Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 04-06-2012, 01:05 AM
Kyojii Kyojii is offline
 
Join Date: Jun 2008
Posts: 78
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default CSRF protection error when security token is being submit.

My form below is giving me a CSRF protection error but the security key is being submit with the form, so it shouldn't. I've checked the DOM and the security key is being put in the value field correctly.

Code:
<form action="newindex.php?do=submit" method="post">
                        Subject:<br>
                        <input type="text" id="subject" name="subject"><br>
                        <textarea id="article" id="article" name="article"><?php echo $_POST['article'] ?></textarea><br>
                        <div class="sliderimage"><h2 class="blockhead">Slider Image:</h2>
                        <table><tr><td><b>Image:</b><br>Dimensions should be 640x360.</td><td>
                        <input type="file" id="image" name="image"></td></tr>
                        <tr><td><b>Transition:</b></td><td>
                        <select id="transition" name="transition">
                            <option value="">Random</option>
                            <option value="sliceDown">slideDown</option>
                            <option value="sliceDownLeft">sliceDownLeft</option>
                            <option value="sliceUp">sliceUp</option>
                            <option value="sliceUpLeft">sliceUpLeft</option>
                            <option value="fold">fold</option>
                            <option value="fade">fade</option>
                            <option value="slideInRight">slideInRight</option>
                            <option value="slideInLeft">slideInLeft</option>
                            <option value="boxRandom">boxRandom</option>
                            <option value="boxRain">boxRain</option>
                            <option value="boxRainReverse">boxRainReverse</option>
                            <option value="boxRainGrow">boxRainGrow</option>
                            <option value="boxRainGrowReverse">boxRainGrowReverse</option>
                        </select></td></tr>
                        <tr><td><b>Caption:</b></td><td>
                        <input type="text" id="caption" name="caption"></table><br></div>
			<input type="hidden" name="securitytoken" value="<?php echo $bbuserinfo[securitytoken] ?>" />
                        <div class="center"><input type="button" value="Preview" class="preview"><input type="submit" name="submit"></div>
                    </form>
Reply With Quote
  #2  
Old 04-06-2012, 02:03 AM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

CSRF is not directly related to the security token. It sounds like you're submitting data from a domain that isn't the same as the domain vbulletin is on.
Reply With Quote
  #3  
Old 04-06-2012, 02:38 AM
Kyojii Kyojii is offline
 
Join Date: Jun 2008
Posts: 78
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This page is submitting to itself...
Reply With Quote
  #4  
Old 04-06-2012, 03:04 AM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Is your page, within the same domain as vBulletin though?
Reply With Quote
  #5  
Old 04-06-2012, 03:08 AM
Pandemikk Pandemikk is offline
 
Join Date: Jul 2009
Posts: 292
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Zachery View Post
Is your page, within the same domain as vBulletin though?
Come on Zach...

He's missing the security token hidden field.

nvm no he's not
Reply With Quote
  #6  
Old 04-06-2012, 03:15 AM
Kyojii Kyojii is offline
 
Join Date: Jun 2008
Posts: 78
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Zachery View Post
Is your page, within the same domain as vBulletin though?
Yes.

Fixed it, thanks anyway. ^^
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:25 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03884 seconds
  • Memory Usage 2,213KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (6)post_thanks_box
  • (6)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (6)post_thanks_postbit_info
  • (6)postbit
  • (6)postbit_onlinestatus
  • (6)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete