[zethon]

I have a plugin that uses a webservice hosted on my vBulletin site. The client posts XML in the request. My script reads the entire POST request and parses it as XML. For example:

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

The problem with this is the CSRF protection. In init.php I see:

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

I tried defining CSRF_PROTECTION as false, but that won't work. In init.php, it seems like the test for "CSRF_PROTECTION === true" on line 460 should be in line 452 with "if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST')". In cases like mine, the $_POST array will always be empty and the content length will always be greater than zero.

I imagine if I implement a "do" action and pass the XML as a POST variable, this will take care of it. However, that seems like a silly solution and I'm wondering if there is a better way to do this.

Thanks!

[CGhostGroup]

Something new about that?
I get this message with a normal <input>-field via POST-Request...

event with the securitytoken-field it won't work.

[zethon]

Bump?

I managed to get this to work by doing $_POST["foo"] = ""; at the start of my script.

Still though, seems awkward to do this.