4images Help / Hilfe > Bug Fixes & Patches
[1.7 - 1.7.8] Security fix for CSRF vulnerability
Sunny C.:
Damit meinte ich, dass es wohl nicht mehr so lange dauern wird.
Mal sehen ob da mal richtig viel verändert wurde :D
surferboy:
This is but then is not off topic.
Error message received: "CSRF check failed"
using v1.7.7, with the CSRF security fix obviously installed, on 30 Oct, after the files were updated ...
Action to cause the error message:
performing multiupload of images using V@no's mutliupload form; max setting for file upload is 18000 kb
so I set the number of images to upload at 7, which all told came to about 13 mb. hitting upload caused the error.
I eventually determined that I needed to change the max upload setting in my php.ini file setting but ....
the looming question:
will all error messages now read as " CSRF check failed?"
Thanks,
Brian
was experiencing a similar issue last week before the csrf security fix when I tried to upload any more than three images at a time.
Tried using V@no's multi upload and Budduke's multiupload that he created for the user category.
X444X TEAM:
Hi
In file admin/admin_global.php
When added
if ($csrf_protection_enable && $csrf_protection_backend) {
csrf_start();
}
Can not be approval for the images at waiting list
I got page 404 Upon approval
Is there another solution
ulrich:
I am using version 1.7 and had to deviate from these instructions in two cases since I couldn't find those lines:
global.php
--- Quote from: kai on October 27, 2010, 12:10:43 PM ---In the same file, search for the line:
include_once(ROOT_PATH.'includes/captcha_utils.php');
and insert the following code BELOW this line:
//-----------------------------------------------------
//--- CSRF protection ---------------------------------
//-----------------------------------------------------
include_once(ROOT_PATH.'includes/csrf_utils.php');
--- End quote ---
Instead I did this:
Search for include(ROOT_PATH.'includes/functions.php'); and then insert the above code.
admin/admin_global.php
--- Quote from: kai on October 27, 2010, 12:10:43 PM ---Open admin/admin_global.php and search for the following line:
include_once(ROOT_PATH.'admin/admin_functions.php');
and insert the following code BELOW this line:
if ($csrf_protection_enable && $csrf_protection_backend) {
csrf_start();
}
--- End quote ---
Instead I did this:
Search for include(ROOT_PATH.'admin/admin_functions.php'); and then insert the above code.
I hope this doesn't break anything or stop this fix from working.
Navigation
[0] Message Index
[*] Previous page
Go to full version