• Welcome to Simple Machines Community Forum. Please login or sign up.
October 28, 2021, 03:58:26 PM

News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord


Unable to verify referring url. Please go back and try again. Error!

Started by naan, January 21, 2011, 08:25:37 AM

Previous topic - Next topic

Arantor

And how is that wrong, exactly? The only thing I can see is the string isn't entity escaped, but that's not the cause of not referring the action in the URL.
No good deed goes unpunished
All helpful urges should be circumvented

naan

ok, i think the error in ie8 has nothing to do with the problem to delete older topics.

i normally use firefox.


the problem is to delete older topic in speziall boards.

that don't work in my smf 2.0 rc3 (two mods)
don't work in my test smf 2.0rc4 (no mods)
don't work in my upgraded test smf 2.0 rc5 (no mods)

naan.de/sevel

test smf
werk24.org/sevel
naan.de // psaForum and other things.

Arantor

Quoteok, i think the error in ie8 has nothing to do with the problem to delete older topics.

Correct, like I just said.

So it doesn't work on multiple sites, and am I correct in understanding it doesn't work in IE or FF, regardless of version?
No good deed goes unpunished
All helpful urges should be circumvented

naan

yes it is not possible to delete older topics.


This is what i do:

I go to my smf forum.
I login as admin
I go to the topmenü "admin"
I go to the menü "Forum Maintenance"
I go to the menü "Topics"
I want to Remove all topics not posted in for 360 days, which are:
-Any sort of topic.
In specific Boards
i choose two boards

Then i click
"remove now"

Then a popup say to me: you really want to do?
I say "ok"

Then i get the error:


An Error Has Occurred!
Unable to verify referring url. Please go back and try again.


i go back and try again.

Then i get the error:





naan.de // psaForum and other things.

Arantor

Yes, I realise all that.

I also know that for some reason, the HTTP_REFERER isn't including action=admin. Which makes me think there is some kind of security software, firewall, proxy server or something damaging/removing that header.
No good deed goes unpunished
All helpful urges should be circumvented

naan

hmm!??


i use here a speedport router from the german telekom

http://www.telekom.de/dlp/eki/downloads/Speedport/Speedport%20W%20701%20V/bedanl_Speed_W701V_Stand%2010_07.pdf

since more then 5 years.


at home i use a fritzbox 7170
naan.de // psaForum and other things.

Arantor

No good deed goes unpunished
All helpful urges should be circumvented

naan

that is router and normally this have a firewall included.

http://www.avm.de/en/Produkte/FRITZBox/FRITZ_Box_Fon_WLAN/index.php


But i use this router a long time without problems.
i do nothing change on the installation in my network
naan.de // psaForum and other things.

Arantor

I didn't specifically say THAT firewall. But many software firewalls remove the HTTP_REFERER in the name of 'security', Norton packages especially.
No good deed goes unpunished
All helpful urges should be circumvented

naan

ok
firewall can be on router and in win7 i use

i try now from an old pc with suse 11.3 on it without firewall.
linux system with firefox as browser.

it don't work.
naan.de // psaForum and other things.

Arantor

And you're not using a proxy service? And your router doesn't change the headers it sends through?
No good deed goes unpunished
All helpful urges should be circumvented

naan

naan.de // psaForum and other things.

Arantor

No good deed goes unpunished
All helpful urges should be circumvented

naan

naan.de // psaForum and other things.

Arantor

OK, so open up Firebug, enable networking for your site, then browse, trying to carry out the operation you did before. This time, as you do the different steps, you should see the different requests being carried out in the pane at the bottom.

Most importantly, when you press the button, there should be a POST request to the page to carry out the operation - where it errors out on you. If you could do that step, then copy/paste the 'Headers' of that POST request here so I can see what's being requested of the server.
No good deed goes unpunished
All helpful urges should be circumvented

naan

Date   Tue, 15 Feb 2011 13:21:05 GMT
Server   Apache/2.0.54 (Debian GNU/Linux) mod_ssl/2.0.54 OpenSSL/0.9.7e PHP/5.2.9
X-Powered-By   PHP/5.2.9
Expires   Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control   private
Pragma   no-cache
Location   ../sevel/index.php?Themes/default/images/blank.gif
Connection   close
Transfer-Encoding   chunked
Content-Type   text/html
Anfrage-HeaderQuelltext anzeigen
Host   www.naan.de
User-Agent   Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept   image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language   de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding   gzip,deflate
Accept-Charset   ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive   115
Connection   keep-alive
Referer   ../sevel/index.php?action=admin;area=maintain;sa=topics;activity=pruneold
Cookie   SMFCookie827=a%3A4%3A%7Bi%3A0%3Bs%3A1%3A%222%22%3Bi%3A1%3Bs%3A40%3A%22ce7a4c49f10b4b4744cd9d20f136cabf04e2cc8f%22%3Bi%3A2%3Bi%3A1486990490%3Bi%3A3%3Bi%3A2%3B%7D; PHPSESSID=a3p456p9ffu3d9577cfs26gvu7; 9cfad3a75c0f5fd14f9dfb03fe0c37fb=rt6dm0qmso96q3thb0cnbdi675

-----
Host:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: ../sevel/index.php?action=admin;area=maintain;sa=topics;activity=pruneold
Cookie: SMFCookie827=a%3A4%3A%7Bi%3A0%3Bs%3A1%3A%222%22%3Bi%3A1%3Bs%3A40%3A%22ce7a4c49f10b4b4744cd9d20f136cabf04e2cc8f%22%3Bi%3A2%3Bi%3A1486990490%3Bi%3A3%3Bi%3A2%3B%7D; PHPSESSID=a3p456p9ffu3d9577cfs26gvu7; 9cfad3a75c0f5fd14f9dfb03fe0c37fb=rt6dm0qmso96q3thb0cnbdi675

---------------------------------------


i think/hope you mean this

../sevel/index.php?action=admin;area=maintain;sa=topics;activity=pruneold

Antwort-HeaderQuelltext anzeigen
Date   Tue, 15 Feb 2011 13:25:47 GMT
Server   Apache/2.0.54 (Debian GNU/Linux) mod_ssl/2.0.54 OpenSSL/0.9.7e PHP/5.2.9
X-Powered-By   PHP/5.2.9
Expires   Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control   private
Pragma   no-cache
Last-Modified   Tue, 15 Feb 2011 13:25:47 GMT
Connection   close
Transfer-Encoding   chunked
Content-Type   text/html; charset=UTF-8
Anfrage-HeaderQuelltext anzeigen
Host   ??
User-Agent   Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept   text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language   de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding   gzip,deflate
Accept-Charset   ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive   115
Connection   keep-alive
Referer   ../sevel/index.php?action=admin;area=maintain;sa=topics;b2e886d8f4=d83a8e658e05692e5710cfa68d873119
Cookie   SMFCookie827=a%3A4%3A%7Bi%3A0%3Bs%3A1%3A%222%22%3Bi%3A1%3Bs%3A40%3A%22ce7a4c49f10b4b4744cd9d20f136cabf04e2cc8f%22%3Bi%3A2%3Bi%3A1486990490%3Bi%3A3%3Bi%3A2%3B%7D; PHPSESSID=a3p456p9ffu3d9577cfs26gvu7; 9cfad3a75c0f5fd14f9dfb03fe0c37fb=rt6dm0qmso96q3thb0cnbdi675
naan.de // psaForum and other things.

Arantor

So what was the POST instruction? Was it POST /sevel/index.php?action=admin;area=maintain;sa=topics;activity=pruneold there too?

* Arantor is very confused, since the referer is there as it should be, the session has retained integrity (otherwise it would have failed sooner)

As a workaround, you can replace this in RemoveTopic.php

// So long as you are sure... all old posts will be gone.
function RemoveOldTopics2()
{
global $modSettings, $smcFunc;

isAllowedTo('admin_forum');
checkSession('post', 'admin');


with
// So long as you are sure... all old posts will be gone.
function RemoveOldTopics2()
{
global $modSettings, $smcFunc;

isAllowedTo('admin_forum');
checkSession('post');


But it does reduce your security if you do that.
No good deed goes unpunished
All helpful urges should be circumvented

naan

yes now ist works


http://www.naan.de/sevel/index.php?board=4.80

there are no topics older than 360 days


but i put the old file with
checkSession('post', 'admin');
on the server after i remove the old topics.



naan.de // psaForum and other things.

Arantor

No good deed goes unpunished
All helpful urges should be circumvented

naan

naan.de // psaForum and other things.

Advertisement: