No image have been uploaded Some errors have occured and the system couldn't pro

[xpnxglx]

Website URL
<private>

Chevereto version
3.8.13

Description of the issue
No image have been uploaded
Some errors have occured and the system couldn't process your request.


Hello,

Thank you for the update!

We have reviewed this and it seems that the issue is with the generated tokens from the application, this is the code generating the issue:

// CSRF protection

if(!$handler::checkAuthToken($_REQUEST['auth_token'])) {

throw new Exception(_s('Request denied'), 400);

}


When we change this to the following it works fine:

/ CSRF protection

if($handler::checkAuthToken($_REQUEST['auth_token'])) {

throw new Exception(_s('Request denied'), 400);

}


However, this may be a security breach due to this we have only tested this, the following is the file where this code resides:

/home/patucom/www/app/routes/route.json.php

Please contact Cheveretto and provide them with this information so they may inform you how we may resolve this issue without changing the way of how this tokens work.

We will be waiting for your response at your earliest convenience.

Best Regards,

Ned Johnson
System Administrator
TMDHosting.com

 

[Rodolfo]

The request token is stored in a session and if doesn't work is because sessions are not working properly.

Could be session cache, slow hardware, a server conflict.

In any case, it is not a script issue.

 

[xpnxglx]

没有上传图像
有些错误发生，系统无法处理您的请求。

经常发生这种情况，我该如何解决？