I tried installing a new version of Dragonfly via the package manager, but it failed miserably and left me with a broken site.
So I rsync'd my files back up normally and got the site back, but I'm getting a lot of Security Code Incorrect messages now when attempting to post.
Which file(s) are involved in this security code checking? I will manually upload those files.
Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Last edited by hybrid on Fri Nov 24, 2017 7:33 am; edited 1 time in total
hybridOffline
Joined: Apr 19, 2006
Posts: 585
Location: Sydney, Australia
There is only 1 place where it happens and that is in /modules/Forums/posting.php switch ($mode)
{
case 'newtopic':
case 'reply':
if (!\Dragonfly\Output\Captcha::validate($_POST)) {
$error = true;
\Poodle\Notify::error(_SECURITYCODE.' incorrect');
You must have a php session or browser cookies conflict or javascript disabled.
Check in your browser debugger
Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial
Last edited by DJ Maze on Thu Feb 15, 2018 4:13 pm; edited 1 time in total
hybridOffline
Joined: Apr 19, 2006
Posts: 585
Location: Sydney, Australia
[4996:12096:0219/072921.139:INFO:CONSOLE(0)] "Error parsing header X-XSS-Protection: 1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube: insecure reporting URL for secure page at character position 22. The default protections will be applied.", source: https://www.youtube.com/embed/oE_JQJ5rGLc?autoplay=0&origin=http://www.mustangtech.com.au (0)
[4996:12096:0219/072921.139:INFO:CONSOLE(163)] "Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://accounts.google.com') does not match the recipient window's origin ('http://www.mustangtech.com.au').", source: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_GB.E0MnMKUgMVk.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=IA/rs=AGLTcCOs6LwZ-qw468uETpiEuI6HOqoFpg/cb=gapi.loaded_0 (163)
So maybe having an embedded youtube video can stop the entire post? That sounds a bit strange.
I also tried switching to https on my site, but it still showed the "origin" has www.mustangtech.com.au.
Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
hybridOffline
Joined: Apr 19, 2006
Posts: 585
Location: Sydney, Australia