vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   "POST requests from foreign hosts are not allowed." (https://vborg.vbsupport.ru/showthread.php?t=74898)

PolishPanda 01-22-2005 09:26 PM

"POST requests from foreign hosts are not allowed."
 
I copied this directly from a thread I made on the vB.com forums: http://www.vbulletin.com/forum/showthread.php?t=127448

---

I made a simple PHP script months ago to automatically create a thread with info that has been inputed into a form. This of course uses POST. As I understand, this "security hole" has been patched in one of the new versions of the released software. When I try to use the script now I receive an "POST requests from foreign hosts are not allowed." error on newthread.php. As you might of guessed, the host that the script is on is different than the one the forums are on.

This script is used to simplify the process and reduce the time it takes for our referees to write out reports (they write more than 50 a day on average).

I'm just wondering if there is anyway I can get around this without actually placing the script on the same host. This is a last resort for me, as I will not have direct access to the host to change files, I will allows have to go through another person to make small changes.

I've thought about creating a small MySQL db that will prune but I don't know how newthread.php will respond to MySQL queries.

The script I have written can be located at http://socomsource.gamebattles.com/reports/?a=s2 and the forums at http://forums.gamebattles.com.

Any help is appreciated.

Paul M 01-22-2005 11:06 PM

The quickest way would be to find ;

PHP Code:

die('POST requests from foreign hosts are not allowed.'); 

in init.php and comment it out.

This is probably not the recommended thing to do - but it should work.

(in 3.0.6 this seems to be line 666 !)

Andreas 01-22-2005 11:44 PM

You can disable the check by putting

PHP Code:

define('SKIP_REFERER_CHECK'1); 

at the top of init.php.
You could also modify your POST-script to submit the correct referer.

PolishPanda 01-23-2005 12:21 AM

Quote:

Originally Posted by KirbyDE
You can disable the check by putting

PHP Code:

define('SKIP_REFERER_CHECK'1); 

at the top of init.php.
You could also modify your POST-script to submit the correct referer.

I heard you could put this in the config (config.php or something), is this true?

And how would I change my post script to do that?

boiboi 02-18-2005 04:52 PM

what about an "allow" mod? like adding just that subdomain. Thanks!

drex 03-02-2005 07:31 AM

we have 2 domain names...... the main account is www.x5world.com where the forum is installed and working.

x5world.net has an http refresh that redirects and reloads to x5world.com.

it shows the forum/etc correctly, but when you try to login, you get the error message above.

i tried to redirect to a secondary html file at x5world.com which redirected immediately to x5world.com's main page, but it doesn't solve the problem.

is there a way to add a second 'allowed referrer' to the code? ie x5world.net? there is only 1 install at the x5world.com site, and x5world.net is another server that holds FAQ/html data from the original non-BB site.

thanks

drex

Deaths 03-02-2005 10:44 AM

Check vBAdvanced.com, he had the same problem with the CMPS, but fixed it somehow...

GamerzWorld 03-09-2005 01:13 PM

Quote:

Originally Posted by Deaths
Check vBAdvanced.com, he had the same problem with the CMPS, but fixed it somehow...

Be useful if they tell us howas im having same problem

drex 03-09-2005 03:37 PM

actually, the problem resolved itself when the DNS pointers finally resolved around the web, and now the problem disappeared on its own....

yeah!

its not a software problem...

KW802 03-09-2005 04:29 PM

Quote:

Originally Posted by Deaths
Check vBAdvanced.com, he had the same problem with the CMPS, but fixed it somehow...

http://www.vbadvanced.com/forum/showthread.php?t=4439


All times are GMT. The time now is 12:34 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01352 seconds
  • Memory Usage 1,739KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_php_printable
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 

Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete