vb.org Archive
Page 16 of 18 « First 61415 16 1718
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Programming Articles (https://vborg.vbsupport.ru/forumdisplay.php?f=188)
-   -   Implementing CSRF Protection in modifications (https://vborg.vbsupport.ru/showthread.php?t=177013)

Lynne 03-16-2009 03:49 AM
That query will most likely not catch modification templates or plugins where they don't have the securitytoken nor will it catch if it is a javascript problem. You can try disabling your modifications and seeing if the error goes away.

Big-K 03-17-2009 05:37 PM
Hello,

I'm trying to implement an add-on (ZP Poll) that shows vb polls in a non-vb page (joomla). Everything works well until users try to vote , then they get the security token issue. This hack is not resident in vbulletin and the only line with a form is
Code:
<form action=\"" . $directory . "/poll.php?do=pollvote&amp;pollid=\"" . $pollid . "\" method=\"post\">"
Any ideas on what I can do please?

Lynne 03-17-2009 05:49 PM
You should ask the author of that modification for help adding the securitytoken.

Big-K 03-17-2009 07:03 PM
1 Attachment(s)
Hi Lynne,

I've been trying to get hold of the developer for days. I was hoping there is a generic way to add tokens to such non-vb pages. I'm attaching the script so you can advise on where I could add the token ?

Lynne 03-17-2009 07:11 PM
I'm no CSRF expert at all. I was able to just add the line to all my custom mods and everything worked perfectly. You can try adding the securitytoken right after the form line you posted above and see if that works.

ndL 05-09-2009 01:06 PM
i have problem with a theme header ( i think so ) quick search (java one) doesnt work with this theme:

where to add special lines to make it work? here is the script

Code:
<!-- designed by hanafi@enthropia.com/napy8gen@yahoo.co.uk for forumtemplates.com -->

<a name="top"></a>
<table width="80%" border="0" align="center" cellpadding="0" cellspacing="0" class="wrapper" style="height:100%;">
  <tr>
    <td class="headerwrap"><table width="100%" border="0" cellspacing="0" cellpadding="0">
      <tr>
        <td valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0" class="headerwrap2">
          <tr>
            <td><a href="$vboptions[forumhome].php$session[sessionurl_q]">&nbsp;&nbsp;&nbsp;<img src="images/lily/lily_logo.gif" alt="$vboptions[bbtitle]" width="285" height="140" border="0" id="lily_logo" /></a></td>
          </tr>
          <tr>
            <td class="navwrap">
                       
<!-- nav buttons bar -->
    <table id="navstyle" cellpadding="$stylevar[cellpadding]" cellspacing="0" border="0" width="100%" align="center" style="border-top-width:0px">
    <tr align="center">
        <if condition="$show['member']">
            <td><a href="usercp.php$session[sessionurl_q]">$vbphrase[user_cp]</a></td>
        </if>
        <if condition="$show['registerbutton']">
            <td><a href="register.php$session[sessionurl_q]" rel="nofollow">$vbphrase[register]</a></td>
        </if>
        $template_hook[navbar_buttons_left]
        <td><a href="faq.php$session[sessionurl_q]" accesskey="5">$vbphrase[faq]</a></td>
        <td><a href="memberlist.php$session[sessionurl_q]">$vbphrase[members_list]</a></td>
        <td><a href="calendar.php$session[sessionurl_q]">$vbphrase[calendar]</a></td>
        <if condition="$show['popups']">     
            <if condition="$show['searchbuttons']">
                <if condition="$show['member']">
                <td><a href="search.php?$session[sessionurl]do=getnew" accesskey="2">$vbphrase[new_posts_nav]</a></td>
                <else />
                <td><a href="search.php?$session[sessionurl]do=getdaily" accesskey="2">$vbphrase[todays_posts]</a></td>
                </if>
                <td id="navbar_search" ><a href="search.php$session[sessionurl_q]" accesskey="4" rel="nofollow">$vbphrase[search]</a>

 <if condition="$show['quicksearch']">

<script type="text/javascript"> vbmenu_register("navbar_search"); </script></if></td>
            </if>
            <if condition="$show['member']">
                <td id="usercptools" ><a href="$show[nojs_link]#usercptools">$vbphrase[quick_links]</a> <script type="text/javascript"> vbmenu_register("usercptools"); </script></td>     
            </if>
        <else />     
            <if condition="$show['searchbuttons']">
                <td><a href="search.php$session[sessionurl_q]" accesskey="4">$vbphrase[search]</a></td>
                <if condition="$show['member']">
                <td><a href="search.php?$session[sessionurl]do=getnew" accesskey="2">$vbphrase[new_posts_nav]</a></td>
                <else />
                <td><a href="search.php?$session[sessionurl]do=getdaily" accesskey="2">$vbphrase[todays_posts]</a></td>
                </if>
            </if>
            <td><a href="forumdisplay.php?$session[sessionurl]do=markread" rel="nofollow">$vbphrase[mark_forums_read]</a></td>
            <if condition="$show['member']">         
                <td><a href="#" onclick="window.open('misc.php?$session[sessionurl]do=buddylist&amp;focus=1','buddylist','statusbar=no,menubar=no,toolbar=no,scrollbars=yes,resizable=yes,width=250,height=300'); return false;">$vbphrase[open_buddy_list]</a></td>         
            </if>         
        </if>
        $template_hook[navbar_buttons_right]
        <if condition="$show['member']">
            <td><a href="login.php?$session[sessionurl]do=logout&amp;logouthash=$bbuserinfo[logouthash]" onclick="return log_out('$vbphrase[sure_you_want_to_log_out]')">$vbphrase[log_out]</a></td>
        </if>
    </tr>
    </table>

<!-- / nav buttons bar -->
                       
                       
                        </td>
          </tr>
        </table></td>
        <td class="headerR">&nbsp;</td>
      </tr>
    </table></td>
  </tr>
 
  <tr>
    <td valign="top" class="cwrap">
<!-- /end long header part -->

<!-- content table -->
$spacer_open
<br/>
<div align="center">@vbbanners@</div>
$_phpinclude_output

Lynne 05-09-2009 02:58 PM
Quote:
Originally Posted by ndL (Post 1807462)
i have problem with a theme header ( i think so ) quick search (java one) doesnt work with this theme:

where to add special lines to make it work? here is the script
If you think it's a problem with a particular mod, go read the mod thread and see if anyone posted the fix in there. There was also a discussion in this thread about fixing javascript (not java, that is very different) problems. Did you read the thread at all?

mokujin 05-09-2009 08:40 PM
Hi Lynne, do you know how to make the Default var?
Thank you

Lynne 05-10-2009 02:43 AM
Quote:
Originally Posted by mokujin (Post 1807691)
Hi Lynne, do you know how to make the Default var?
Thank you
I don't understand what you mean, sorry.

mokujin 05-10-2009 04:37 PM
Quote:
Originally Posted by Lynne (Post 1807821)
I don't understand what you mean, sorry.
Hi Lynne,
I mean how to make the AJAX call a script without click a button (or a link) when a user just loaded the page.
For example: I have Installed AJAX Advanced Forum Statistic.
I browse the index page, that Mod loads the Statistics using AJAX for the default.

I hope you understand what I mean.


All times are GMT. The time now is 07:11 PM.
Page 16 of 18 « First 61415 16 1718
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02315 seconds
  • Memory Usage 1,761KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete