The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
#1
11-08-2008, 02:48 PM
|
|||
|
|||
Security token issue
Hey,
Everytime someone goes to make a post via the quick reply, I am getting this email from my security token error detector: Quote:
Thanks in advance. 
|
|
#2
11-08-2008, 02:50 PM
|
||||
|
||||
|
Create a new style with no parent - Styles & Templates > Style Manager > Add New Style > no parent - then browse the site using that totally default vbulletin style - do you still get this error?
|
|
#4
11-08-2008, 03:35 PM
|
||||
|
||||
|
Yeah, you are missing the security token in your templates. You can read this about how to fix it - Implementing CSRF Protection in modifications
|
|
#5
11-08-2008, 03:36 PM
|
||||
|
||||
|
Hi I had the very same problem witha custom template what the coder forgot to do is add the security tokens in the xml style product so when you uploaded the styles product it was already missing the security token. If you open up your templates you`ll be able to she that in the code there are security tokens for users to use certain fuctions. I would suggest reporting it to the style maker and if its paid they should have t fix it because that means its just not your style thats messed up. I hope this helps you out some enjoy
~Pein87
|
|
#6
11-08-2008, 03:44 PM
|
|||
|
|||
|
Quote:
 Any idea what templates I need to check as I have just checked the new reply template and that seems to have them in:Code:
$stylevar[htmldoctype]
<html xmlns="http://www.w3.org/1999/xhtml" dir="$stylevar[textdirection]" lang="$stylevar[languagecode]">
<head>
$headinclude
<title>$vboptions[bbtitle] - $vbphrase[reply_to_topic]</title>
</head>
<body$onload>
$header
$navbar
$postpreview
<form action="newreply.php?do=postreply&t=$threadid" name="vbform" method="post"<if condition="!is_browser('webtv')"> onsubmit="return vB_Editor['$editorid'].prepare_submit(0, $vboptions[postminchars])"</if>>
<table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center">
<tr>
<td class="tcat">
<span class="smallfont" style="float:$stylevar[right]"><strong>$vbphrase[thread]</strong>: $threadinfo[prefix_plain_html] <a href="showthread.php?$session[sessionurl]t=$threadinfo[threadid]">$threadinfo[title]</a></span>
$vbphrase[reply_to_thread]
</td>
</tr>
<tr>
<td class="panelsurround" align="center">
<div class="panel">
<div style="width:$stylevar[formwidth]" align="$stylevar[left]">
$usernamecode
$human_verify
<!-- subject field -->
<table cellpadding="0" cellspacing="0" border="0" class="fieldset">
<tr>
<td class="smallfont" colspan="3">$vbphrase[title]:</td>
</tr>
<tr>
<td><input type="text" class="bginput" name="title" value="$title" size="50" maxlength="$vboptions[titlemaxchars]" tabindex="1" title="$vbphrase[optional]" /></td>
<td> </td>
<td><img id="display_posticon" src="$selectedicon[src]" alt="$selectedicon[alt]" /></td>
</tr>
</table>
<!-- / subject field -->
<!-- message area -->
<div class="smallfont">$vbphrase[message]:</div>
$messagearea
<!-- / message area -->
<if condition="$unquoted_post_count > 0">
<div id="unquoted_posts" class="smallfont" style="display: none">
<if condition="$unquoted_post_count == 1">
$vbphrase[selected_1_post_not_part_thread]
<else />
<phrase 1="$unquoted_post_count">$vbphrase[selected_x_posts_not_part_thread]</phrase>
</if>
</div>
<script type="text/javascript" src="clientscript/vbulletin_ajax_quote.js?v=$vboptions[simpleversion]"></script>
<script type="text/javascript">
<!--
if (AJAX_Compatible)
{
fetch_object('unquoted_posts').style.display = '';
}
init_unquoted_posts('$editorid', $threadinfo[threadid]);
// -->
</script>
</if>
$posticons
</div>
</div>
<div style="margin-top:$stylevar[cellpadding]px">
<input type="hidden" name="s" value="$session[sessionhash]" />
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
<input type="hidden" name="do" value="postreply" />
<input type="hidden" name="t" value="$threadid" />
<input type="hidden" name="p" value="$postid" />
<input type="hidden" name="specifiedpost" value="$specifiedpost" />
<input type="hidden" name="posthash" value="$posthash" />
<input type="hidden" name="poststarttime" value="$poststarttime" />
<input type="hidden" name="loggedinuser" value="$bbuserinfo[userid]" />
<input type="hidden" name="multiquoteempty" id="multiquote_empty_input" value="$multiquote_empty" />
<input type="submit" class="button" name="sbutton" id="{$editorid}_save" value="$vbphrase[submit_reply]" accesskey="s" tabindex="1" />
<input type="submit" class="button" name="preview" value="$vbphrase[preview_post]" accesskey="r" tabindex="1" />
</div>
</td>
</tr>
</table>
<if condition="$show['additional_options']">
<br />
<table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center">
<thead>
<tr>
<td class="tcat">
<a style="float:$stylevar[right]" href="#top" onclick="return toggle_collapse('newpost_options')"><img id="collapseimg_newpost_options" src="$stylevar[imgdir_button]/collapse_tcat$vbcollapse[collapseimg_newpost_options].gif" alt="" border="0" /></a>
$vbphrase[additional_options]
</td>
</tr>
</thead>
<tbody id="collapseobj_newpost_options" style="$vbcollapse[collapseobj_newpost_options]">
<tr valign="top">
<td class="panelsurround" align="center">
<div class="panel">
<div style="width:$stylevar[formwidth]" align="$stylevar[left]">
<if condition="$show['misc_options']">
<fieldset class="fieldset">
<legend>$vbphrase[miscellaneous_options]</legend>
<div style="padding:$stylevar[formspacer]px">
<if condition="$bbuserinfo['signature'] != ''"><div><label for="cb_signature"><input type="checkbox" name="signature" value="1" id="cb_signature" tabindex="1" $checked[signature] />$vbphrase[show_your_signature]</label></div></if>
<if condition="$show['parseurl']"><div><label for="cb_parseurl"><input type="checkbox" name="parseurl" value="1" id="cb_parseurl" tabindex="1" $checked[parseurl] />$vbphrase[automatically_parse_links_in_text]</label></div></if>
$disablesmiliesoption
</div>
</fieldset>
</if>
$attachmentoption
<if condition="$show['member']">
<fieldset class="fieldset">
<legend>$vbphrase[thread_subscription]</legend>
<table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0">
<tr>
<td>$vbphrase[notification_type]:<br /><select name="emailupdate" tabindex="1">
<option value="9999" $emailchecked[9999]>$vbphrase[do_not_subscribe]</option>
<option value="0" $emailchecked[0]>$vbphrase[no_email_notification]</option>
<option value="1" $emailchecked[1]>$vbphrase[instant_email_notification]</option>
<option value="2" $emailchecked[2]>$vbphrase[daily_email_notification]</option>
<option value="3" $emailchecked[3]>$vbphrase[weekly_email_notification]</option>
</select></td>
<if condition="$show['subscribefolders']"><td>$vbphrase[folder]:<br /><select name="folderid" tabindex="1">$folderbits</select></td></if>
</tr>
</table>
</fieldset>
</if>
<if condition="$show['threadrating']">
<fieldset class="fieldset">
<legend>$vbphrase[rate_thread]</legend>
<div style="padding:$stylevar[formspacer]px">
<div>$vbphrase[can_add_a_score_for_thread]</div>
<div>
<select name="rating" tabindex="1">
<option value="0"$rate[0]>$vbphrase[choose_a_rating]</option>
<optgroup label=" ">
<option value="5"$rate[5]>5 : $vbphrase[excellent]</option>
<option value="4"$rate[4]>4 : $vbphrase[good]</option>
<option value="3"$rate[3]>3 : $vbphrase[average]</option>
<option value="2"$rate[2]>2 : $vbphrase[bad]</option>
<option value="1"$rate[1]>1 : $vbphrase[terrible]</option>
</optgroup>
</select>
</div>
</div>
</fieldset>
</if>
$threadmanagement
</div>
</div>
<div style="margin-top:$stylevar[cellpadding]px">
<input type="submit" class="button" name="sbutton" value="$vbphrase[submit_reply]" accesskey="s" tabindex="1" />
<input type="submit" class="button" name="preview" value="$vbphrase[preview_post]" accesskey="r" tabindex="1" />
</div>
</td>
</tr>
</tbody>
</table>
</if>
</form>
<br />
<table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center">
<tr>
<td class="tcat">
<a style="float:$stylevar[right]" href="#top" onclick="return toggle_collapse('threadreview')"><img id="collapseimg_threadreview" src="$stylevar[imgdir_button]/collapse_tcat$vbcollapse[collapseimg_threadreview].gif" alt="" border="" /></a>
$vbphrase[topic_review_newest_first]
</td>
</tr>
</table>
$spacer_close
$spacer_open
<div id="collapseobj_threadreview" style="$vbcollapse[collapseobj_threadreview]">
<table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center" style="border-top-width:0px">
$threadreviewbits
<if condition="$show['reviewmore']">
<tr>
<td class="tfoot" align="center" colspan="2"><span class="smallfont">
<phrase 1="$vboptions[maxposts]" 2="showthread.php?$session[sessionurl]t=$threadid">$vbphrase[thread_has_more_than_x_review]</phrase>
</span></td>
</tr>
</if>
</table>
</div>
$spacer_close
$spacer_open
<br />
$forumrules
$footer
</body>
</html>
|
|
#7
11-08-2008, 04:04 PM
|
||||
|
||||
|
I don't know which templates. I guess what I would do is turn this on - vboptions > General Settings > Add Template Name in HTML Comments > set to Yes. Now go to the page having problems and view it in your style. Copy the page source to a text document. Then view the page using the default (working) style. Copy the page source to a text document. Compare and see what is missing. Find the template name in the page source and look there.
|
|
#8
10-19-2010, 06:11 AM
|
|||
|
|||
|
you find
showthread_quickreply showthread_quickreply_full and add HTML Code:
<input type="hidden" name="s" value="{vb:raw session.sessionhash}" /> <input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />
|
|
#9
10-20-2010, 12:52 AM
|
||||
|
||||
|
Quote:
|
|
#10
10-21-2010, 04:33 AM
|
|||
|
|||
|
I am using vb 3.8.4 and having the same issue. Can anyone help???
|
 |
«
Previous Thread
|
Next Thread
»
Linear Mode
|
|
All times are GMT. The time now is 01:28 PM.