Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 20 Dec 2009, 02:00
zethon zethon is offline
 
Join Date: May 2005
CSRF Protection and "The file(s) uploaded were too large to process."

I have a plugin that uses a webservice hosted on my vBulletin site. The client posts XML in the request. My script reads the entire POST request and parses it as XML. For example:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

The problem with this is the CSRF protection. In init.php I see:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

I tried defining CSRF_PROTECTION as false, but that won't work. In init.php, it seems like the test for "CSRF_PROTECTION === true" on line 460 should be in line 452 with "if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST')". In cases like mine, the $_POST array will always be empty and the content length will always be greater than zero.

I imagine if I implement a "do" action and pass the XML as a POST variable, this will take care of it. However, that seems like a silly solution and I'm wondering if there is a better way to do this.

Thanks!
__________________
www.anothermessageboard.com
Reply With Quote
  #2  
Old 10 Jan 2010, 01:43
CGhostGroup CGhostGroup is offline
 
Join Date: Nov 2006
Something new about that?
I get this message with a normal <input>-field via POST-Request...

event with the securitytoken-field it won't work.

Last edited by CGhostGroup; 10 Jan 2010 at 01:52.
Reply With Quote
  #3  
Old 21 May 2010, 19:35
zethon zethon is offline
 
Join Date: May 2005
Bump?

I managed to get this to work by doing $_POST["foo"] = ""; at the start of my script.

Still though, seems awkward to do this.
__________________
www.anothermessageboard.com

Last edited by zethon; 21 May 2010 at 20:12.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 03:12.

Layout Options | Width: Wide Color: