njohn Posted April 4, 2016 Share Posted April 4, 2016 Almost always getting "Security Alert Possible Cross Site Alert Forgery (CSRF) or browser back button used" when inserting images I'm NOT using back button, just "Save" It doesn't seem to happen when I reinsert the same images. Quote Link to comment Share on other sites More sharing options...
njohn Posted April 4, 2016 Author Share Posted April 4, 2016 I'm routinely adding 10-20-30 images sooo it's maddening. I've taken the routine of ADDING JUST ONE AT A TIME and going thru the process of getting back to page and reinserting the image and caption - SHEESH Quote Link to comment Share on other sites More sharing options...
bsmither Posted April 4, 2016 Share Posted April 4, 2016 If possible, please petition your hosting provider to allow you to set a PHP configuration setting: max_input_vars = 5000 In Cubecart's admin, PHP Info, scroll to the Core table and examine the current value. The default value is 1000. Uploading the images should not cause this issue. Also, there is a javascript imposed limit of four images you can upload at a time. This is so that the total bytes count of the entire POST payload does not exceed other limits set by the web server and/or PHP. Quote Link to comment Share on other sites More sharing options...
njohn Posted April 4, 2016 Author Share Posted April 4, 2016 I'll check 1 minute ago, bsmither said: If possible, please petition your hosting provider to allow you to set a PHP configuration setting: max_input_vars = 5000 I'll check and let you know the result. Thanks Php Info is blank Quote Link to comment Share on other sites More sharing options...
bsmither Posted April 4, 2016 Share Posted April 4, 2016 In CubeCart's admin, PHP Info screen, all you get is an empty area -- you still get the header and left-side navigation? Or a completely blank white page? If just a missing listing of the PHP Info settings, then it may be the case where your hosting provider has decided the PHP function, phpinfo(), poses some sort of security risk and has disabled it. To confirm, create a file named phpinfo.php and have as its contents: <?php phpinfo(); ?> Then call for this file with your browser. If this function has been disabled, you should get a warning message to that effect. Quote Link to comment Share on other sites More sharing options...
njohn Posted April 4, 2016 Author Share Posted April 4, 2016 13 minutes ago, bsmither said: To confirm, create a file named phpinfo.php and have as its contents: <?php phpinfo(); ?> Then call for this file with your browser. If this function has been disabled, you should get a warning message to that effect. Is blank also HMMMM - in another CSRF post there was mention of a possible prob with google. I tried with Firefox and haven't been able to make it happen posting 6 images Quote Link to comment Share on other sites More sharing options...
bsandall Posted April 4, 2016 Share Posted April 4, 2016 If you have multiple tabs open, it is very easy to end up with the CSRF token error message appearing, even in Firefox. With Google Chrome, you wouldn't even be able to log in with the original CSRF issue, at least from what I remember. As an alternate solution, if you have access to your server via FTP, I wrote a script that imports already-uploaded image files into the CubeCart database. Just upload your images and navigate to the script, then follow the instructions. Pretty simple and, in the spirit of CubeCart, 100% free. If your images are named after your product codes, it can auto-associate them with the product, or even multiple images per product if they are e.g. image-1, image-2, etc. Personally, I use the script in my offline staging area, then export my product and image tables and rebuild them live by running the SQL via PHPMyAdmin, but you can use the script live, too. I recommend using the 'Dry Run' feature first so you can scan the results for any issues before actually making any changes. Quote Link to comment Share on other sites More sharing options...
njohn Posted April 4, 2016 Author Share Posted April 4, 2016 2 minutes ago, bsandall said: If you have multiple tabs open, it is very easy to end up with the CSRF token error message appearing, even in Firefox. With Google Chrome, you wouldn't even be able to log in with the original CSRF issue, at least from what I remember. Thank you, I think that'll do it for me - Firefox, only cubecart tabs open Quote Link to comment Share on other sites More sharing options...
bsandall Posted April 4, 2016 Share Posted April 4, 2016 What I meant is that if you have multiple tabs open to the CubeCart admin page, e.g. viewing 2 products at once on separate tabs, then only the last tab you opened will submit correctly - the security token on all other tabs will have been invalidated, resulting in the CSRF warning. Quote Link to comment Share on other sites More sharing options...
njohn Posted April 4, 2016 Author Share Posted April 4, 2016 Thank you, Now I understand Quote Link to comment Share on other sites More sharing options...
njohn Posted April 11, 2016 Author Share Posted April 11, 2016 Turns out that if you simply click "go back" button when you get the CSRF warning it will bring you back to the edited window and when you"Save" it saves. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.