Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
[ITECH] Inferno CSRF Auto Protection Details »
[ITECH] Inferno CSRF Auto Protection
Mod Version: 1.0.0, by Inferno Tech (Member) Inferno Tech is offline
Developer Last Online: May 2010 I like it Show Printable Version Email this Page

This modification is in the archives.
vB Version: 3.6.9 Rating: (6 votes - 5.00 average) Installs: 42
Released: 23 Apr 2008 Last Update: Never Downloads: 508
Not Supported Uses Plugins Re-usable Code  

----------------------------------
[ITech] Inferno CSRF Auto Protection
Created By Inferno Technologies (http://www.infernotechnologies.net)
Copyright 2004-2008
All rights reserved
Project Development Team: Zero Tolerance
Project Lead: Iain "Decado" Kidd
Support Forum: N/A (Supported here)
----------------------------------

Installation

Simply upload the product XML (Inferno CSRF Auto Protection.xml).

Project Description

This is a minor modification aimed at 3.6.10 (untested on vB 3.7 RC4, do so at your own will) which will automatically apply CSRF protection on the fly to forms which don't have security tokens and scripts which don't have security flags set. The purpose of this is to allow a seemless upgrade to 3.6.10 without having modifications break, but also to quickly apply the protection on them too.

However, this modification relies on the use of vBulletins print_output() function, some modifications will not use this for several reasons, and in these rare instances this modification will add protection to the scripts while not being able to add security tokens, you can disable auto-protection script by script if you find this occurs for you. Simply edit the plugin '[I.CSRF] Set CSRF Flag' and you'll find in the code an example on how to add a script to the exemption list. For instance, if you wanted to add the script 'MY_COOL_SOFTWARE' to the exemption list, simply add the following code:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Under this code:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

This modification should also apply security tokens for normal vBulletin templates in the instance that the vBulletin upgrader failed to automatically edit the template for you.

Other Features

When using vBulletin in debug mode, the debug information displayed at the bottom will display existing protected forms, and how many forms have been auto-protected by Inferno CSRF.

Feedback is welcome, enjoy

- Zero Tolerance

Download Now

Only licensed members can download files, Click Here for more information.

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • If you like this modification support the author by donating.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Similar Mod
Mod Developer Type Replies Last Post
Show Thread Enhancements Stamps (CSRF protection added) misr.cc vBulletin 3.7 Add-ons 98 14 Oct 2012 13:54
Add-On Releases vBTube 1.2.9 (CSRF protection added) Playa82 vBulletin 3.7 Add-ons 434 22 Jan 2012 22:08
Integration with vBulletin [ITECH] Inferno External Lite Inferno Tech vBulletin 3.6 Add-ons 81 27 Nov 2010 14:59
Major Additions [ITech] RPG Inferno 2.4 Lite Inferno Tech Modification Graveyard 149 13 Jul 2007 09:05

Comments
  #2  
Old 23 Apr 2008, 22:47
Danny.VBT Danny.VBT is offline
 
Join Date: Oct 2004
Hm...The majority of modifications using print_output() are probably utilizing separate files, so backwards compatibility shouldn't even be a problem since Jelsoft has already defined the constant needed to activate the new token protocol.
Reply With Quote
  #3  
Old 23 Apr 2008, 22:49
Inferno Tech's Avatar
Inferno Tech Inferno Tech is offline
 
Join Date: May 2007
Here's hoping so, the idea is really to add protection to those now (Some people are security freaks ).

- Zero Tolerance
__________________

We're Hiring *PM for info*
Reply With Quote
  #4  
Old 25 Apr 2008, 08:40
Jasem's Avatar
Jasem Jasem is offline
 
Join Date: Feb 2006
Location: www.menokia.com
Thank you, Nice share
__________________
games
Forum Nokia
Reply With Quote
  #5  
Old 26 Apr 2008, 07:03
sv1cec sv1cec is offline
 
Join Date: May 2004
Real name: John
Any ideas what can one do to close this plug in vB 3.0.xx??

I have a heavily hacked site, with so many mods that I do not even consider upgrading it to the latest version.

Any idea would be really appreciated.
__________________

John
SV1CEC
Reply With Quote
  #6  
Old 26 Apr 2008, 08:14
Wobbly Goblin's Avatar
Wobbly Goblin Wobbly Goblin is offline
 
Join Date: Oct 2007
Real name: Nick
Thumbs up

Wow...nice work Zero! This fixed the Personal Notepad & Event Attendance mods.

Sure hope someone comes up with a fix for the Casino.

Thank you,
Nick
__________________
Reply With Quote
  #7  
Old 26 Apr 2008, 15:04
IvyKeepMommy IvyKeepMommy is offline
 
Join Date: Sep 2007
While it fixed the board issues on RC4... it broke the notices feature in the admin cp (now I get a security token problem on the backend after installing).

Sorry, I have to uninstall.
Reply With Quote
  #8  
Old 26 Apr 2008, 20:46
lange lange is offline
 
Join Date: Apr 2003
I would like to be sure.

With this mod, no need to update to 3.6.10 ?
Reply With Quote
  #9  
Old 27 Apr 2008, 00:09
Inferno Tech's Avatar
Inferno Tech Inferno Tech is offline
 
Join Date: May 2007
IvyKeepMommy

It will cause some things to break, you can add those scripts in the exclusion

Wobbly Goblin

Glas to hear it!

lange

No, this is for 3.6.10 to automatically make all mods use CSRF protection

- Zero Tolerance
__________________

We're Hiring *PM for info*
Reply With Quote
  #10  
Old 28 Apr 2008, 18:22
dtv100's Avatar
dtv100 dtv100 is offline
 
Join Date: Apr 2007
Originally Posted by Inferno Tech View Post
IvyKeepMommy

It will cause some things to break, you can add those scripts in the exclusion


- Zero Tolerance
when i try to search for a user on main admincp I get a error if I disable this hack error disappear any way to fix this ?
__________________
I say Ha HA!
find free to air information FTA Site wanna fight? fight me
Reply With Quote
  #11  
Old 02 May 2008, 07:00
yemenihor's Avatar
yemenihor yemenihor is offline
 
Join Date: Feb 2008
Real name: salah alkhwlani
Thank you

My
Reply With Quote
  #12  
Old 01 Jun 2008, 13:01
wWw.Fun2Wii.Com wWw.Fun2Wii.Com is offline
 
Join Date: May 2008
thanks
__________________
Reply With Quote
  #13  
Old 01 Jul 2008, 19:24
wicked80 wicked80 is offline
 
Join Date: Feb 2008
Thanks a million my friend ... you were like a god sent angel
Reply With Quote
  #14  
Old 31 Jul 2008, 16:17
ItachiZG ItachiZG is offline
 
Join Date: Dec 2007
thanks youy nice aporte.
Reply With Quote
  #15  
Old 17 May 2009, 11:11
my_aly's Avatar
my_aly my_aly is offline
 
Join Date: May 2007
thank you
__________________
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 12:52.

Layout Options | Width: Wide Color: