SMF 1.1.7: Session verification failed when installing mods or SMF 1.1.8 update

Started by SlammedDime, December 06, 2008, 10:36:43 AM

Previous topic - Next topic

SlammedDime

Bug #2734: FTP Permissions causes package installation to fail

Unfortunately, it seems that in one of our recent security releases (SMF 1.1.7), the security fix created a bug that may affect some installations of SMF depending on the server configuration.

If you have this problem when upgrading to SMF 1.1.8 or when installing mods on SMF 1.1.7, please use the fix below.

If, after applying this fix, you still have the problem, please try packages on the default theme.  If the problem still persists using the default 'core' theme, please create a new topic, do not post support questions in this topic.

Open Sources/Packages.php

Code (Find) Select
function PackageInstallTest()
{
    global $boarddir, $txt, $context, $scripturl, $sourcedir, $modSettings;

    checkSession('get');


Code (Replace) Select
function PackageInstallTest()
{
    global $boarddir, $txt, $context, $scripturl, $sourcedir, $modSettings;

    checkSession('request');
SlammedDime
Former Lead Customizer
BitBucket Projects
GeekStorage.com Hosting
                      My Mods
SimpleSEF
Ajax Quick Reply
Sitemap
more...
                     

gietl

Awesome! I was having this problem and this solution worked perfectly.

welshdog

Made no difference to my 'Session Verification Error" issues though I was directed here because my 'vanilla install' rfused to let me access any part of the site whilst 'logged in'.


bujuk



Regashi


Tyrsson

Could we get this added to the "useful manual links" options for the support volunteers? It sure would help :)
PM at your own risk, some I answer, if they are interesting, some I ignore.

sheryltoo

I'm not sure were I'm suppose to look for that code that needs to be replaced.
Could someone please direct me to the right area?
Thanks.
Sheryl

SlammedDime

SlammedDime
Former Lead Customizer
BitBucket Projects
GeekStorage.com Hosting
                      My Mods
SimpleSEF
Ajax Quick Reply
Sitemap
more...
                     

waterrat

Thanks for this fix--it worked for one mod install, then I've had problems with every mod install since.  I had to manually add a temp file set to 777 to install any other mods--and even then, the mods read as installed, but aren't.  Is there something I'm missing?

I opened a topic specifically on my issue: http://www.simplemachines.org/community/index.php?topic=281517.0

I just wondered if my problem and is related to the Verification Error or not.

Rebochan

I can't find the text in that .php file.  There's something completely different instead.  I'm using the latest version of SMF.  I *think* this is the right spot - it starts on line 144.  But as you can see, it's nothing like the code in the first post...

function PackageInstallTest()
{
global $boarddir, $txt, $context, $scripturl, $sourcedir, $modSettings;

// You have to specify a file!!
if (!isset($_REQUEST['package']) || $_REQUEST['package'] == '')
redirectexit('action=packages');
$context['filename'] = preg_replace('~[\.]+~', '.', $_REQUEST['package']);

require_once($sourcedir . '/Subs-Package.php');

// Load up the package FTP information?
if (isset($_SESSION['pack_ftp']))
packageRequireFTP($scripturl . '?action=packages;sa=' . $_REQUEST['sa'] . ';package=' . $_REQUEST['package']);

SlammedDime

Rebochan, as I said in the first post , please create your own support topic.

It does not look like you have the 'latest' version of smf... if the top of the file does not say SMF 1.1.7, then you do not.  Please start your own topic though.
SlammedDime
Former Lead Customizer
BitBucket Projects
GeekStorage.com Hosting
                      My Mods
SimpleSEF
Ajax Quick Reply
Sitemap
more...
                     

J-Bird

After over a month of not getting any resolution on this same problem, I found out my problem is related to the FPS theme.
If I change to the default theme , then I can make changes to the mods, and change back to FPS after.
Perhaps this may help someone else.
Love, often

gtowntalk

No go. I have reinstall 1x and 2x and tried to follow all "fixes" and none work for  me. I do want to point out that use a linux box with centos 5.2 and my own hosting software (i.e. not cpanel or any of the typicals) and therefore do not use /home/user/public_htem/site...... my sites are /var/www/username/web/site and my ftp is /web/site

When i install smf it keeps reporting that it found my path as /username/web but when i enter all  the other info on the first page of the installation it reports that that path does not exist (it does by the way) but if i remove the [/username] part and just leave [/web] it installs and looks like all is good. but none of the mods will install...i get session verif....error.

any help would be great!! :)

G6™

From first post
QuoteIf, after applying this fix, you still have the problem, please try packages on the default theme.  If the problem still persists using the default 'core' theme, please create a new topic, do not post support questions in this topic.

From 10th post

QuoteRebochan, as I said in the first post , please create your own support topic.

It does not look like you have the 'latest' version of smf... if the top of the file does not say SMF 1.1.7, then you do not.  Please start your own topic though.

slnurajar

Hi i downloaded smf 1.17 only now, is i need to follow  instructions in this topic and whether this is corected in smf 2.0 beat 4 public

SlammedDime

This will not be fixed until 1.1.8, so yes, you do need to apply this fix if you have the problem.

This currently is not needed for 2.0 Beta 4, thus the title stating 1.1.7.
SlammedDime
Former Lead Customizer
BitBucket Projects
GeekStorage.com Hosting
                      My Mods
SimpleSEF
Ajax Quick Reply
Sitemap
more...
                     


mortymoose

Thanks 4 That, I was a wee bit worried, works like a boeing!   ;)

Advertisement: