The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
CSRF vb4.0.3
Hi guys,
i am actually working on a little mod and i need to send a post to write something in the database. However, I get a message about security token and whatsoever. I assumes that is meant to be the CSRF. I was looking for it on google and here, and of course, I couldnt find anything apart from an old article from 2008. Code:
$bbuserinfo[securitytoken] this is not working as well: {vb:raw bbuserinfo.securitytoken} what can i do in my template to get this security token ? Please help me with the .... : ) All the best, Paul aka bpr |
#2
|
||||
|
||||
{vb:raw bbuserinfo.securitytoken} should work if used in most templates. But, it's really hard to tell when you haven't posted any code or template name at all.
|
#3
|
||||
|
||||
Is the security token been assigned to the correct hidden input? All user-end forms should really just have this within the <form> tags:
Code:
<input type="hidden" name="s" value="{vb:raw session.sessionhash}" /> <input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" /> |
#4
|
|||
|
|||
Hi guys,
thanks for the response,. Well you are right, I should have posted some code -.- well here we go, I got a template called - todo_add_item. Just to explain what I am developing at the moment: Admins and Supermods are able to add/ edit/ disable / finish items on a todo list. This todo list is for the team member of my board who can all read the list of the todos. I was solving the problem in a badway. Because I am using Ajax with jQuery all over the website and in my developing sites I was making the securityhash global in the header flie. I was doing this by adding one mod, which is hiding all the version numbers. Anyway I did use that one in my js code - which doesnt change the fact, that I cannot use the {vb:raw session.sessionhash} in templates. Do I have to register anything in the php files ? I mean, I was trying to add it in a navbar which I learned by following https://vborg.vbsupport.ru/showthread.php?t=228313 instructions - but also there I couldnt use this raw var. On the other hand my php code looks identically to the test.php site which you could find here: https://vborg.vbsupport.ru/showthread.php?t=228112 despite the fact, that I am not calling my template test and whatsoever. HTML Code:
<script type="text/javascript"> function addTodoItem() { var title = $('#todoTitle').val(); var description = $('#todoDescription').val(); var squad = $('#todoSquad').val(); var status = $('#todoStatus').val(); var priority = $('#todoPriority').val(); var todo = '&do=add'; var qrystr = 'title=' + title + '&description=' + description + '&squad=' + squad + '&status=' + status + '&priority=' + priority + todo; $.ajax({ type: "POST", url: "/todo.php", data: qrystr + '&securitytoken=' + SECURITYTOKEN , success: function(msg){ $('#todomsg').html('<span class="tok">Erledigt</span>'); } }); } </script> <div class="todo" id="todoAddItem"> <div id="todomsg"></div> <form id="todoAddForm"> <input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" /> <input type="hidden" name="s" value="{vb:raw session.sessionhash}" /> <ul> <li><label for="todoTitle">Titel</label></li> <li><input type="text" id="todoTitle" name="todoTitle" /></li> <li><label for="todoDescription">Beschreibung</label></li> <li><textarea name="todoDescription" id="todoDescription"></textarea></li> <li><label for="todoTitle">Squad</label></li> <li> <select id="todoSquad" name="todoSquad"> <option value="1">Alpha</option> <option value="2">Cobra</option> <option value="3">Delta</option> <option value="4">Eclipse</option> <option value="5">Exodus</option> <option value="6">Delibos</option> </select> </li> <li><label for="todoStatus">Status</label></li> <li> <select id="todoStatus" name="todoStatus"> <option value="3">In Bearbeitung</option> <option value="2">Keine Bearbeitung</option> <option value="1">Fertig gestellt</option> </select> </li> <li><label for="todoPriority">Priorität</label></li> <li> <select id="todoPriority" name="todoPriority"> <option value="1">Sehr Hoch</option> <option value="2">Hoch</option> <option value="3">Mittel</option> <option value="4">Niedrig</option> </select> </li> </ul> <a id="submitButton" value="Hinzufügen" onclick="javascript:addTodoItem();">Hinzufügen</a> </form> <div class="mty"></div> </div> |
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|