[J98680Bxxxxx]

Quote:

Originally Posted by pooffck1

Hi, i a complete NEWB at this and the only thing that is not working for me is the custom skin i made, does not support the SEARCH ENGINE on my header. It keeps giving me this message



i have absoutly no idea what is going on with that and i dont understand what this post (first post) is about beacuse it doesnt have right instructions on What template/php file i need to change, WHAT I NEED TO REPLACE WITH, WHERE IS IT?.

Someone please help me out on this

Thanks

Hi Pooffck1,

I am afraid that you will not get a satisfactory answer here, as it seems that no one really know what is happening with these random messages stating: "Your submission could not be processed because a security token ..."

This CSRF stuff seems to have been done in a big rush. Open a ticket at vB.com and ask their team to proceed with installation and debugging of your site.


--------------- Added [DATE]1212086935[/DATE] at [TIME]1212086935[/TIME] ---------------

Quote:

Originally Posted by Paul M

Link removed.

I would suggest that people completely ignore what you posted as it is removing security from vb and thus re-opening the possiblity of attack. What you do to make your own forum vunerable is up to you, but we do not advise others to follow such a bad route.

If it was such a bad route, it would not has been implemented in a boolean form (Choice: True, False), but directly by whatever means in the code. Also it would not has been indicated in the opening post (you "should" not you "MUST"):

Quote:

Originally Posted by Marco van Herwaarden

...

PHP Code:

define('CSRF_PROTECTION', true); 


With this change all POST requests to this file will check for the presence of the securitytoken field and compare it to the value for the user, if its wrong an error message will be shown and execution with halt.

If this value is set to false then all CSRF protection is removed for the file, this is appropriate for something that intentionally accepts remote POST requests.

You should always add this to your file, even if you don't think the script is ever going to receive POST requests.

An absence of this defined constant within your files will result in the old style referrer checking being performed.