cubicsquare Posted September 24, 2021 Share Posted September 24, 2021 Hi there, I'm trying to set up courier rates but keep having all my input undone when l save it and end up with the following alert: "Security Alert: Possible Cross-Site Request Forgery (CSRF). Please do not use multiple tabs/windows or the browser back button. Learn more." Even when l have just one tab open. Even when l log out, log back in. Even when l restart computer. It's preventing me from inputting courier rates via the All-in-One Shipping extension (which l otherwise love btw). Link to comment Share on other sites More sharing options...
bsmither Posted September 24, 2021 Share Posted September 24, 2021 I think that happens when the security token, included as one of all the form's submitted elements, does not get seen by CubeCart. This can happen if there are many, many, many data items being saved. It is known that when the AIOS module adds another shipping zone, and adds more shipping rules per zone, the number of form elements that gets POSTed increases exponentially. Thus, eventually the number of form element data items in POST hits a 1000 count limit (imposed by PHP). Please see the following issues in the Github: https://github.com/cubecart/v6/issues/1550 https://github.com/cubecart/v6/issues/1500 https://github.com/cubecart/v6/issues/2391 https://github.com/cubecart/v6/issues/365 Link to comment Share on other sites More sharing options...
Al Brookbanks Posted September 24, 2021 Share Posted September 24, 2021 The work around is to increase the max_input_vars parameter. Link to comment Share on other sites More sharing options...
cubicsquare Posted September 24, 2021 Author Share Posted September 24, 2021 Thanks guys. Is there any workaround l can implement as a mere end user? I was hoping for something l could tweak directly, as Al Brookbanks suggested. However l don't know how to do that specific tweak, and it looks like a database tweak, which creeps me out. Do you have a foolproof step by step guide to do it? Link to comment Share on other sites More sharing options...
bsmither Posted September 24, 2021 Share Posted September 24, 2021 The PHP setting 'max_input_vars' can be easily set by the user in either of two places: the .htaccess file, or a special .user.php file. I do not know if any web server other than Apache will honor a PHP directive in the .htaccess file, but to do this: Using a programmer's text editor, add the following statement at the end of the file: php_value max_input_vars 25000 If your hosting provider offers you a control panel to manage your site, there will be a File Manager, and within that tool will be a means to edit files. To see if the directive was honored by the web server and thus instructed PHP to use this value, in admin, PHP Info (bottom of the Nav panel), scroll to the Core table and note the value for 'max_input_vars'. Link to comment Share on other sites More sharing options...
Al Brookbanks Posted September 24, 2021 Share Posted September 24, 2021 Just now, bsmither said: The PHP setting 'max_input_vars' can be easily set by the user in either of two places: the .htaccess file, or a special .user.php file. I do not know if any web server other than Apache will honor a PHP directive in the .htaccess file, but to do this: Using a programmer's text editor, add the following statement at the end of the file: php_value max_input_vars 25000 If your hosting provider offers you a control panel to manage your site, there will be a File Manager, and within that tool will be a means to edit files. To see if the directive was honored by the web server and thus instructed PHP to use this value, in admin, PHP Info (bottom of the Nav panel), scroll to the Core table and note the value for 'max_input_vars'. Can it? Not all hosts allow these settings to be changed. Worth a go though. Link to comment Share on other sites More sharing options...
cubicsquare Posted September 25, 2021 Author Share Posted September 25, 2021 Blah, i just got a 500 internal server error instead of my shop login screen (l inserted php_value max_input_vars 25000 at the end of the .htaccess file). Sigh. Link to comment Share on other sites More sharing options...
bsmither Posted September 25, 2021 Share Posted September 25, 2021 Then either your Apache web server is not controlling PHP, or your site is using a web server that is something other than Apache. Therefore, remove that statement from .htaccess. Instead, let's try this: create a new file named .user.php (note the first character is a period) in the same main folder as CubeCart's index.php file, and its contents will be: max_input_vars = 25000 Link to comment Share on other sites More sharing options...
cubicsquare Posted September 26, 2021 Author Share Posted September 26, 2021 OK thanks, l've done it. I was using a hosted WordPress server but it was still possible to upload the file as you directed. The login screen appears as normal. Hopefully when l return to editing postage rates, there will be no more , or fewer , cross site forgery false positives. Link to comment Share on other sites More sharing options...
bsmither Posted September 26, 2021 Share Posted September 26, 2021 To see if the instruction in .user.php was implemented, in admin, PHP Info (link found at the bottom of the Nav panel), scroll to the Core table and note the value for 'max_input_vars'. Link to comment Share on other sites More sharing options...
cubicsquare Posted September 26, 2021 Author Share Posted September 26, 2021 Hi there, phpinfo.php just has one line: <?php phpinfo(); ?> There's no Core Table, l don't know how access that. I can only browse the file directories. It's a hosted WP account. Link to comment Share on other sites More sharing options...
bsmither Posted September 26, 2021 Share Posted September 26, 2021 In CubeCart's administration, the left side panel has a stack of links that will take you to various administrative screens to perform administrative tasks. At the bottom of CubeCart's admin navigation panel is PHP Info. Click on this link. You will now see a series of tables that reveal many settings that PHP is operating under. Link to comment Share on other sites More sharing options...
cubicsquare Posted September 26, 2021 Author Share Posted September 26, 2021 Hi there thanks! Local and Master values are now 1000 I'm guessing it therefore didn't work, because we're trying to raise it to 2500 Link to comment Share on other sites More sharing options...
bsmither Posted September 26, 2021 Share Posted September 26, 2021 I am so sorry -- my bad. Wrong filename. Instead, let's try this: create a new file named .user.ini (note the first character is a period) -- not .user.php. Its contents will be: max_input_vars = 25000 Link to comment Share on other sites More sharing options...
cubicsquare Posted September 27, 2021 Author Share Posted September 27, 2021 Hi there, thanks, l just changed the name to .user.ini and it appears to be working. The Core table gives the Max. Input Vars as: Local: 25,000 Master: 1,000 I guess it worked then? Am i okay to leave it like this or would i be better off removing this .user.ini file once l'm done updating postage rates? Link to comment Share on other sites More sharing options...
bsmither Posted September 27, 2021 Share Posted September 27, 2021 Please leave it. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.