by mycrm

Allows Marketers to use Sugar for lightweight Drip E-Mail Campaigns.

Includes a 30 day guarantee
Try it Now

By clicking you consent to share your profile with the developer

#3548 - CSRF Error on Create Email Marketing screen

Closed Bug? created by justindaniels Verified Purchase 5 years ago

We are getting this error when we attempt to save the Screenshot at 2018-02-07 11-20-11.png Cross Site Request Forgery (XSRF) Attack Detected Form authentication failure (EmailMarketing -> Save). Contact your administrator.

With log files saying this: Wed Feb 7 11:12:12 2018 [27102][a80bac5a-266a-ab5a-ce72-50c2868af18e][FATAL] CSRF: attack vector detected, missing form token field Wed Feb 7 11:12:12 2018 [27102][a80bac5a-266a-ab5a-ce72-50c2868af18e][FATAL] CSRF: auth failure for EmailMarketing -> Save

This happens when we attempt to click "Save" **on the **"Create Email Marketing" screen. Any ideas on what we need to look for? We've tried all the suggestions from this link:

http://support.sugarcrm.com/Knowledge_Base/Troubleshooting/Troubleshooting_Cross-Site_Forgery_Messages/

  1. clemensvd member avatar

    mycrm Provider Affiliate

    5 years ago

    Hi,

    Could you let us know the Sugar edition and version?

    Then, weƬ`ll start to look into the issue

    Thanks Clemens

  2. justindaniels member avatar

    justindaniels Verified Purchase

    5 years ago

    **SugarCRM Professional, Version 7.8.2.2 (Build 50) **

    Since adding this case, we've tried several things. What we have found is that it might be something to do with csrf_token POST fields in the form not being passed in the Email Marketing -> Create screen. That form looks like this:

    <

    form name="EditView" method="POST" action="index.php">

    To contrast, a screen right above it that does work Tracker URLS ->Create is passing the token and works correctly:

    <

    form name="EditView" method="POST" action="index.php" enctype="multipart/form-data">

    I hope this helps, we were not able to find a way to update the existing templates to pass this value (but we're obviously trying to find a solution to this).

  3. justindaniels member avatar

    justindaniels Verified Purchase

    5 years ago

    Here are those form fields escaped: ** Email Marketing -> Create** = broken

    <form name="EditView" method="POST" action="index.php">
        <input type="hidden" name="module" value="EmailMarketing">
        <input type="hidden" name="record" value="">
        <input type="hidden" name="action">
    

    Tracker URLS ->Create = working

    <form name="EditView" method="POST" action="index.php" enctype="multipart/form-data">
    **<input type="hidden" name="csrf_token" value="*************************************" />**
                <input type="hidden" name="module" value="CampaignTrackers">
                <input type="hidden" name="record" value="">
                <input type="hidden" name="action">
    
  4. clemensvd member avatar

    mycrm Provider Affiliate

    5 years ago

    Hi Justin,

    I have emailed you a new version of the module. Please check your email.

    Thanks Michael

This case is public. Please leave out any sensitive information such as URLs, passwords, etc.
Saving Comment Saving Comment...