vBulletin Mods

The Official vBulletin Modifications Site
https://www.vbulletin.org/forum/showthread.php?t=177013

powerful_rogue 26 Apr 2008 18:36

Quote:

Originally Posted by Boofo (Post 1499947)
The bad part is that not all forms have value="$session[sessionhash]" in them in some of the hacks out there. I basically look for <form and then add the line anywhere underneath that where there is a <input type="hidden" line.

Thats the problem I was having with vbpager. I looked for every <form.... and every method=post and put the security token code underneath.

Thats why I think its now an ajax issue. Ive tried to figure it out but to no avail. The odd thing is, it works fine in 3.6.10, but not in 3.7 RC4

--------------- Added 26 Apr 2008 at 20:35 ---------------

problem solved! I had a search around and tried the fix that was being used for a shoutbox.

I changed all 3 instances of "securitytoken=" to "&securitytoken=" in vbulletin_global.js and it did the trick!

rinkrat 26 Apr 2008 22:57

I can't save my vbulletin settings without this error.

What do I change to fix this? In a template?


I also can not import any hacks without an error.

Where do I fix this? In a template?

--------------- Added 26 Apr 2008 at 23:04 ---------------

Quote:

Originally Posted by Wayne Luke (Post 1498706)
Forms are not equal to templates but some templates have forms in them.

A form is anywhere your users can submit data. If you have modifications that submit data and cannot update their templates then you need to post for support in the modification thread.

It isn't hard to find out where this needs to go.

In your Admin CP under Styles & Template select Search In Templates...

Search for: value="$session[sessionhash]"


In every template this occurs in add this line directly after the line containing the above, if it doesn't exist already:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />

Save the template.


I am getting the error when I try to edit a template and save it so this will not work.

Lynne 26 Apr 2008 23:42

Quote:

Originally Posted by rinkrat (Post 1500145)
I am getting the error when I try to edit a template and save it so this will not work.

Note that what you quoted says to "add this line directly after the line containing the above", not directly after that code.

rinkrat 26 Apr 2008 23:53

I cannot do anything, including editing templates, turning the board on or loading templates without the security error.

Lynne 26 Apr 2008 23:55

You may want to run the upgrade script again so it makes the necessary changes or run the query listed back on the first page.

Thank you
by cmedic101
27 Apr 2008 00:08

I added this line to all my custom templates and followed the instructions as listed.

No errors
No problems with any mods
casino is still working:)

thank you:up:

cmedic

King Kovifor 27 Apr 2008 00:26

Quote:

Originally Posted by rinkrat (Post 1500185)
I cannot do anything, including editing templates, turning the board on or loading templates without the security error.

You should be able to work in the ACP as it is not affected. Maybe posting at vB.com or disabling your plugins by using this code in your config.php may solve your problem:

define('DISABLE_HOOKS', true);

Terrie 27 Apr 2008 07:20

Quote:

Originally Posted by Dismounted (Post 1497947)
Also, you need to add the security token to AJAX requests using POST. This can be simply added using the variable "SECURITYTOKEN". An example is below.

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

what file do i need to place this into?
I've already added the 3 &'s before "securitytoken" in my clienscript/vbulletin_global.js
I have also updated ALL my templates per the security token instructions given and still
im having problems with every mod that uses java and ajax
I am running 3.7 RC4

Dismounted 27 Apr 2008 08:52

Quote:

Originally Posted by shahryar_neo (Post 1499668)
sorry for my low information . can yoy simplified this instruction for using ajax requests using POST ?

It is the simplest it can be. Add the security token into the request.
Quote:

Originally Posted by sv1cec (Post 1499719)
Could some one PLEASE tell me how to close this vulnerability in vB 3.0.xx?

I would certainly appreciate it.

You can't unless you edit files directly as the fix is actually a very large one.
Quote:

Originally Posted by Terrie (Post 1500484)
what file do i need to place this into?
I've already added the 3 &'s before "securitytoken" in my clienscript/vbulletin_global.js
I have also updated ALL my templates per the security token instructions given and still
im having problems with every mod that uses java and ajax
I am running 3.7 RC4

You do not need to mess with any default vBulletin JS file.

Opserty 27 Apr 2008 09:20

Quote:

Originally Posted by Dismounted (Post 1500532)
You do not need to mess with any default vBulletin JS file.

There have been a few errors in RC4 that have caused problems for a couple of ajax modifications, hence why some have edited vbulletin_global.js. http://www.vbulletin.com/forum/proje...?issueid=25287

Wayne Luke 27 Apr 2008 13:22

Quote:

Originally Posted by rinkrat (Post 1500185)
I cannot do anything, including editing templates, turning the board on or loading templates without the security error.

Then you will need to open a thread on vBulletin.com. The security changes should have absolutely no affect on the Admin CP and these changes do not apply to the Admin CP in anyway.

bertwrld 27 Apr 2008 15:05

Quote:

Originally Posted by cmedic101 (Post 1500195)
I added this line to all my custom templates and followed the instructions as listed.

No errors
No problems with any mods
casino is still working:)

thank you:up:

cmedic

What templates did you edit in the casino?

slmoney 28 Apr 2008 01:01

I hope I am not the only one scratching their head thinking..what?

I admit..I am not a coder..nor programmer. I've read the instructions over and over..and I still have no clue what goes where.

So far on my board the only item giving me a problem is the AJAX Latest Post Mod.

I'm probably asking too much if someone explains this so a 5th grader could understand it.

Thanks.

King Kovifor 28 Apr 2008 01:26

Quote:

Originally Posted by slmoney (Post 1501072)
I hope I am not the only one scratching their head thinking..what?

I admit..I am not a coder..nor programmer. I've read the instructions over and over..and I still have no clue what goes where.

So far on my board the only item giving me a problem is the AJAX Latest Post Mod.

I'm probably asking too much if someone explains this so a 5th grader could understand it.

Thanks.

It would be within the javascript. What needs added would be found in the second post. That is about as far as I can explain it as I haven't taught myself AJAX yet.

yaoren 28 Apr 2008 16:37

Ok I'm at a loss since I've manually gone in and did the search in templates and added the line of code to each template that was missing the sercurity token and well, I'm still having the message pop up. I honestly don't know what mod is causing the issues since it pops up only in certain areas. Any other ideas?


All times are GMT. The time now is 03:09.

Powered by vBulletin® Version 3.8.14
Copyright © 2021, MH Sub I, LLC dba vBulletin. All Rights Reserved. vBulletin® is a registered trademark of MH Sub I, LLC
Copyright ©2001 - , vbulletin.org. All rights reserved.