SuiteCRM put up quite a fight when I tried to install it on a host I have with an ISP.
I tried installing 7.2.1 Max. Target platform is BSD, my desktop is OSX 10.10.3
For a start, I had to create the main DB manually after which SuiteCRM did the rest, without that I couldnât even get it started.
Post installation, I got several apparent âstallsâ when trying to set up SuiteCRM using Safari. When I switched to Firefox I got a âPossible Cross Site Request Forgery (XSRF) Attack Detectedâ message, which explained why nothing worked (but doesnât quite explain why this didnât show in Safari). I applied the suggested changes to config_override.php.
When I re-checked that file after saving a setup, it turns out it had processed those changes into something like this:
$sugar_config[âhttp_refererâ][âactionsâ][0] = âindexâ;
$sugar_config[âhttp_refererâ][âactionsâ][1] = âListViewâ;
$sugar_config[âhttp_refererâ][âactionsâ][2] = âDetailViewâ;
$sugar_config[âhttp_refererâ][âactionsâ][3] = âEditViewâ;
$sugar_config[âhttp_refererâ][âactionsâ][4] = âoauthâ;
$sugar_config[âhttp_refererâ][âactionsâ][5] = âauthorizeâ;
$sugar_config[âhttp_refererâ][âactionsâ][6] = âAuthenticateâ;
$sugar_config[âhttp_refererâ][âactionsâ][7] = âLoginâ;
$sugar_config[âhttp_refererâ][âactionsâ][8] = âSupportPortalâ;
$sugar_config[âhttp_refererâ][âactionsâ][9] = âSaveâ;
$sugar_config[âhttp_refererâ][âactionsâ][10] = âindexâ;
$sugar_config[âhttp_refererâ][âactionsâ][11] = âListViewâ;
$sugar_config[âhttp_refererâ][âactionsâ][12] = âDetailViewâ;
$sugar_config[âhttp_refererâ][âactionsâ][13] = âEditViewâ;
$sugar_config[âhttp_refererâ][âactionsâ][14] = âoauthâ;
$sugar_config[âhttp_refererâ][âactionsâ][15] = âauthorizeâ;
$sugar_config[âhttp_refererâ][âactionsâ][16] = âAuthenticateâ;
$sugar_config[âhttp_refererâ][âactionsâ][17] = âLoginâ;
$sugar_config[âhttp_refererâ][âactionsâ][18] = âSupportPortalâ;
$sugar_config[âhttp_refererâ][âactionsâ][19] = âSaveConfigâ;
$sugar_config[âhttp_refererâ][âlistâ][0] = âtest.xxxxxxxx.comâ;
(xxx to protect the innocent).
The weird thing is that this is required on the actual host - the code IS on the âtest.xxxxxxxx.comâ host so Iâm a bit confused why it thinks there is a cross scripting attack happening. The other annoying thing is that that [actions] array keeps expanding as I keep running into these alerts (note that that table already appears to have duplicates, yet it was a straight cut & paste from the cross scripting alert page)
Questions:
1 - is this a bug?
2 - if not, it needs a good workaround. Is there a way to just tell it to allow all actions from this host instead of slowly building up this list, otherwise this may happen again when itâs actually in production and Iâm not around to fix it.
Now I know how I can convince it to install Iâm going to nuke the current install (after preserving the carefully constructed config_override.php) and do it all again, but it would be nice not to have to worry about more trip ups.
On the plus side, the email setup worked pretty much from the word âgoâ.
Thanks in advance for any help.
EDIT: Update: I get this cross scripting attack alert for pretty much ANY action on the âadminâ screen.