Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 01-22-2005, 09:26 PM
PolishPanda PolishPanda is offline
 
Join Date: Jun 2004
Posts: 7
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default "POST requests from foreign hosts are not allowed."

I copied this directly from a thread I made on the vB.com forums: http://www.vbulletin.com/forum/showthread.php?t=127448

---

I made a simple PHP script months ago to automatically create a thread with info that has been inputed into a form. This of course uses POST. As I understand, this "security hole" has been patched in one of the new versions of the released software. When I try to use the script now I receive an "POST requests from foreign hosts are not allowed." error on newthread.php. As you might of guessed, the host that the script is on is different than the one the forums are on.

This script is used to simplify the process and reduce the time it takes for our referees to write out reports (they write more than 50 a day on average).

I'm just wondering if there is anyway I can get around this without actually placing the script on the same host. This is a last resort for me, as I will not have direct access to the host to change files, I will allows have to go through another person to make small changes.

I've thought about creating a small MySQL db that will prune but I don't know how newthread.php will respond to MySQL queries.

The script I have written can be located at http://socomsource.gamebattles.com/reports/?a=s2 and the forums at http://forums.gamebattles.com.

Any help is appreciated.
Reply With Quote
  #2  
Old 01-22-2005, 11:06 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The quickest way would be to find ;

PHP Code:
die('POST requests from foreign hosts are not allowed.'); 
in init.php and comment it out.

This is probably not the recommended thing to do - but it should work.

(in 3.0.6 this seems to be line 666 !)
Reply With Quote
  #3  
Old 01-22-2005, 11:44 PM
Andreas's Avatar
Andreas Andreas is offline
 
Join Date: Jan 2004
Location: Germany
Posts: 6,863
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You can disable the check by putting

PHP Code:
define('SKIP_REFERER_CHECK'1); 
at the top of init.php.
You could also modify your POST-script to submit the correct referer.
Reply With Quote
  #4  
Old 01-23-2005, 12:21 AM
PolishPanda PolishPanda is offline
 
Join Date: Jun 2004
Posts: 7
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by KirbyDE
You can disable the check by putting

PHP Code:
define('SKIP_REFERER_CHECK'1); 
at the top of init.php.
You could also modify your POST-script to submit the correct referer.
I heard you could put this in the config (config.php or something), is this true?

And how would I change my post script to do that?
Reply With Quote
  #5  
Old 02-18-2005, 04:52 PM
boiboi boiboi is offline
 
Join Date: Nov 2001
Location: san francisco, ca
Posts: 133
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

what about an "allow" mod? like adding just that subdomain. Thanks!
Reply With Quote
  #6  
Old 03-02-2005, 07:31 AM
drex drex is offline
 
Join Date: Feb 2005
Posts: 79
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

we have 2 domain names...... the main account is www.x5world.com where the forum is installed and working.

x5world.net has an http refresh that redirects and reloads to x5world.com.

it shows the forum/etc correctly, but when you try to login, you get the error message above.

i tried to redirect to a secondary html file at x5world.com which redirected immediately to x5world.com's main page, but it doesn't solve the problem.

is there a way to add a second 'allowed referrer' to the code? ie x5world.net? there is only 1 install at the x5world.com site, and x5world.net is another server that holds FAQ/html data from the original non-BB site.

thanks

drex
Reply With Quote
  #7  
Old 03-02-2005, 10:44 AM
Deaths Deaths is offline
 
Join Date: Oct 2004
Location: Europe, Belgium
Posts: 679
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Check vBAdvanced.com, he had the same problem with the CMPS, but fixed it somehow...
Reply With Quote
  #8  
Old 03-09-2005, 01:13 PM
GamerzWorld's Avatar
GamerzWorld GamerzWorld is offline
 
Join Date: Aug 2003
Posts: 263
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Deaths
Check vBAdvanced.com, he had the same problem with the CMPS, but fixed it somehow...
Be useful if they tell us howas im having same problem
Reply With Quote
  #9  
Old 03-09-2005, 03:37 PM
drex drex is offline
 
Join Date: Feb 2005
Posts: 79
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

actually, the problem resolved itself when the DNS pointers finally resolved around the web, and now the problem disappeared on its own....

yeah!

its not a software problem...
Reply With Quote
  #10  
Old 03-09-2005, 04:29 PM
KW802's Avatar
KW802 KW802 is offline
 
Join Date: Jul 2003
Location: A galaxy far, far away...
Posts: 1,450
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Deaths
Check vBAdvanced.com, he had the same problem with the CMPS, but fixed it somehow...
http://www.vbadvanced.com/forum/showthread.php?t=4439
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 08:22 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04011 seconds
  • Memory Usage 2,257KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_php
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete