The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
How does CSRF Protection work
I've been working on an adminCP project recently and I have an AJAX request that, until recently, didn't send SECURITYTOKEN or ADMINHASH in the query string, but the request went through without any error or redirect.
I see other admin files don't define CSRF at the top of the file but if they don't use it why do they bother with the security token and admin hash? I would like to use that for security. How do I make CSRF protection work? And what does define('CVS_REVISION', '$RCSfile$ - $Revision: 53302 $');mean? |
#2
|
|||
|
|||
<a href="http://flask-wtf.readthedocs.org/en/latest/csrf.html" target="_blank">http://flask-wtf.readthedocs.org/en/latest/csrf.html</a>
|
#3
|
|||
|
|||
Did you figure this out? I don't know the answer to the CSRF questions, but I believe CVS_REVISION is for version control, so it's not related.
|
#4
|
|||
|
|||
It checks in includes/init.php line 670 (vB422) and uses function verify_security_token() from includes/functions.php line 2763. My testing (never the last word!) shows it doesn't work in AdminCP even with CSRF_PROTECTION defined. So I just use the function directly in my code.
|
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|