CRSF token error in setup when migrating departements
Description
When using FD setup to migrate departements, we get this error:
Fatal error: Uncaught FusionDirectoryException: CSRF protection token missing in /usr/share/fusiondirectory/include/class_CSRFProtection.inc:29 Stack trace: #0 /usr/share/fusiondirectory/html/setup.php(55): CSRFProtection::check() #1 {main} thrown in /usr/share/fusiondirectory/include/class_CSRFProtection.inc on line 29
In Apache logs:
[Mon Jun 17 15:42:39.744910 2019] [:error] [pid 26385] [client 192.168.252.190:40046] PHP Warning: Unknown: Input variables exceeded 1000. To increase the limit change max_input_vars in php.ini. in Unknown on line 0, referer: http://orc.agglonet.com/fusiondirectory/setup.php
[Mon Jun 17 15:42:39.755546 2019] [:error] [pid 26385] [client 192.168.252.190:40046] PHP Fatal error: Uncaught FusionDirectoryException: CSRF protection token missing in /usr/share/fusiondirectory/include/class_CSRFProtection.inc:29\nStack trace:\n#0 /usr/share/fusiondirectory/html/setup.php(55): CSRFProtection::check()\n#1 {main}\n thrown in /usr/share/fusiondirectory/include/class_CSRFProtection.inc on line 29, referer: http://orc.agglonet.com/fusiondirectory/setup.php
The PHP warning limit about max_input_vars
should be at the origin of the issue, but FD should catch the error.
Distribution Name and Version
Debian stretch
FusionDirectory Version
3.1
PHP version used
PHP 7.0.33-0+deb9u3 (cli) (built: Mar 8 2019 10:01:24) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
with Zend OPcache v7.0.33-0+deb9u3, Copyright (c) 1999-2017, by Zend Technologies
Origin of php packages
FD repository
Steps to Reproduce
- Install FD
- Run setup
- Migrate more thant 1000 departements
Expected behavior:
Migration of departements, or a warning
Actual behavior:
Fatal error
Reproduces how often:
100%