Forum OpenACS Q&A: CSRF error on xowiki

Suddenly trying to list the xowiki pages of our company site https://www.oasisoftware.com via /xowiki/admin/list I get an error related to the ::__csrf_token.

I recently installed the latest naviserver-4.99.14 and I'm running xotcl-core 0.149 and xowiki 5.9.1d10 on oacs-5-9.

I can add and edit the xowiki pages and the site apparently works well. Here is an excerpt of the error:

wrong # args: should be "set var val"
while executing
"set ::__csrf_token"
invoked from within
"subst {
::html::input -type hidden -name __csrf_token -value [set ::__csrf_token] {}
}"
("uplevel" body line 2)
invoked from within
"uplevel $script"
(procedure "if" line 34)
invoked from within
"if {[info exists ::__csrf_token]} {
::html::input -type hidden -name __csrf_token -value [set ::__csrf_token] {}
}"
(procedure "::html::CSRFToken" line 2)
invoked from within
"::html::CSRFToken"
invoked from within
"html::th -class list {
html::input -type checkbox -name __bulkaction -onclick "acs_ListCheckAll('$name', this.checked)" -title "Mark/Unmark a..."
(procedure "render" line 4)
::template::t1::__columns::objects ::xo::Table::TABLE::BulkAction->render

Help!

Whatever "newest is": the versions running on OpenACS.org are:
* naviserver: 4.99.16d1
* xotcl-core: 0.155
* xowiki: 5.9.1d18
* acs-tcl: 5.9.1d14

Do you have a chance to upgrade xotcl-core, xowiki and acs-tcl to the latest versions (via CVS)?

I hope to be able to finish OpenACS 5.9.1 beta soon. After the release of OpenACS 5.9.1, the development will switch from oacs-5-9 to HEAD, and oacs-5.9 should be more stable.

Just to confirm that, after upgrading from cvs xotcl-core, xowiki, acs-tcl and the suggested dependencies , the csrf error disappeared.

I decided to stick to naviserver-4.99.14 to avoid stopping the other instances running on the server.

Thank You very much Gustaf for the usual prompt support.

Claudio