PDA

View Full Version : CSRF_SKIP_LIST not working, please help.


TrigZu
21 Apr 2011, 00:48
So I have a vBulletin powered donation page with this at the top:


// #################### DEFINE IMPORTANT CONSTANTS #######################

define('THIS_SCRIPT', 'DONATE');
define('CSRF_PROTECTION', true);
define('CSRF_SKIP_LIST', 'thankyou');


What I'm doing is having PayPal send the person donating back to the page like this: donate.php?do=thankyou.

Unfortunately whenever I go to donate.php?do=thankyou with any type of POST (which PayPal uses) it still gives me an invalid token notification. Do I even need to worry about CSRF protection on my donations page if all the content I'm putting on there is my own? Should I just turn it off (tested and it works off). Or am I just doing something stupid that I can fix in a half-a-second?

Thanks. :D