• Welcome to the Chevereto user community!

    Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.

    Please keep in mind:

    • 😌 This community is user driven. Be polite with other users.
    • 👉 Is required to purchase a Chevereto license to participate in this community (doesn't apply to Pre-sales).
    • 💸 Purchase a Pro Subscription to get access to active software support and faster ticket response times.

No image have been uploaded Some errors have occured and the system couldn't pro

Status
Not open for further replies.

xpnxglx

Chevereto Member
Website URL
<private>

Chevereto version
3.8.13

Description of the issue
No image have been uploaded
Some errors have occured and the system couldn't process your request.


Hello,

Thank you for the update!

We have reviewed this and it seems that the issue is with the generated tokens from the application, this is the code generating the issue:

// CSRF protection

if(!$handler::checkAuthToken($_REQUEST['auth_token'])) {

throw new Exception(_s('Request denied'), 400);

}


When we change this to the following it works fine:

/ CSRF protection

if($handler::checkAuthToken($_REQUEST['auth_token'])) {

throw new Exception(_s('Request denied'), 400);

}


However, this may be a security breach due to this we have only tested this, the following is the file where this code resides:

/home/patucom/www/app/routes/route.json.php

Please contact Cheveretto and provide them with this information so they may inform you how we may resolve this issue without changing the way of how this tokens work.

We will be waiting for your response at your earliest convenience.

Best Regards,

Ned Johnson
System Administrator
TMDHosting.com
 
The request token is stored in a session and if doesn't work is because sessions are not working properly.

Could be session cache, slow hardware, a server conflict.

In any case, it is not a script issue.
 
没有上传图像
有些错误发生,系统无法处理您的请求。

经常发生这种情况,我该如何解决?
 
Status
Not open for further replies.
Back
Top