Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
CSRF detected
#1
Everytime I try to edit any page, I get this message :-( What should I do?
Reply
#2
“CSRF detected!” is a message reported when the data you submit didn’t pass the nonce check introduced in GetSimple 2.03.

Did you enable debug mode to see if any errors are showing? Did you update from GetSimple 2.02 to 2.03 or is this a clean install?

We would need more information to figure out why you are getting that message I’m afraid.
“Don’t forget the important ˚ (not °) on the a,” says the Unicode lover.
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!
Reply
#3
It is clean install of getsimple 2.03 using my theme.

edit: not so clean at all.. (I'm using some plugins and I think that it may be caused by this http://get-simple.info/forum/viewtopic.php?id=1048)

I get this message in debug mode - Notice: Undefined index: nonce in /data/www/***.cz/www.***.cz/admin/changedata.php on line 34

SOLVED!! Thank you ! - it was my fault... I made a website based on GetSimple 2.02 and tested it on VertrigoServ but while I was working on it, there was GetSimple 2.03. When I transfered my project on web, I didn't realise that the version changed and installed 2.03... I downloaded new version of this plugin and it is working now.. Sry about my english
Reply
#4
I've got another problem.. And it isn't detected in debug mode. CKeditor is not working nor with original edit.php file. In IE it writes that

Message: 'CKEDITOR' is not defined.
row: 170
char: 4
code: 0
Reply
#5
Check on your server if all files in /admin/template/js/ckeditor/ exist. If IE gives that error it means edit.php if asking for it but can’t find the javascript files.
“Don’t forget the important ˚ (not °) on the a,” says the Unicode lover.
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!
Reply
#6
Deleting .htaccess in /admin/template/js/ckeditor/ helped, but I don't know why
Reply
#7
That .htaccess shouldn’t normally give any problems. But it’s not important for security either, so if CKEditor works on your server without that file there is no reason to have it.
“Don’t forget the important ˚ (not °) on the a,” says the Unicode lover.
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!
Reply
#8
OK, and could you please tell me which .htaccess is important for security? I had to delete few of them to get my page working. I'm curious especially about the one in data directory?
Reply
#9
The one in /data/ is there for security. Many of them are there for security.

Many .htaccess files in GetSimple (the one in /data/ too) make sure people can’t look in those directories with their browser. If they are taken away someone could look at your website’s /data/pages/ folder or maybe even your XML files. That is not something you would want.

GetSimple is developed for Apache servers that shouldn’t have any problems with those .htaccess files though. They only include a “deny”. If your server has problems with it, check what version of Apache you are using and what mods are enabled. (For recent Apache servers you will need mod_authz_host to be enabled.)
“Don’t forget the important ˚ (not °) on the a,” says the Unicode lover.
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!
Reply
#10
I put those .htaccesses back, but I can't open any image

OK, it is working now. I put .htaccess with "Allow from *my webpage*.cz" in uploads folder. Thank you
Reply
#11
What do you mean you can’t open any image?
In /data/ there is one that has:
Code:
Deny from all
But within /data/uploads/ there should be a different .htaccess:
Code:
Options -Indexes
Allow from all

<Files *.xls>
ForceType applicaton/octet-stream
</Files>

<Files *.csv>
ForceType applicaton/octet-stream
</Files>
This different .htaccess in /data/uploads/ makes sure that images and any other uploads will be accessible.

If you have no .htaccess in any of your /data/ folders and you have an “allow” inside the /data/ folder I will be able to check your XML files including your login name and other security information.
“Don’t forget the important ˚ (not °) on the a,” says the Unicode lover.
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!
Reply
#12
My problem was that if I used .htaccess in data/uploads with this -
Code:
Options -Indexes
Allow from all

<Files *.xls>
ForceType applicaton/octet-stream
</Files>

<Files *.csv>
ForceType applicaton/octet-stream
</Files>

I couldn't open any image

So I used .htaccess in data/uploads with this-
Code:
Allow from mywebsite.cz
instead

I can open images now and nobody can access private files.. Am I right?
Reply
#13
As long as /data/ still has “Deny from all” everything should be al right. Good luck with GetSimple!
“Don’t forget the important ˚ (not °) on the a,” says the Unicode lover.
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!
Reply
#14
Thank you Smile /data/ still has "deny for all" you can view my work at www.drevoprodej-havirov.cz
Reply




Users browsing this thread: 1 Guest(s)