|
@hIBEES
You are using 3.7 RC4 and did not apply the patch for clientscript/vbulletin_global.js See http://www.vbulletin.com/forum/proje...?issueid=25287 |
I didn't apply the patch and I never saw any error.
|
it;s install me succesfully but how it;s works
|
Quote:
Thanks I am sure I have done that but will check again Quote:
vbOptions > Error Handling & Logging,its off by default,its at the bottom of the logging page |
Thanks Andreas I did indeed have the & missing,thought I had done that too.
All is well with the mood hack,thanks for this excellent add-on :up: |
OMG ty for this although still having issues. I did the global patch and am still getting notices regarding the security token with the help of your hack. So my question is now what? Thanks to your work I've been able to find out what's causing the error message and although it stopped popping up on my forums I'm still getting emails notifying me.
Should I be taking this now up with the creator of the mod? Or is there anything else I can do in the mean time since I've already left a message in the hack thread. |
Thank you for the hack Andreas.
I'm having an issue with my hide hack (itsid). I hit quickreply and receive this error over the hidden content. (instead of revealing the content) Knowing that, I installed this hack to see what the issue is. This is the e-mail I got. Quote:
|
Code:
Missing or Invalid Security Token detected.thx |
Hi Andreas,
Danke f?r dieses n?tzliche Script, nur komme ich mit den Fehlermeldungen nicht klar. Was l?uft hier verkehrt?? Code:
Missing or Invalid Security Token detected. |
Thanks. I will try it.
|
Quote:
newsproxy.php |
Thanks Andreas for this Mod. At least it is pointing users on possible files that need to be debugged.
I have just installed (finalupgrade vB 3.7 CR3 ->) vB 3.7 Gold and the vBlog 1.0.5. Smooth installation completed and navigating through the site works fine, until one member tried to post a Blog entry. :( "Your submission could not be processed because a security token was missing or mismatched." I have browsed through and read all threads at vB.com and vB.org regarding this issue and ended up here (via Boofo's referral in one of those many threads). Here is what I got in my logs: Code:
Missing or Invalid Security Token detected.The files (functions.php, init.php, sendmessage.php, global.php, blog_post.php) listed above are brand new (i.e. directly obtained from the finalupgrade). All templates & styles up-to-date. All those security token are already present in files containing forms. All Mods & Plug-ings disabled. :confused: What's going on with this vB 3.7 Gold? Has anyone figured out a good medecine for this "CSRF Protection"? In the meantime, I have just took vB 3.7 Gold out of my forum and put back in place my vB 3.7 CR3 - working fine. |
Quote:
define('CSRF_PROTECTION', true); to -> define('CSRF_PROTECTION', false); All my mods and plug-ings are working fine again and the board is running smoothly. It will be good if the vBulletin Development team could give an option in the Admin CP (->vBulletin Options) to switch on/off this "CSRF_PROTECTION" depending on whether a customer uses a Security Token or not. This, as few people are actually using a "security token". |
DO NOT REMOVE THIS CONSTANT FROM vBulletin SCRIPTS
Never! The Wikipedia article Mike-D posted is about smth. else. If you are using the default style, unmodified files and no plugins you should not have any problems. If you do have problems, please make sure that all your plugins and templates are up to date. As you can clearly see from the E-Mail, the token is missing! Please check again if all your templates are up-to-date. If they are please repeat this step until you have found the one that is not up-to-date. |
Quote:
The constant is there, but set to false, until vBulletin Team comes out with a non retarded solution. |
Being false is even worse than not being there at all - as that will also disable the POST referrer whitelist check.
So with this setup your board is more unsecure then 3.6.9/3.7.0 RC 3. Fixing your issues is quite simple: Upload all original non-image files, revert all templates and disable the plugin system. If there are still issues afterwards, open a support ticket @ vbulletin.com If you do not want to go this route, you will have to fix the installed modifications/templates yourself - refer to the article about CSRF protection. Detailed instructions have been posted there. |
Quote:
|
Quote:
Quote:
i keep getting different missing security token messages........and i dont know how to deal with them.............is this normal, should we do something about it? i get a message or two from members saying they got the message....can any one explain why these different messages? every one from a different php. |
Andreas, is there a way to set this hack up to be a little more specific on where the error is coming from maybe? That might help narrowing it down a bit in some places. I have gotten only a couple but they are in weird places as far as I can tell. One was even from the editpost.php and I don't have any hacks touching that.
|
Quote:
I second that.........in other words................exactly what i wanted |
I've added the Referrer, anything else?
|
Yeah, can I get that to go? ;)
And thank you for the update, sir. ;) |
Can someone look at this Token error and tell me what you think?
https://vborg.vbsupport.ru/showthread.php?p=1533480 Thanks again, -Jason |
I posted an answer I got on the com about that in that thread. ;)
|
Andreas - thank you for releasing this :)
|
Works good with me
i got this Code:
Missing or Invalid Security Token detected. |
Quick request.
On the past two forums I've worked on, the main web master email address did not come to me, yet I was responsible for the forums. This is because the forums are a part of a business. It would be nice to be able to specific an email address for something like this. In the mean time, I'm going to request that the person who does receive the webmaster email just create a rule that would automatically forward this email onto me. perhaps just an option to use the webmaster email addy OR a specified email addy? |
Another request...this seems to catch spam left and right, any way to prevent that?
|
OK, I have this installed for obvious reasons. Thanks to the author!
I am getting this code over and over, and over again: Code:
Missing or Invalid Security Token detected.What am I missing? THANKS a LOT for any possibly guidance 3.71 pl1 gold |
Anyone?
|
I've yet to see an explanation on how to decode, or what really needs done on any user in the thread. I understand it's missing a security code - for this error to show, but I don't know how to resolve it, or which template/page of code needs modified.
Am I looking at the stock vb pages that were ftp'ed, or what am I looking at? Sorry for the pm I sent the mods asking for help. I didn't notice the "do not pm" warning until after I had sent the message. 3.72 patch 1 - stock vb template Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
|
https://vborg.vbsupport.ru/showthread.php?t=177013
I went through this - I see some of my things above say vbseo - and according to vbseo, it's not them Quote:
vbulletin.com's answer? Quote:
Quote:
I've never SEEN this error, ............ help |
<a href="http://www.vbulletin.com/forum/showthread.php?t=272803" target="_blank">http://www.vbulletin.com/forum/showthread.php?t=272803</a>
another member from VB not knowing what the problem is??? "vBulletin Developer If it's not happening consistently, it's probably not that big of a deal." |
Quote:
http://www.vbulletin.com/forum/showp...52&postcount=4 |
a comment or ANYthing would be amazing right now....staff online who've used this hack - you could comment please
|
Hi, please see this only one simple change. http://www.vbulletin.com/forum/showthread.php?t=269069
|
"...Go to your Style manager open your default theme Template Editor and find FORUM DISPLAY TEMPLATE - FORUMDISPLAY open and copy all content from that, now open your template are you using and Template Manager - Forum Display template - ForumDisplay and cut out the old one and paste new. Have a nice day..."
|
Done this... Still getting them.
I have done everything everyone has said, short of uninstalling or disabling hacks. What does disabling hacks do, other than to prove it's a hack... these errors are sp sporadic that it's almost impossible to see the errors in the first place. so disabling hacks, you'd never see them again, and also not have any hacks... :( Is there a method to follow that I could inspect the "code" for all of my hacks and find the offending party? THANKS! Quote:
|
I am also still getting the error emails. I installed the STN a few months back, went over all the templates, made the edits but still getting error emails. I have checked and doubled checked many times but no joy. One very common error is /search.php?do=process. I checked all the search templates and they are all correct. The funny thing is, my users are not reporting any errors but before I patched the templates they would report them. It's almost like these errors are not displaying for users but the STN is reporting them. I finally just disabled STN till I can find a solution.
Any suggestions where to look? |
excellent - saved me hours of searching
|
| All times are GMT. The time now is 12:54 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|