Topic: CSRF fail

Hi there,

I've just installed 1.5.2 on a client's site and all was working well until I tried to load an image into a 'full story'.
The image appeared in the story window, but when I saved the story, it failed and I got the message 'CSRF fail'.
The story(s) as text are fine, they show and are updateable, but when an image is added - 'fail'.

Any thoughts, suggestions welcomed!

Thanks in advance.

Re: CSRF fail

Are you using the latest version?
v1.5.2 GitHub 0ea0d27153

- Fixed XSS / PHP_SELF
- Executable PHP code in templates
- No input filter on backup name
- Faulty CSRF check in editnews
- Infinite loop of errors when ban file missing && Case-sensitive regexp for link check
- Escaping " for unban link && Input filter for | in IP ban
- Login Ban fixed
- Input filter in News Wizard
- News Preview: remove links
- Add preview function
- CSRF problem in image upload fixed
- Fixed image detection in image upload
- E-mails hidden by default
- Add checking "allow_url_fopen" option
- Improved install/update process

Re: CSRF fail

I think here it is that csrf reset for news section

Re: CSRF fail

Are you using the latest version?
v1.5.2 GitHub 0ea0d27153


Thanks Damoor - I downloaded from cutenews web site on Sunday (10th), so looking at github probably not.
Right, I've downloaded and unzipped <cute-news-repo-master.zip> to give me a new set of files - do I just replace the existing on my server or is there a procedure to follow? I already have three news items and have created some templates.

Thanks in advance

5 (edited by 2013-02-13 20:05:36)

Re: CSRF fail

I had this problem over the weekend but with the update it has not re-appeared. Just upload onto your server but be careful not to overwrite your cdata news.txt etc . and config.php. I  backup everything first just in case.

Re: CSRF fail

I had this problem over the weekend but with the update it has not re-appeared. Just upload onto your server but be careful not to overwrite your cdata news.txt etc . and config.php. I  backup everything first just in case.

Thanks Damoor, other work got in the way, but I'll give the complete upload a try shortly and report back.

Re: CSRF fail

Thanks Damoor, other work got in the way, but I'll give the complete upload a try shortly and report back.

OK, have uploaded files and still getting fail notice. Here is the listing from the log (slightly altered for privacy):

1360857201|a:4:{s:4:"user";s:9:"peterdwdc";s:6:"action";s:107:"CSRF Missed http://www.domain/cutenews/index.php?mod=e....00.000";}

So, I'm going to copy off stories and templates, delete files and do a clean install using the files from 'cute-news-repo-master.zip'

8 (edited by 2013-02-14 18:40:27)

Re: CSRF fail

You may be disappointed. The fault came back for me again today. I got the error after editing a post .  The programmers have not quite solved the problem.

Re: CSRF fail

You may be disappointed. The fault came back for me again today. I got the error after editing a post .  The programmers have not quite solved the problem.

Uploaded the new files from github, added 'cdata' and 'uploads' from initial 1.5.2 download and started again! Like you I failed on adding an image to an existing post, so very downhearted,  http://cutephp.com/forum/style_emoticons/default/sad.gif but adding an image(s) to a new post seems to be working fine - thank goodness, so I have posts with images - YES!!! http://cutephp.com/forum/style_emoticons/default/smile.gif  Now to sort the search out!!!

Thanks for all your help and will do a 'bug tracker' to further flag up the issue.

Re: CSRF fail

Quick update for everybody...

I sent a bug report and received notification that the files on github have been updated to cover the CSRF fail on EDIT POST image upload. Yet to upload the files to verify result.

Re: CSRF fail

Thanks peterdwdc. Just tested it and it seems to be O.K. now.

Re: CSRF fail

Yep, works for me!  http://cutephp.com/forum/style_emoticons/default/biggrin.gif

Thanks to the programmers too for the quick bug fix.  http://cutephp.com/forum/style_emoticons/default/specool.gif

Re: CSRF fail

Quick update for everybody...

I sent a bug report and received notification that the files on github have been updated to cover the CSRF fail on EDIT POST image upload. Yet to upload the files to verify result.

Hi, I've uploaded the most recent github file (and to hell with my French version)... and I still have that CSRF fail problem. Also tried the most recent core.php, any action would take me back to login.
Any idea anyone ?

Re: CSRF fail

how far away is version 1.5.3?


is there a fix for this or not??

why wouldnt it re-save articles

Re: CSRF fail

The version 1.5.3 will be launched soon where we've fixed all the bugs. Please download it from Github.

Best regards,
CN Support team

16 (edited by 2013-03-07 19:13:35)

Re: CSRF fail

Hi
Can not you put a link to the new version (1.5.3) when published. I'm sure that many of us think Github is very confusing. A simple link should be easy to put on the forum page.

/Lars

Github
Then ZIP.
http://cutephp.com/forum/style_emoticons/default/smile.gif

Re: CSRF fail

cant simply the CSRF Fail fix be put into the GitHub files now?

we're all bleeding here, and a fix could be months away for all we know

cant a solution be posted so my client can leave me alone? please help

maybe a replace this code here with this code for example

Re: CSRF fail

There is an opportunity to unlock the CSRF checking now (see https://github.com/CuteNews/cute-news-repo/...c40fe15e41d60b)

Best regards,
CN Support team

Posts: 19

Pages 1

You must login or register to post a reply