I have a from that when submit runs a little php to export data to a csv. The php looks like :
$out = '';
if (isset($_POST['csv_hdr'])) {
$out .= $_POST['csv_hdr'];
$out .= "
";
}
if (isset($_POST['csv_text'])) {
$out .= $_POST['csv_text'];
}
$filename = "z_".date("Y-n-d",time());
header("Content-type: application/vnd.ms-excel");
header("Content-disposition: csv" . date("Y-n-d") . ".csv");
header("Content-disposition: filename=".$filename.".csv");
print $out;
exit;
This works fine if I do a normal path to the php file like :
<form name="export" action="http://website.com/getcsv.php" method="post">
I am trying to move this php function into a controller now and call it that way. I am working on a magento admin module so I have to pass the url with the security key. So I move that function into an action in the controller :
public function getcsvAction(){
$out = '';
...
}
Then I am able to get the url with something like :
<?php echo Mage::helper("adminhtml")->getUrl("module/index/getcsv/");?>
This gives me a link with the key like :
http://website.com/module/index/getcsv/key/7431c859914c40d3f66dfcd1530813b3/
If I paste that link into the browser it executes the php fine. However when I replace it in my form action it no longer works and just does a redirect to the dashboard. I can not see any errors output and I am not sure what is happening. Any ideas on how to get this POST to work using a secure path as the action?
I found it thanks to this post.
I needed to add this to the form :
<input type="hidden" name="form_key" value="<? echo $this->getFormKey(); ?>" />
Your URL is missing the adminhtml area. Try this:
Mage::helper("adminhtml")->getUrl("*/module/index/getcsv/");