Download
(2016-06-20, 21:06:52)Oleg06 Wrote: http://prntscr.com/bims6w
http://prntscr.com/bimsdp
http://prntscr.com/bimsne
I know what it is (the security check failed), but not sure how to solve it.
It's the same nonce check as GS uses..
In
components_ext.php, line 53 - 62 you can see this:PHP Code:
<?php
// protect against CSRF, basic check
if (!isset($USR) || $USR != get_cookie('GS_ADMIN_USERNAME') || !isset($_COOKIE['PHPSESSID']))
die();
// only continue if the request comes from the same domain & nonces match
if (empty($_SERVER['HTTP_ORIGIN']) || strpos($_SERVER['HTTP_ORIGIN'], $_SERVER['SERVER_NAME']) < 5 || empty($_GET['nonce']) || !check_nonce($_GET['nonce'], 'components_ext_action', 'components_ext.php'))
die();
So either:
- the
$USRglobal is not set or the$USRglobal does not matchGS_ADMIN_USERNAME.
- the
PHPSESSIDis not set
- the
$_SERVER['HTTP_ORIGIN'] is not setor$_SERVER['SERVER_NAME'] doesn't appear in [c]$_SERVER['HTTP_ORIGIN'].
- the
$_GET['nonce']is not set or isn't correct according tocheck_nonce.
PHP Code:
if (!isset($USR) || $USR != get_cookie('GS_ADMIN_USERNAME'))
$components_ext->response(200, '$USR global missing or GS_ADMIN_USERNAME cookie missing');
if (!isset($_COOKIE['PHPSESSID']))
$components_ext->response(200, '$_COOKIE[\'PHPSESSID\'] is not set');
if (empty($_SERVER['HTTP_ORIGIN']) || strpos($_SERVER['HTTP_ORIGIN'], $_SERVER['SERVER_NAME']) < 5)
$components_ext->response(400, 'Server name mismatch');
if (empty($_GET['nonce']))
$components_ext->response(400, 'No nonce given');
if (!check_nonce($_GET['nonce'], 'components_ext_action', 'components_ext.php'))
$components_ext->response(400, 'Nonce mismatch');
Try to save again, and see what error message is displayed, thanks
