User login

Validation error on search form, contact site admin. But I am the site admin!

Search causes validation errors: how to disable caching for certain pages?

Not Boost!

Using search pages causes a validation error only when logged in.

It might be triggered by my consolidating the web pages onto one domain, and restricting the cookies to one domain slightly before that. When I looked at the code, the form token simply wasn't being produced-- the form element was a "" instead of a random alphanumeric string.

But the larger question for me is why is Drupal bothering to validate search forms in the first place? I mean, seriously? It's not necessary, that's why anonymous users can search: no form validation, no problems. All form validation on the infamous token seems to do for logged in users is produce problems.

So that's Agaric's line of attack, tell Drupal not to use validation for search forms, and pray all the other forms are working.

A number of people have had this problem in different situations. Mostly with custom forms, some without and no resolution, and one guy just restarted his browser.

Validation error, please try again. on 4.7.4
http://drupal.org/node/90808

I had this problem..
http://drupal.org/node/131037#comment-650617

http://drupal.org/node/89999

hook_form_alter implementation with switch on $form_id --

case 'search_form':
$form['#token'] = FALSE;
break;

caused "Validation error, please try again. If this error persists, please contact the site administrator." on the test site, that was working.

http://api.drupal.org/api/function/drupal_validate_form/5

<?php
function agaricmod_form_alter($form_id, &$form) {
// global $user; if ($user->uid==1) drupal_set_message("Form ID: " . $form_id);
// global $user; if ($user->uid==1) drupal_set_message('<pre>' . print_r($form, TRUE) . '</pre>');
  switch ($form_id) {  // not $form['#id']

    case 'search_form':
      $form['#token'] = FALSE;
      unset($form['#token']);
      break;
  }
}
?>

worked.

Probably only the second line (unset) is needed.

Ebony-II:wsf_action ben$ svn commit -m "patch to remove ids from search"

Resolution

Searched words: 
Boost doesn't work with search! boost search drupal boost.module search breaks validation exclude path from boost caching drupal boost exclude page validation error on search logged in users tell drupal do not set token for search Drupal form API token

Comments

Quick question about this ...

I've run in to this issue and I like your solution. I don't understand the naming convention of this code and if it goes in template.php or not.

Thanks for your help.
Some fantastic tips around your site. Cheers.

edit:
Hooked the function but still get the Validation error. This is my code.
I'm using a search block. About to switch runs. Not the form token message.

I'm using Search block (core). Drupal 5.6.

function search_form_alter($form_id, &$form) {
echo "about to switch";
switch ($form_id) { // not $form['#id']
case 'search_form':
echo "form token will be set to false";
$form['#token'] = FALSE;
unset($form['#token']);
break;
}
}

This is the code in my page template code file.

<?php
 print base_path()
?>
search/node/" accept-charset="UTF-8" method="post" id="search-block-form">

<?php
 print base_path() . path_to_theme()
?>
/images/go.gif" />
<?php
 print drupal_get_token('search_form');
?>
" />

More details

Yes, you need to create a module.
The module in the example above was called agaricmod and contained only one function: agaricmod_form_alter.

I have created a new modules on the modules directory, with the code abouve in the file

In my case, I needed to uncomment the commented lines in order to find the real name of the search form.

My module file, searchformfilter.module, looks like that:

<?php
function searchformalter_form_alter($form_id, &$form) {
  switch ($form_id) {  // not $form['#id']

    case 'search_theme_form':
    case 'search_block_form':
      $form['#token'] = FALSE;
      unset($form['#token']);
    break;
  }
// Optional printout to identify the form name.
// global $user; if ($user->uid==1) drupal_set_message("Form ID: " . $form_id);
// global $user; if ($user->uid==1) drupal_set_message('<pre style="direction:ltr;">' . print_r($form, TRUE) . '</pre>');

}
?>

Amnon
-
Professional: Drupal Israel | Drupal Development & Consulting | Eco-Healing
Personal: Hitech Dolphin: Regain Simple Joy :)

disable node form token?

So I am looking to disable tokens for a node form, so I can submit the node via html without the token value...so instead of case 'search_form' I am using case 'sale_node_form' (with sale being the name of the node type). So the module I created looks like this:

<?php
function agaricmod_form_alter($form_id, &$form) {
  switch ($form_id) {  // not $form['#id']

    case 'sale_node_form':
      $form['#token'] = FALSE;
      unset($form['#token']);
      break;
  }
}
?>

This is not working (I do not know how to enable the module...sorry I am fairly new at this). I still get the "Validation error on search form, contact site admin" error. I understand my issue is slightly different, but I feel that by disabling the tokens for this node, form submission via a custom html would work, and I would avoid the error... I am using drupal 5...

Thank you very much in advance!

To enable your module

You'll need to create a matching .info file and put it in the same folder, and of course put it all in sites/all/modules or somewhere else Drupal looks for modules. So, in your case, and agaricmod directory with an agaricmod.info file and an agaricmod.module file. See writing .info files for Drupal 5.

Agaric does not endorse the complete disabling of validation on node add/edit forms, though we admit we do want to override a certain validation error sometimes.

Great howto

I've experienced that "Validation Error" after I enable $cookie_domain on my settings.php file.
I've copied an entire search theme form object (with hidden fields) as seen as anonymous user, and i put into a static HTML file.

As anonymous user, the search box works, as authenticate I got that Validation Error. Adding it into my template.php solves the issue.

<?php
# ImageCache doesn't use hook_form_alter, so I put it into my template.php file (ugly but working)
function imagecache_form_alter(&$form, $form_state, $form_id) {
  if($form_id == 'search_form' || $form_id == 'search_theme_form' || $form_id == 'block_theme_form'){
      # cfr. http://agaricdesign.com/note/validation-error-search-form-contact-site-admin-but-i-am-site-admin
      $form['#token'] = FALSE;
      unset($form['#token']);
  }
}
?>

Thanks for the howto!

this isn't as simple as it looks and you might risk yor site

Hi,

I've run into this problem as well, on Drupal 6 site I'm "forming" with.
The problem is indeed caused by a Drupal FAPI which enforces, for authenticated users only, a check on each submitted form for its "token". Why do you need such a token? To avoid CSRF attacks. See this: http://en.wikipedia.org/wiki/CSRF

The last step I'll take will be to unset this form element, but hell, I might do just that. I've tried to manually setting it in the form definition (build) function to no avail. I still need to check altering the "cache" property of the form though. It might help.

Boaz.

I am all for the token

You are right about the important function of the token. And it is necessary. Even the "timeout" part, I can accept.

I just want a big "override" button after I get the validation error the first time :-)

Post new comment

The content of this field is kept private and will not be shown publicly.
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.
  • You can use Markdown syntax to format and style the text. Also see Markdown Extra for tables, footnotes, and more.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <blockquote> <small> <h2> <h3> <h4> <h5> <h6> <sub> <sup> <p> <br> <strike> <table> <tr> <td> <thead> <th> <tbody> <tt> <output>
  • Lines and paragraphs break automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.