"POST requests from foreign hosts are not allowed."

[PolishPanda]

I copied this directly from a thread I made on the vB.com forums: http://www.vbulletin.com/forum/showthread.php?t=127448

---

I made a simple PHP script months ago to automatically create a thread with info that has been inputed into a form. This of course uses POST. As I understand, this "security hole" has been patched in one of the new versions of the released software. When I try to use the script now I receive an "POST requests from foreign hosts are not allowed." error on newthread.php. As you might of guessed, the host that the script is on is different than the one the forums are on.

This script is used to simplify the process and reduce the time it takes for our referees to write out reports (they write more than 50 a day on average).

I'm just wondering if there is anyway I can get around this without actually placing the script on the same host. This is a last resort for me, as I will not have direct access to the host to change files, I will allows have to go through another person to make small changes.

I've thought about creating a small MySQL db that will prune but I don't know how newthread.php will respond to MySQL queries.

The script I have written can be located at http://socomsource.gamebattles.com/reports/?a=s2 and the forums at http://forums.gamebattles.com.

Any help is appreciated.

[Paul M]

The quickest way would be to find ;

PHP Code:

die('POST requests from foreign hosts are not allowed.'); 


in init.php and comment it out.

This is probably not the recommended thing to do - but it should work.

(in 3.0.6 this seems to be line 666 !)

[Andreas]

You can disable the check by putting

PHP Code:

define('SKIP_REFERER_CHECK', 1); 


at the top of init.php.
You could also modify your POST-script to submit the correct referer.

[PolishPanda]

Quote:

Originally Posted by KirbyDE

You can disable the check by putting

PHP Code:

define('SKIP_REFERER_CHECK', 1); 


at the top of init.php.
You could also modify your POST-script to submit the correct referer.

I heard you could put this in the config (config.php or something), is this true?

And how would I change my post script to do that?

[boiboi]

what about an "allow" mod? like adding just that subdomain. Thanks!

[drex]

we have 2 domain names...... the main account is www.x5world.com where the forum is installed and working.

x5world.net has an http refresh that redirects and reloads to x5world.com.

it shows the forum/etc correctly, but when you try to login, you get the error message above.

i tried to redirect to a secondary html file at x5world.com which redirected immediately to x5world.com's main page, but it doesn't solve the problem.

is there a way to add a second 'allowed referrer' to the code? ie x5world.net? there is only 1 install at the x5world.com site, and x5world.net is another server that holds FAQ/html data from the original non-BB site.

thanks

drex

[Deaths]

Check vBAdvanced.com, he had the same problem with the CMPS, but fixed it somehow...

[GamerzWorld]

Quote:

Originally Posted by Deaths

Check vBAdvanced.com, he had the same problem with the CMPS, but fixed it somehow...

Be useful if they tell us howas im having same problem

[drex]

actually, the problem resolved itself when the DNS pointers finally resolved around the web, and now the problem disappeared on its own....

yeah!

its not a software problem...

[KW802]

Quote:

Originally Posted by Deaths

Check vBAdvanced.com, he had the same problem with the CMPS, but fixed it somehow...

http://www.vbadvanced.com/forum/showthread.php?t=4439