View Full Version : CSRF_SKIP_LIST not working, please help.

21 Apr 2011, 00:48
So I have a vBulletin powered donation page with this at the top:

Code is only visible to licensed users, and only when logged into the forums.

What I'm doing is having PayPal send the person donating back to the page like this: donate.php?do=thankyou.

Unfortunately whenever I go to donate.php?do=thankyou with any type of POST (which PayPal uses) it still gives me an invalid token notification. Do I even need to worry about CSRF protection on my donations page if all the content I'm putting on there is my own? Should I just turn it off (tested and it works off). Or am I just doing something stupid that I can fix in a half-a-second?

Thanks. :D