![]() |
[ITECH] Inferno CSRF Auto Protection
----------------------------------
[ITech] Inferno CSRF Auto Protection Created By Inferno Technologies (http://www.infernotechnologies.net) Copyright 2004-2008 All rights reserved Project Development Team: Zero Tolerance Project Lead: Iain "Decado" Kidd Support Forum: N/A (Supported here) ---------------------------------- Installation Simply upload the product XML (Inferno CSRF Auto Protection.xml). Project Description This is a minor modification aimed at 3.6.10 (untested on vB 3.7 RC4, do so at your own will) which will automatically apply CSRF protection on the fly to forms which don't have security tokens and scripts which don't have security flags set. The purpose of this is to allow a seemless upgrade to 3.6.10 without having modifications break, but also to quickly apply the protection on them too. However, this modification relies on the use of vBulletins print_output() function, some modifications will not use this for several reasons, and in these rare instances this modification will add protection to the scripts while not being able to add security tokens, you can disable auto-protection script by script if you find this occurs for you. Simply edit the plugin '[I.CSRF] Set CSRF Flag' and you'll find in the code an example on how to add a script to the exemption list. For instance, if you wanted to add the script 'MY_COOL_SOFTWARE' to the exemption list, simply add the following code: Code:
$_icsrf_exclude[] = 'MY_COOL_SOFTWARE'; Code:
$_icsrf_exclude = array(); Other Features When using vBulletin in debug mode, the debug information displayed at the bottom will display existing protected forms, and how many forms have been auto-protected by Inferno CSRF. Feedback is welcome, enjoy :) - Zero Tolerance |
Hm...The majority of modifications using print_output() are probably utilizing separate files, so backwards compatibility shouldn't even be a problem since Jelsoft has already defined the constant needed to activate the new token protocol.
|
Here's hoping so, the idea is really to add protection to those now (Some people are security freaks :p).
- Zero Tolerance |
Thank you, Nice share
|
Any ideas what can one do to close this plug in vB 3.0.xx??
I have a heavily hacked site, with so many mods that I do not even consider upgrading it to the latest version. Any idea would be really appreciated. |
Wow...nice work Zero! This fixed the Personal Notepad & Event Attendance mods.
Sure hope someone comes up with a fix for the Casino. Thank you, Nick |
While it fixed the board issues on RC4... it broke the notices feature in the admin cp (now I get a security token problem on the backend after installing).
Sorry, I have to uninstall. :( |
I would like to be sure.
With this mod, no need to update to 3.6.10 ? |
IvyKeepMommy
It will cause some things to break, you can add those scripts in the exclusion :) Wobbly Goblin Glas to hear it! lange No, this is for 3.6.10 to automatically make all mods use CSRF protection :) - Zero Tolerance |
Quote:
|
All times are GMT. The time now is 02:21 AM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
![]() |
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|