PeteRollo Posted March 22, 2016 Share Posted March 22, 2016 Every time I browse and find my logo file, I then go to "save" Cubecart keeps taking me back to the dashboard with the following message: "Security Alert : Possible cross-site request forgery or browser back button used. I didn't do anything other than press the save button on the logo page after browsing for my logo (jpg and png's tried). I have tried other small jpegs too but have the same problem. I am using the latest v6. I must admit that I'm a novice to this software but I have set up most things on it such as the homepage. Here's what I have at the moment Link and a screen capture. Any help appreciated. Thanks Quote Link to comment Share on other sites More sharing options...
bsmither Posted March 22, 2016 Share Posted March 22, 2016 Welcome PeteRollo! Glad to see you made it to the forums. CC6 uses a "security token" that assures the form data submitted is from a form most recently delivered to your browser. Thus, if you have two web browser windows (or tabs) open, and submit data from the one form, the data having been submitted from the second form is rejected because the security token was used and is no longer valid. Losing the security token can also happen when all the other form data exceeds a limit imposed by PHP. Be aware that in CubeCart's admin, all of the tabs across the top of the settings screens are really just visible portions of a much larger page. That is, in Store Settings, all tabs from General to Copyright (and more if plugins are involved) represent sections of a very long page, and all sections are within one form. Thus, when clicking the Save button, you are submitting all the data entered on all the tabs. The typical limit imposed by PHP is 1000 form elements. There isn't that many elements on the Store Settings screens. We must determine if there is an artificially low limit set for PHP. In admin, at the bottom of the left side navigation panel, click PHP Info. Scroll to the Core table. Find the row for 'max_input_vars'. It should say 1000. Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted March 22, 2016 Share Posted March 22, 2016 @bsmither I read PeteRollo's, but knew I'd better leave the resolution to you or someone way more advanced than I am. But I did notice that the link url to his store looks odd to me. Please check that, if you haven't already, just in case there is perhaps an issue there. Quote Link to comment Share on other sites More sharing options...
PeteRollo Posted March 23, 2016 Author Share Posted March 23, 2016 18 hours ago, bsmither said: Welcome PeteRollo! Glad to see you made it to the forums. CC6 uses a "security token" that assures the form data submitted is from a form most recently delivered to your browser. Thus, if you have two web browser windows (or tabs) open, and submit data from the one form, the data having been submitted from the second form is rejected because the security token was used and is no longer valid. Losing the security token can also happen when all the other form data exceeds a limit imposed by PHP. Be aware that in CubeCart's admin, all of the tabs across the top of the settings screens are really just visible portions of a much larger page. That is, in Store Settings, all tabs from General to Copyright (and more if plugins are involved) represent sections of a very long page, and all sections are within one form. Thus, when clicking the Save button, you are submitting all the data entered on all the tabs. The typical limit imposed by PHP is 1000 form elements. There isn't that many elements on the Store Settings screens. We must determine if there is an artificially low limit set for PHP. In admin, at the bottom of the left side navigation panel, click PHP Info. Scroll to the Core table. Find the row for 'max_input_vars'. It should say 1000. Hi - I have found that the 'max_input_vars' is only set to 100 and not 1000 What needs to be done?? Further, if it helps get to the bottom of the problem 1) I can still upload photos in the images section 2) I modified the homepage, to include a typical postcard and some text. For a while I got that message and jump back there too. It seems ok now. 3) I have included hundreds of categories because the categories are being used to designate continents, countries, counties and towns/cities for the postcards 4) At the moment I have installed cube cart in a sub-domain of the website, so that I can trial/test it without disturbing the main website name. Is this ok? 5) In total I (presently) have 5gb of overall space with only just over 1gb used. Thank you for your comments to date Quote Link to comment Share on other sites More sharing options...
bsmither Posted March 23, 2016 Share Posted March 23, 2016 "the 'max_input_vars' is only set to 100 and not 1000" This setting is critically low. If you are being hosted by a third-party, please have them make the adjustment to the 'max_input_vars' value in your hosting account's PHP.INI file. If you have complete control of your server, then it is you who may have that responsibility. (Although, if it is your server, that setting wouldn't be what it is at. Unless you made some sort of silly mistake when installing PHP.) Quote Link to comment Share on other sites More sharing options...
PeteRollo Posted March 24, 2016 Author Share Posted March 24, 2016 Thanks for the info. I will contact the hosting provider and request the setting to be changed to 1000 Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted March 24, 2016 Share Posted March 24, 2016 3 hours ago, PeteRollo said: Thanks for the info. I will contact the hosting provider and request the setting to be changed to 1000 It is possible that they made a mistake when configuring the setting although the default is 1000 so sounds like they specifically changed it in which case they will probably not change it back although that does seem a stupidly low value. Many of the cheaper end hosts are reducing a whole variety of php and server properties in their ever increasing need to cram as many sites onto each of their servers as possible - it will be interesting to see how they respond, let's hope it was a typo on their part as that level will cause multiple other problems as well Ian Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.