PEAK XOOPS - Re: Double click needed to reach the requested page 
TOP
>
Forum
>
XOOPS Hacks
>
Hacks
>
Double click needed to reach the requested page
>
Re: Double click needed to reach the requested page
Re: Double click needed to reach the requested page
Re: Double click needed to reach the requested page
msg# 1.1
- depth:
- 1
Previous post
-
Next post
|
Parent
-
No child
|
Posted on 2004/12/24 19:16
GIJOE
Posts: 4110
Posts: 4110
hi efla.
This is a mechanism for anti-CSRF.
It says not "No autologin ... " but "Now, loggin in ..."
There are many modules which has vulnerablities against CSRF.
If you believe that you use no CSRF-weak module, disable the protection like this:
line 213 of include/common.php
This is a mechanism for anti-CSRF.
It says not "No autologin ... " but "Now, loggin in ..."
There are many modules which has vulnerablities against CSRF.
If you believe that you use no CSRF-weak module, disable the protection like this:
line 213 of include/common.php
// autologin hack GIJ
if(empty($HTTP_SESSION_VARS['xoopsUserId']) && isset($HTTP_COOKIE_VARS['autologin_uname']) && isset($HTTP_COOKIE_VARS['autologin_pass'])) {
// redirect to XOOPS_URL/ when query string exists (anti-CSRF)
if( ! empty( $HTTP_SERVER_VARS['QUERY_STRING'] ) ) {
redirect_header( XOOPS_URL . '/' , 0 , 'Now, logging in automatically' ) ;
exit ;
}
$myts =& MyTextSanitizer::getInstance();
$uname = $myts->stripSlashesGPC($HTTP_COOKIE_VARS['autologin_uname']);
$pass = $myts->stripSlashesGPC($HTTP_COOKIE_VARS['autologin_pass']);
Votes:1
Average:10.00
Posts tree
-
Double click needed to reach the requested page
(efla, 2004/12/22 0:37)
-
Re: Double click needed to reach the requested page
(GIJOE, 2004/12/24 19:16)
-
Login