr/lib/class.tx_ks_sitemgr_direct.php:tx_ks_sitemgr_direct';

So where is the problem?

The extension uses the above called class to call subfunctions (routing)
as it allows to register some childrens.

Did you try if the attached patch solves the issue?

patched,
cleared cache,
logged out,
same problem. :(((

ExtDirect: Invalid Security Token!
Backtrace:

#0 [internal function]: t3lib_extjs_ExtDirectRouter->route(Array, Object(TYPO3AJAX))
#1 E:\devenv\mowesII\www\t3-4_5\t3lib\class.t3lib_div.php(5134): call_user_func_array(Array, Array)
#2 E:\devenv\mowesII\www\t3-4_5\typo3\ajax.php(73): t3lib_div::callUserFunction('t3lib/extjs/cla...', Array, Object(TYPO3AJAX), false, true)
#3 {main}

there is no need to reloging (i assume expiring session) to reproduce the problem i described above - it's always there

for me this is a blocker - is there a solution on the horizon?

The Ext stuff can be fixed (the Ext-Exceptions will not show up any more), but if there is any open form which has form tokens in it, they will be invalid. I have no solution for that.

my extension loads 4 stores after onReady is thrown - all the stores are empty, as there are these f*** exceptions ...

It's ok to show up the exceptions to see that there is an error - but there must be a solution to fix that and get my extension working again.
it worked 2 years now ;) and short before 4.5 release it's broken - that's what frustrates me - why not in the beta's.
So for me the integration came to late :(( - even if i would like to have such a securityfeature.

will there be a way to disable this protection mechanism?

additionally i was not able to delete a template record via listmodule contextmenu (workaround edit > click on trashbin in tceform)

Attached patch solves the issue by reloading the backend after login.

Sorry, no other solution atm.

no sry, i updated to trunk and repatched with you v2 - same problem

clicking on Web > List first time shows the following error 3 times:
Die Validierung des Sicherheitstokens dieses Formulars ist fehlgeschlagen. Bitte laden Sie das Formular erneut und schicken Sie es dann noch einmal ab.

clicking in trunk 10309 on Web > List first time shows the following error 5 times:
Die Validierung des Sicherheitstokens dieses Formulars ist fehlgeschlagen. Bitte laden Sie das Formular erneut und schicken Sie es dann noch einmal ab.

Kay, sorry for any inconvenience and yes I agree it would have been better to integrate this earlier. Nevertheless, please stay pollite, thanks.

Now to the issue. This only happens is the user session is lost anyway.

So reloading the backend is the only solution I have.

Hi Helmut,

i meant you don't need to be sorry with the words : "no, sry"

It's fully ok to have bugs/problems in the pre release phase. I would also change everything what needs to be done to upgrade my extensions.

i would also like to help with more information if you tell me what i can tell you to find a solution (i try to answer fast, because of the sheduled release date ;)

I also examined the new extensionmanager to find a solution as it seems to work quite well with the new xsrf protection - i can't find any difference in typo3/sysext/em/res/js/em_languages.js to my store.

Thanks

Kay, after debugging your code I found the problem.

Just remove the following line in your extjs.js:
Ext.Direct.addProvider(Ext.app.ExtDirectAPI['TYPO3.ks_sitemgr']);

This might have worked previously, but was not the right way to do it.

If you remove it, the the token gets automatically injected in the call of your application and makes it more secure en passant. Nice isn't it?

Now you owe me a beer ;)

you are a god ;)

I used a tutorial to generate the TYPO3 specific stuff :(

But you're right the current wiki article (i don't know if that was the tutorial) doesn't mention the above function.
http://wiki.typo3.org/ExtDirect

I added a hint about how to solve that problem http://wiki.typo3.org/ExtDirect#ExtDirect:_Invalid_Security_Token.21 .

How can i owe you a beer? Sadly never found the time to visit a T3con/BarCamp - so that can be hard if there isn't a different way ;)

THANKS a lot
Kay

Jochen, can you confirm that this issue is fixed?

I can confirm this issue on https://svn.typo3.org/TYPO3v4/Core/trunk@10332 2010-01-26 13:00 (which is more recent than RC3!)

pn@delle:/usr/local/typo3_src_git/trunk$ grep -r 'Ext.Direct.addProvider(Ext.app' *
t3lib/class.t3lib_pagerenderer.php: var provider = Ext.Direct.addProvider(Ext.app.ExtDirectAPI[api]);

sry, I didn't track the development on this. Is this ^{^^} code outdated and the cause of the problem?

@Peter:
For me the following line was the problem:

Ext.Direct.addProvider(Ext.app.ExtDirectAPI[api]);

so lets say yes!
I simply removed that line and everything was fine ;)

Currently I just cant (re-)produce the error anymore.... so I let it stay for another while and see if it comes back again...

Please always use the following API function to add the ext direct provider registration code!

$pageRenderer->addExtDirectCode();

This code can not be used anymore since the integration of the CSRF protection. Please keep this in mind and follow the ExtDirect documentation in the TYPO3 wiki.

Ext.Direct.addProvider(Ext.app.ExtDirectAPI[api]);

Please don't mix the issues!!!

The original post (from Jochen, see his description) was about the relogin, where security tokens are not valid anymore (because the old session might have expired). This is as far as I recall not completely solved yet.

The whole ExtDirect troubles are not "directly" related to this story, so consider opening another issue for that if this is still a problem in 4.5.0 final.

so basicly 17203 and 17247 seem to be quite the same(?).

the problem is triggered by the timeout of the BE-Session.

Currently I use:
$TYPO3_CONF_VARS['BE']['showRefreshLoginPopup'] = '';

> After timeout and resubmitting my pw I (re)login but eventually will be faced with these erros until i reload the backend twice.

There are two different issues at relogin:

1) One is the ExtDirect calls, which are the worse part, because many parts of the BE which are not reloaded doesn't work anymore (pagetree, context sensitive help, ...). This should be fixed with #24870 (pending in core, please test).

2) The other are open forms which haven't been submitted yet: The token is in a hidden field, and if the session has expired in the meantime, the session data (including the original tokens) are gone, so when saving that form after the relogin won't be able to validate them.

To keep issues focused, I close this "generic" one and keep both new issues open:

for 1) => #24870
for 2) => #24870

Thanks!