PDA

View Full Version : Passing title to newthread form


fairydust
08-26-2009, 02:15 PM
I want someone to be able to enter in the thread title on one page for a particular forum and then be brought to the newthread form to fill in the rest of the details.

I have a simple form in a new template:


<form action="$vboptions[bburl]/newthread.php?do=newthread&f=2" method="post">
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
<strong>Subject: </strong>
<input name="subject" type="text" />
</form>


It works with my code perfectly when a user is logged in, however when a user is not logged in there is a problem

I get redirected to the sign-in page (Perfectly acceptable :)), but when I sign-in and I get the following error:

"Your submission could not be processed because a security token was missing or mismatched.

If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error."


As a workaround I have tried using the $vbulletin->csrf_skip_list[] = 'newthread' ;in the init_startup hook but it does not make any difference. Anyway I am not sure that this is a good solution.


Any suggestions appreciated

James Birkett
08-26-2009, 03:47 PM
view this thread (http://www.vbulletin.com/forum/showthread.php?t=296967) for security token help

fairydust
09-09-2009, 08:42 AM
I am still using version 3.7 therefore it is not anything to do with 3.8.

I also set up a vanilla style and the problem still occurred, albeit I was still using my little form.

I disabled the blog as I am using 1.05 but still no joy.

Is there a way of turning this check off?

Lynne
09-09-2009, 02:49 PM
Security tokens where added in 3.6.10. That article is in regards to all versions that have the security token added.

fairydust
09-09-2009, 03:41 PM
The inital section was about uploading 3.8 files, but I have gone through the articles.

As I mention above I tried to use the csrf_skip_list but I still can't get it to work. A lot of the article seems to be around isolating whats causing the error. I'm trying to write a plugin that causes the error to occur so I know the code that indirectly causing it I just don't know how to fix it.

Is there any other way of turning it off for posting new threads from within vb environment.

Lynne
09-09-2009, 04:06 PM
Did you see the article here - Implementing CSRF Protection in modifications (https://vborg.vbsupport.ru/showthread.php?t=177013). It talks about exempting certain actions. You'll see it tells you two pieces of code you can use depending on what you are doing.