Support ⇒ Dragonfly CMS v10 ⇒ Security Code Incorrect ⇒ Community Forums ⇒ CPG Dragonfly™ CMS

Security Code Incorrect Reply to topic

hybrid Offline Joined: Apr 19, 2006 Posts: 643 Location: Sydney, Australia 0 👍 / 0 👎	Fri Nov 24, 2017 7:33 am I tried installing a new version of Dragonfly via the package manager, but it failed miserably and left me with a broken site. So I rsync'd my files back up normally and got the site back, but I'm getting a lot of Security Code Incorrect messages now when attempting to post. Which file(s) are involved in this security code checking? I will manually upload those files. Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS): Last edited by hybrid on Fri Nov 24, 2017 7:33 am; edited 1 time in total
hybrid Offline Joined: Apr 19, 2006 Posts: 643 Location: Sydney, Australia 0 👍 / 0 👎	Wed Nov 29, 2017 8:24 pm I have deleted files and re-uploaded them from my local repository. Hopefully that fixes it. I will try to avoid the package manager for now. Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
DJ Maze Offline Joined: Apr 19, 2004 Posts: 6435 Location: http://tinyurl.com/5z8dmv 0 👍 / 0 👎	Fri Dec 15, 2017 12:33 am The system should not give you a Security Code Incorrect message as there are no security codes any more. The system now uses a CSRF token. If you can provide more details about the issue, this would be welcome. Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS): Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial
hybrid Offline Joined: Apr 19, 2006 Posts: 643 Location: Sydney, Australia 0 👍 / 0 👎	Thu Dec 21, 2017 9:03 pm It seems to have settled down now, so I'm not sure what was going on there. If it comes back, I will gather some more info. Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
DJ Maze Offline Joined: Apr 19, 2004 Posts: 6435 Location: http://tinyurl.com/5z8dmv 0 👍 / 0 👎	Sun Dec 24, 2017 4:02 pm hybrid wrote I tried installing a new version of Dragonfly via the package manager, but it failed miserably and left me with a broken site. I solved this issue. It was a nasty bug bitbucket.org/dragonfl...a421510dbe fopen() used 'cb' which means the file is opened but not truncated. Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS): Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial Last edited by DJ Maze on Sun Dec 24, 2017 4:23 pm; edited 3 times in total
hybrid Offline Joined: Apr 19, 2006 Posts: 643 Location: Sydney, Australia 0 👍 / 0 👎	Thu Feb 15, 2018 11:09 am Had this issue again today when I tried to post. I'm pretty sure I remember a dev saying that Security Code isn't used any more. But I'm still getting this message at times. It's happening to me right now when I try to post. I tried closing my browser and re-opening, but it didn't make any difference. Edit: looks like a logout fixed it. I wonder what is causing it. Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
DJ Maze Offline Joined: Apr 19, 2004 Posts: 6435 Location: http://tinyurl.com/5z8dmv 0 👍 / 0 👎	Thu Feb 15, 2018 4:12 pm There is only 1 place where it happens and that is in /modules/Forums/posting.php `switch ($mode) { case 'newtopic': case 'reply': if (!\Dragonfly\Output\Captcha::validate($_POST)) { $error = true; \Poodle\Notify::error(_SECURITYCODE.' incorrect');` You must have a php session or browser cookies conflict or javascript disabled. Check in your browser debugger Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS): Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial Last edited by DJ Maze on Thu Feb 15, 2018 4:13 pm; edited 1 time in total
hybrid Offline Joined: Apr 19, 2006 Posts: 643 Location: Sydney, Australia 0 👍 / 0 👎	Fri Feb 16, 2018 8:32 pm So this can happen even if captcha isn't used? Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
DJ Maze Offline Joined: Apr 19, 2004 Posts: 6435 Location: http://tinyurl.com/5z8dmv 0 👍 / 0 👎	Sun Feb 18, 2018 9:43 am yes Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS): Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial
hybrid Offline Joined: Apr 19, 2006 Posts: 643 Location: Sydney, Australia 0 👍 / 0 👎	Sun Feb 18, 2018 8:57 pm I think it might be this: [4996:12096:0219/072921.139:INFO:CONSOLE(0)] "Error parsing header X-XSS-Protection: 1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube: insecure reporting URL for secure page at character position 22. The default protections will be applied.", source: https://www.youtube.com/embed/oE_JQJ5rGLc?autoplay=0&origin=http://www.mustangtech.com.au (0) [4996:12096:0219/072921.139:INFO:CONSOLE(163)] "Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://accounts.google.com') does not match the recipient window's origin ('http://www.mustangtech.com.au').", source: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_GB.E0MnMKUgMVk.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=IA/rs=AGLTcCOs6LwZ-qw468uETpiEuI6HOqoFpg/cb=gapi.loaded_0 (163) So maybe having an embedded youtube video can stop the entire post? That sounds a bit strange. I also tried switching to https on my site, but it still showed the "origin" has www.mustangtech.com.au. Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
hybrid Offline Joined: Apr 19, 2006 Posts: 643 Location: Sydney, Australia 1 👍 / 0 👎	Mon Feb 19, 2018 5:09 am bugs.chromium.org/p/ch...?id=807304 Edit: confirmed it works OK in IE, so I think this is definitely a chromium bug. Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS): Last edited by hybrid on Mon Feb 19, 2018 5:20 am; edited 1 time in total
DJ Maze Offline Joined: Apr 19, 2004 Posts: 6435 Location: http://tinyurl.com/5z8dmv 0 👍 / 0 👎	Wed Feb 21, 2018 12:18 am Wow good find! Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS): Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial
All times are UTC Post new topic Reply to topic Forum Index ⇒ Dragonfly CMS v10 Page 1 of 1