vb.org Archive
Page 8 of 18 « First 67 8 910 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Programming Articles (https://vborg.vbsupport.ru/forumdisplay.php?f=188)
-   -   Implementing CSRF Protection in modifications (https://vborg.vbsupport.ru/showthread.php?t=177013)

Ionsurge 05-11-2008 03:18 PM
I've managed to rectify most of these errors myself, however, if I click the "Go Advanced" button on the quick reply part of viewing a thread, it shows the error? As far as I can tell, I've amended it all...

Any help? Have I missed a file?

ExTincTi0N 05-11-2008 04:31 PM
Ok I am having trouble with my skins.
Its the security token thing.
Where do I add it and where in it?

steve1966 05-11-2008 09:45 PM
Hi i have added the this <input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" /> after value="$session[sessionhash to all my templates and my members are getting this

Quote:
While performing a search in the Games forum, I received the following message:

"Your submission could not be processed because a security token was missing or mismatched."
please can someone tell me what i should do now as i am a little confused also do i need to do anything with this code

YAHOO.util.Connect.asyncRequest('POST', scriptpath + '?do=ajax', {
success: this.handle_ajax_response,
failure: this.handle_ajax_error,
timeout: vB_Default_Timeout,
scope: this
}, SESSIONURL + 'securitytoken=' + SECURITYTOKEN + '&foo=' + foo);

thanks

setishock 05-12-2008 04:40 AM
Only time I get one is when I am uploading a flv movie clip. I got the first one up and that was it. Static picture attachments and albums are ok as are text posting. I created an flv attachment and mimed it with content-type: video/flv. This is not using a hack or mod but an inhouse feature.
So what would you suggest to fix it? I do have the passivevid product installed but all was ok till I created the flv attachment.

unitedbreaks 05-12-2008 06:00 PM
Quote:
Originally Posted by Wayne Luke (Post 1498706)
Forms are not equal to templates but some templates have forms in them.

A form is anywhere your users can submit data. If you have modifications that submit data and cannot update their templates then you need to post for support in the modification thread.

It isn't hard to find out where this needs to go.

In your Admin CP under Styles & Template select Search In Templates...

Search for: value="$session[sessionhash]"


In every template this occurs in add this line directly after the line containing the above, if it doesn't exist already:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />

Save the template.
Thank you for making it 'clear' on how to fix this issue. Much appreciation.

Fireproof 05-13-2008 12:40 PM
I'm sorry, I'm still a bit lost.

I'm using the FORM HACK modification. Can someone tell me what I should be adding, and where? I don't know if I'm supposed to add the "define" tag or the "Input securitytoken" tag" or both.

Bounce 05-14-2008 02:54 PM
Quote:
Originally Posted by Fireproof (Post 1518224)
I'm sorry, I'm still a bit lost.

I'm using the FORM HACK modification. Can someone tell me what I should be adding, and where? I don't know if I'm supposed to add the "define" tag or the "Input securitytoken" tag" or both.
If its the same FORM hack as i'm thinking of in the form template find

HTML Code:
<input type="hidden" name="poststarttime" value="$poststarttime" />
Add after
HTML Code:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
I had same problem

JBMoney 05-14-2008 06:39 PM
What if all the templates look fine, and include the code above, but it still happens?

On my site, it happens to users who haven't logged in for a while. They log in, see the forum briefly and then get the error while being redirected to profile.php?do=dst.

dancue 05-14-2008 07:03 PM
Am I correct in assuming that this is where the change would take place?

What must be done?

Code:
                                if ( zahl < postids.length){
                                        postid = postids[zahl];
                                        unhide.open("POST", "showthread.php", true);
                                        unhide.onreadystatechange = ausgeben;
                                        unhide.setRequestHeader(
                                                "Content-Type",
                                                "application/x-www-form-urlencoded");
                                        unhide.send("do=whatever&p="+postid+"&all="+old);
                                } else zahl = 0;
                        }
I am using itsid's HIDE Hack.

Fireproof 05-14-2008 07:29 PM
Quote:
Originally Posted by hIBEES (Post 1519414)
If its the same FORM hack as i'm thinking of in the form template find

HTML Code:
<input type="hidden" name="poststarttime" value="$poststarttime" />
Add after
HTML Code:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
I had same problem

Genius! Thank you - worked perfectly!!


All times are GMT. The time now is 07:25 PM.
Page 8 of 18 « First 67 8 910 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03396 seconds
  • Memory Usage 1,749KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (4)bbcode_html_printable
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete