4images Help / Hilfe > Bug Fixes & Patches

[1.7 - 1.7.8] Security fix for CSRF vulnerability

<< < (5/5)

Sunny C.:
Damit meinte ich, dass es wohl nicht mehr so lange dauern wird.
Mal sehen ob da mal richtig viel verändert wurde :D

surferboy:
This is but then is not off topic.

Error message received: "CSRF check failed"

using v1.7.7, with the CSRF security fix obviously installed, on 30 Oct, after the files were updated ...

Action to cause the error message:

performing multiupload of images using V@no's mutliupload form; max setting for file upload is 18000 kb

so I set the number of images to upload at 7, which all told came to about 13 mb.  hitting upload caused the error.

I eventually determined that I needed to change the max upload setting in my php.ini file setting but ....

the looming question:

will all error messages now read as " CSRF check failed?"

Thanks,

Brian

was experiencing a similar issue last week before the csrf security fix when I tried to upload any more than three images at a time.

Tried using V@no's multi upload and Budduke's multiupload that he created for the user category.

X444X TEAM:
Hi

In file admin/admin_global.php

When added

if ($csrf_protection_enable && $csrf_protection_backend) {
  csrf_start();
}

Can not be approval for the images at waiting list

I got page 404 Upon approval

Is there another solution

ulrich:
I am using version 1.7 and had to deviate from these instructions in two cases since I couldn't find those lines:

global.php


--- Quote from: kai on October 27, 2010, 12:10:43 PM ---In the same file, search for the line:

include_once(ROOT_PATH.'includes/captcha_utils.php');

and insert the following code BELOW this line:

//-----------------------------------------------------
//--- CSRF protection ---------------------------------
//-----------------------------------------------------
include_once(ROOT_PATH.'includes/csrf_utils.php');


--- End quote ---

Instead I did this:
Search for include(ROOT_PATH.'includes/functions.php'); and then insert the above code.

admin/admin_global.php


--- Quote from: kai on October 27, 2010, 12:10:43 PM ---Open admin/admin_global.php and search for the following line:

include_once(ROOT_PATH.'admin/admin_functions.php');

and insert the following code BELOW this line:

if ($csrf_protection_enable && $csrf_protection_backend) {
  csrf_start();
}


--- End quote ---

Instead I did this:
Search for include(ROOT_PATH.'admin/admin_functions.php'); and then insert the above code.

I hope this doesn't break anything or stop this fix from working.

Navigation

[0] Message Index

[*] Previous page

Go to full version