Register Members List Search Today's Posts Mark Forums Read

Reply
 
Article Options
  #46  
Old 28 Apr 2008, 18:08
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Real name: Rob
Originally Posted by yaoren View Post
Ok I'm at a loss since I've manually gone in and did the search in templates and added the line of code to each template that was missing the sercurity token and well, I'm still having the message pop up. I honestly don't know what mod is causing the issues since it pops up only in certain areas. Any other ideas?
Check Andreas' profile as he just released a hack that will send an email upon any token errors.
Reply With Quote
  #47  
Old 28 Apr 2008, 21:06
yaoren's Avatar
yaoren yaoren is offline
 
Join Date: May 2007
Oh man, thank you so much for this. Still having some problems but getting closer
Reply With Quote
  #48  
Old 29 Apr 2008, 00:35
ringleader's Avatar
ringleader ringleader is offline
 
Join Date: Dec 2006
Real name: Fran
Quick, random, and possibly letting everyone know the stupidity I try to keep hidden like a mental problem...

Does this token need to be placed in every form that passes a hidden value, or just the ones that use the sessionhash?
__________________
Awesome. Awesome to the max.
Reply With Quote
  #49  
Old 29 Apr 2008, 00:45
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Real name: Rob
Every form that uses post.
Reply With Quote
  #50  
Old 29 Apr 2008, 00:52
ringleader's Avatar
ringleader ringleader is offline
 
Join Date: Dec 2006
Real name: Fran
Excellent. Thanks for responding!
__________________
Awesome. Awesome to the max.
Reply With Quote
  #51  
Old 30 Apr 2008, 01:03
Skavenger Skavenger is offline
 
Join Date: Sep 2005
Originally Posted by Boofo View Post
The bad part is that not all forms have value="$session[sessionhash]" in them in some of the hacks out there. I basically look for <form and then add the line anywhere underneath that where there is a <input type="hidden" line.
what about this? I have a mod that doesn't have what is in bold...

I mean, there is no <input type="hidden" line neither

Can I just add the security token below the opening form tag "<form>"?
Reply With Quote
  #52  
Old 30 Apr 2008, 11:47
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Real name: Hanson
Yes, you just add the line below the form tag.
__________________
View My Modifications
29 Releases and Counting... Latest Modification: dmActivityStream - vBookie Integration (4.x)

Please do not PM me to ask for support - please use the relevant thread or forum.
Reply With Quote
  #53  
Old 01 May 2008, 04:48
ARB4HOSTING.COM's Avatar
ARB4HOSTING.COM ARB4HOSTING.COM is offline
 
Join Date: Jan 2008
Thank you
Reply With Quote
  #54  
Old 01 May 2008, 13:03
dealxa's Avatar
dealxa dealxa is offline
 
Join Date: Jan 2007
I didn't use color in posts, after upgrade
what is problem?
__________________
Cruel Dragon... // Kaiser...
Reply With Quote
  #55  
Old 01 May 2008, 16:15
rinkrat's Avatar
rinkrat rinkrat is offline
 
Join Date: Jan 2002
I find it hard to believe that, in the final release candidate, Jelsoft would throw a monkey wrench like this into the mix and create a nightmare for all of their current customers who aren't programmers.

Isn;t there any kind of search and replace mod that one of you can cook up to repair the damage done by this security token B.S.? It looks like the terrorists have finally won!
__________________
Los Angeles Kings Fan Page
Reply With Quote
  #56  
Old 01 May 2008, 17:51
Boosted Panda Boosted Panda is offline
 
Join Date: Mar 2008
Real name: Matt
Originally Posted by rinkrat View Post
I find it hard to believe that, in the final release candidate, Jelsoft would throw a monkey wrench like this into the mix and create a nightmare for all of their current customers who aren't programmers.

Isn;t there any kind of search and replace mod that one of you can cook up to repair the damage done by this security token B.S.? It looks like the terrorists have finally won!
I too am frustrated at this because I was thinking going gold meant ready to go. Now I have end users who are leaving my forums because of this. I spent 2 hours searching and replacing and now find out that anything with form needs it too Is there a hack or something out there that will do this automatically this is quite a drag.
Reply With Quote
  #57  
Old 01 May 2008, 18:10
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Real name: Rob
Just do a templare search for <form

Add the code to any form that uses POST. Simple.

The upgrade takes care of all that except for any add-on hacks.
Reply With Quote
  #58  
Old 04 May 2008, 15:54
spankaveli spankaveli is offline
 
Join Date: Mar 2002
Originally Posted by Boofo View Post
The bad part is that not all forms have value="$session[sessionhash]" in them in some of the hacks out there. I basically look for <form and then add the line anywhere underneath that where there is a <input type="hidden" line.
thank you for this advise!!!! this fixed my itrader issue. two or 3 of the itrader templates did not have "sessionhash."
__________________
-http://www.bayoushooter.com/
Reply With Quote
  #59  
Old 04 May 2008, 16:04
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Real name: Rob
Default vb templates don't always have the sessionhash in the forms. Glad I could help.
Reply With Quote
  #60  
Old 04 May 2008, 18:20
Mancunian_Red Mancunian_Red is offline
 
Join Date: Jan 2008
Originally Posted by Wayne Luke View Post
Forms are not equal to templates but some templates have forms in them.

A form is anywhere your users can submit data. If you have modifications that submit data and cannot update their templates then you need to post for support in the modification thread.

It isn't hard to find out where this needs to go.

In your Admin CP under Styles & Template select Search In Templates...

Search for: value="$session[sessionhash]"


In every template this occurs in add this line directly after the line containing the above, if it doesn't exist already:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />

Save the template.
thank you wayne for putting this in english i just followed your instructions and then the problem was solved
Reply With Quote
Reply

Similar Article
Article Author Type Replies Last Post
Show Thread Enhancements Stamps (CSRF protection added) misr.cc vBulletin 3.7 Add-ons 98 14 Oct 2012 14:54
Add-On Releases vBTube 1.2.9 (CSRF protection added) Playa82 vBulletin 3.7 Add-ons 434 22 Jan 2012 23:08
Mini Mods [ITECH] Inferno CSRF Auto Protection Inferno Tech vBulletin 3.6 Add-ons 15 02 Nov 2010 04:01



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Article Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


New To Site? Need Help?

All times are GMT. The time now is 02:37.

Layout Options | Width: Wide Color: