vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Missing Security Token - Template Issue (https://vborg.vbsupport.ru/showthread.php?t=207856)

RavrSimba 03-09-2009 10:51 PM
Missing Security Token - Template Issue
 
I have searched and narrowed the problem down to my template. I'm using a very stripped down template for a mobile website. I'm lost when it comes to coding it to work correctly. I tried pulling the quickreply code from another template but then it doesn't display correctly. I do not want the WYSIG options, just a basic text input box and a "post" button.

Code:
$stylevar[htmldoctype]
<html dir="$stylevar[textdirection]" lang="$stylevar[languagecode]" xmlns="http://www.w3.org/1999/xhtml">
<head>
        $headinclude
        <title>$thread[title]<if condition="$pagenumber>1"> - <phrase 1="$pagenumber">$vbphrase[page_x]</phrase></if> - $vboptions[bbtitle]</title>
</head>
<body onload="$onload">
<div class="mobiletitle">
App
<a id="homeButton" class="mobilebutton" href="forumdisplay.php?$session[sessionurl]f=$forumID">Back</a>
<a class="mobilebutton" href="/search.php">Search</a>
</div>
<div align="left">
$navbar
</div>
<div align="center"><h2 id="title-thread">$thread[title]</h2></div>

<if condition="$show['largereplybutton']">
<if condition="$show['closethread']"><a class="mobile_button" href="#respuesta"></a><else /><div align="center"><img src="$stylevar[imgdir_button]/threadclosed.gif" alt="$vbphrase[closed_thread]" border="0" /></div></if>
</if>

<!-- / controls above postbits -->

$postbits

<if condition="$show['pagenav']">$pagenav</if>
<if condition="!$show['search_engine']">
<ul>
<li class="inline">
<strong>&laquo;</strong> <a href="showthread.php?$session[sessionurl]t=$threadid&amp;goto=nextoldest" rel="nofollow">$vbphrase[prev_thread]</a> | <a href="showthread.php?$session[sessionurl]t=$threadid&amp;goto=nextnewest" rel="nofollow">$vbphrase[next_thread]</a> <strong>&raquo;</strong>
</li>
</ul>
</if>

<a name="respuesta"></a>
<if condition="$show['quickreply']">
<!-- quick reply -->
<h1>$vbphrase[quick_reply]</h1>
<ul>
<li style="text-align:center;">
<form action="newreply.php?do=postreply&amp;t=$threadid" method="post" name="vbform" onsubmit="return qr_prepare_submit(this, $vboptions[postminchars]);" id="qrform">
$messagearea
<input type="hidden" name="fromquickreply" value="1" />
<input type="hidden" name="s" value="$session[sessionhash]" />
<input type="hidden" name="do" value="postreply" />
<input type="hidden" name="t" value="$threadid" id="qr_threadid" />
<input type="hidden" name="p" value="$qrpostid" id="qr_postid" />
<input type="hidden" name="parseurl" value="1" />
<input type="hidden" name="loggedinuser" value="$bbuserinfo[userid]" />
<input type="submit" class="button" style="margin-top: 20px;" value="$vbphrase[post_quick_reply]" accesskey="s" title="(Alt + S)" name="sbutton" tabindex="2" id="qr_submit" onclick="clickedelm = this.value" />
</form>
</li>
</ul>
<!-- end quick reply -->
</if>
$wrt_template
$footer
</body>
</html>
So essentially... I need to know what needs to be in the -- Quick Reply -- coding in order for it to work and not give a missing security token error.

Lynne 03-09-2009 10:54 PM
Here is the article about the security tokens - it has the line you need to add to your form in there. Implementing CSRF Protection in modifications

ragtek 03-09-2009 10:55 PM
add
HTML Code:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
under
HTML Code:
<input type="hidden" name="s" value="$session[sessionhash]" />

vytran 10-19-2010 06:10 AM
you find
showthread_quickreply
showthread_quickreply_full
and add
HTML Code:
<input type="hidden" name="s" value="{vb:raw session.sessionhash}" />
<input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />

sulasno 10-19-2010 09:41 AM
why can't updated versions of vBulletin add the above codes ?

Lynne 10-19-2010 02:05 PM
Updated versions of the vB code does add in the above code. Problem is, too many admins don't bother to upgrade their templates after an upgrade and so they code doesn't get added.

You *need* to upgrade your custom templates after an upgrade!

sulasno 10-20-2010 12:02 AM
I created a style using the style generator and occasionally still have the same problem

fxwoody 10-28-2010 12:06 PM
Ok, if i get it right, every where we have the sessionhash value, we should find the security token under it ! Right?
I'm having some trouble with one skin in particular, my other 4 are all ok but this one is giving me trouble with some options! Could it be this????


All times are GMT. The time now is 12:15 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01094 seconds
  • Memory Usage 1,737KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (3)bbcode_html_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (8)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete