You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2025-02-06 19:41:43

andres2204
Member
Registered: 2025-02-06
Posts: 3

Plugin´s creation

I want to know how to create a plugin that complies with CSRF, this plugin should consist of a form that is already created in my GLPI, with that data can generate a report in word format, with a custom template that I already have.

Offline

#2 2025-02-07 14:27:50

cconard96
Moderator
Registered: 2018-07-31
Posts: 3,235
Website

Re: Plugin´s creation

For CSRF, you just need to include a hidden input named "_glpi_csrf_token" in every form with the value set to a unique, generated CSRF token. These tokens can be generated from "Session::getNewCSRFToken" in PHP or the "csrf_token()" function in Twig templates.
In at least GLPI 10 and later, CSRF is enforced so if you don't protect your forms correctly, GLPI will tell you with an error message when you try to submit the form.

GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.

Offline

Pages: 1

Board footer

Powered by FluxBB