Results 1 to 10 of 19
-
27th Oct 2008, 02:38 PM #1OPMember
How to fix this?
Thanks :bloodlust:BalkanW Reviewed by BalkanW on . How to fix this? http://www.croatia-picturehost.com/images/mo9p0bbz4t1oa3lh2hri.jpg Thanks :bloodlust: Rating: 5
-
27th Oct 2008, 03:01 PM #2MemberWebsite's:
warezforest.com thehotfiledownload.com themastibay.comUser CP > Edit Options > and set "DST Correction Option" to "dst corrections always off", you should be able to set it as always off as default for all users but idk, I don't use vB anymore.
-
27th Oct 2008, 03:07 PM #3Member
Wrong.
This may help:
With the new version of vBulletin 3.6.10 and 3.7.0 RC4 +, a new protection against Cross Site Request Forgery (CSRF) has been introduced. This new protection might influence the coding in modifications.
Cross Site Request Forgery (CSRF) involves taking advantage of the stateless nature of HTTP, there are no ways to ensure the exact origin of a request, its also not possible to detect what was actually initiated by a user and what was forced by a third party script. A token was added to the latest version of each of the vBulletin products, with the release of 3.6.10 and 3.7.0 RC4 it is no longer possible to submit a POST request directly without passing in the known token.
The addition of a security token for each POST request removes the ability for a remote page to force a user to submit an action. At the moment this protection will only apply to vBulletin files and third party files will need to opt into this protection and add the appropriate hidden field. This was done to preserve backwards compatibility.
Adding Protection to your own files
To opt your entire file into CSRF protection the following should be added to the top of the file under the define for THIS_SCRIPT.
PHP Code:
Code:define('CSRF_PROTECTION', true);
If this value is set to false then all CSRF protection is removed for the file, this is appropriate for something that intentionally accepts remote POST requests.
You should always add this to your file, even if you don't think the script is ever going to receive POST requests.
An absence of this defined constant within your files will result in the old style referrer checking being performed.
Template Changes
The following should be added to all of the forms which POST back to vBulletin or a vBulletin script. This will automatically be filled out with a 40 character hash that is unique to the user.
PHP Code:
Code:<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
Exempting Certain Actions
It may be appropriate to exempt a particular action from the CSRF protection, in this case you can add the following to the file.
PHP Code:
Code:define('CSRF_SKIP_LIST', 'action_one,action_two');
If the skip list needs to be changed at runtime is it available within the registry object, using the init_startup hook the following code would be used to exempt 'example.php?do=action_three'.
PHP Code:
Code:if (THIS_SCRIPT == 'example') { $vbulletin->csrf_skip_list[] = 'action_three'; }
AJAX requests
.................................................. .................................................. ..
You need to add the security token to AJAX requests using POST. This can be simply added using the variable "SECURITYTOKEN". An example is below.
PHP Code:
Code:YAHOO.util.Connect.asyncRequest('POST', scriptpath + '?do=ajax', { success: this.handle_ajax_response, failure: this.handle_ajax_error, timeout: vB_Default_Timeout, scope: this }, SESSIONURL + 'securitytoken=' + SECURITYTOKEN + '&foo=' + foo);
Searching for templates that need editing
.................................................. .................................................. ..
If you want to search all template that you need to edit to add:
Code:<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
Code:SELECT templateid , title , styleid FROM template WHERE template_un NOT LIKE '%<input type="hidden" name="s" value="$session[sessionhash]" />%<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />%' AND template_un LIKE '%<input type="hidden" name="s" value="$session[sessionhash]" />%' ORDER BY title ASC, styleid ASC;
Security token errors
.................................................. .................................................. ..
In your Admin CP under Styles & Template select Search In Templates...
Search for:
HTML Code:
Code:value="$session[sessionhash]"
PHP Code:
Code:<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
I did not make this tutorial. Credit goes to Hoxxy of LittleWhiteLines.
-
27th Oct 2008, 03:12 PM #4Respected Developer
You should search before posting this, It was solved numerous times. Anyway lokiloki helped me when I had that problem.
-
27th Oct 2008, 03:20 PM #5MemberWebsite's:
Mac-Reports.org Hustedesigns.info Transversedesigns.comOr you could just get a legal Vbulletin license. It is worth it.
-
27th Oct 2008, 03:23 PM #6Member
-
27th Oct 2008, 03:23 PM #7Member
-
27th Oct 2008, 03:23 PM #8MemberWebsite's:
warezforest.com thehotfiledownload.com themastibay.comActually, there are multiple errors that cause this, the one you posted failed for me, I too searched the error in google. The one I posted worked for me and another site I know of. So simply saying "Wrong." is kinda stupid.
This happens with legal vb's too.
-
27th Oct 2008, 03:31 PM #9OPMember
When you use one tuoch ban it's my show,end i have vb licence
-
27th Oct 2008, 03:40 PM #10Member
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
themaPoster - post to forums and...
Version 5.20 released. Open older version (or...