使用magento安全网址进行操作时,表单提交无效

时间:2021-08-04 20:00:43

I have a from that when submit runs a little php to export data to a csv. The php looks like :

我有一个来自提交运行一点点PHP以将数据导出到csv。 php看起来像:

$out = '';
if (isset($_POST['csv_hdr'])) {
$out .= $_POST['csv_hdr'];
$out .= "\n";
}

if (isset($_POST['csv_text'])) {
$out .= $_POST['csv_text'];
}

$filename = "z_".date("Y-n-d",time());
header("Content-type: application/vnd.ms-excel");
header("Content-disposition: csv" . date("Y-n-d") . ".csv");
header("Content-disposition: filename=".$filename.".csv");
print $out;
exit;

This works fine if I do a normal path to the php file like :

如果我执行php文件的正常路径,这可以正常工作,如:

<form name="export"  action="http://website.com/getcsv.php"  method="post"> 

I am trying to move this php function into a controller now and call it that way. I am working on a magento admin module so I have to pass the url with the security key. So I move that function into an action in the controller :

我正在尝试将此php函数移动到控制器中并以此方式调用它。我正在研究magento管理模块,所以我必须使用安全密钥传递url。所以我将该函数移动到控制器中的一个动作中:

public function getcsvAction(){
    $out = '';
    ...
}

Then I am able to get the url with something like :

然后我能够得到这样的网址:

<?php echo Mage::helper("adminhtml")->getUrl("module/index/getcsv/");?>

This gives me a link with the key like :

这给了我一个关键的链接,如:

http://website.com/module/index/getcsv/key/7431c859914c40d3f66dfcd1530813b3/

If I paste that link into the browser it executes the php fine. However when I replace it in my form action it no longer works and just does a redirect to the dashboard. I can not see any errors output and I am not sure what is happening. Any ideas on how to get this POST to work using a secure path as the action?

如果我将该链接粘贴到浏览器中它执行php罚款。但是,当我在表单操作中替换它时,它不再有效,只是重定向到仪表板。我看不出任何错误输出,我不确定发生了什么。有关如何使用安全路径作为操作使此POST工作的任何想法?

2 个解决方案

#1


3  

I found it thanks to this post.

我发现这要归功于这篇文章。

I needed to add this to the form :

我需要将其添加到表单中:

<input type="hidden" name="form_key" value="<? echo $this->getFormKey(); ?>" /> 

#2


1  

Your URL is missing the adminhtml area. Try this:

您的网址缺少adminhtml区域。尝试这个:

Mage::helper("adminhtml")->getUrl("*/module/index/getcsv/");

#1


3  

I found it thanks to this post.

我发现这要归功于这篇文章。

I needed to add this to the form :

我需要将其添加到表单中:

<input type="hidden" name="form_key" value="<? echo $this->getFormKey(); ?>" /> 

#2


1  

Your URL is missing the adminhtml area. Try this:

您的网址缺少adminhtml区域。尝试这个:

Mage::helper("adminhtml")->getUrl("*/module/index/getcsv/");