1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.1 Disable "Security error occurred" Error

Discussion in 'Troubleshooting and Problems' started by DBA, Jan 23, 2012.

  1. DBA

    DBA Well-Known Member

    How would I prevent this error from showing, besides fixing it of course. :p

    Code:
    Security error occurred. Please press back, refresh the page, and try again.
     
  2. Mike

    Mike XenForo Developer Staff Member

    Fixing it is really the only option without hacking the code. (Though I'm curious *why* you're running into it.)
     
  3. DBA

    DBA Well-Known Member

    It's thanks to the xFShout (chatbox), I tried reaching out to the dev's, but got no response (even offered to pay). If it was the core (xf) causing the issue then I'd be more concerned about fixing it.

    What template is the overlay in?
     
  4. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    If you want to suppress the error then you should just get rid of the check. The check can be overridden in your controller if you don't want to enforce it for specific actions. See this post:

    http://xenforo.com/community/threads/having-issue-with-security-token-and-paypal.20657/#post-263878

    Or you can fix the error. xFShout probably forgot to include the token in a form. Here is an example of a form with a security token:

    Admin CP -> Appearance -> Templates -> helper_login_form

    Code:
    	<xen:if is="{$xenOptions.facebookAppId}">
    		<xen:require css="facebook.css" />
    		<dl class="ctrlUnit">
    			<dt></dt>
    			<dd><a href="{xen:link register/facebook, '', 'reg=1'}" class="fbLogin"><span>{xen:phrase login_with_facebook}</span></a></dd>
    		</dl>
    	</xen:if>
    	
    	<input type="hidden" name="cookie_check" value="1" />
    	<input type="hidden" name="redirect" value="{xen:if $redirect, $redirect, $requestPaths.requestUri}" />
    	<input type="hidden" name="_xfToken" value="{$visitor.csrf_token_page}" />
    
    </form>
    
     
    CNK likes this.
  5. DBA

    DBA Well-Known Member

    Hmm, thanks guys, I'll have to poke around with this some more.
     
  6. Sheldon

    Sheldon Well-Known Member


    Jake, how would I go about finding where to insert that into xFShout... ? Would it just be added into the template?
     
  7. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    Look through the templates for that addon. You need to find the form that is generating the error and add that security token to the form.
     
  8. Sheldon

    Sheldon Well-Known Member

    Jake, this is about the only thing in the template I could find that would be of use:

    Code:
    <div class="section sectionMain">
        <form id="xFShout{$instance.instance_id}" action="{xen:link 'xfshout/add'}" method="post">
     
        <table class="dataTable">
       
            <col style="width:100%; word-wrap:normal;" />
       
            <tr class="dataRow">
                <th style="margin-top: -4px; font-size: 14px; background-color: #1a3f7f" valign="top" >
    <div id="dbtech_xfshout_sticky{$instance.instance_id}"<xen:if is="{$permissions.cansetsticky}"> ondblclick="XenForo.xFShout{$instance.instance_id}.editSticky();"</xen:if>>{xen:raw $instance.sticky_parsed}</th>
            </tr>
                   
            <xen:if is="{$permissions.canshout}">
            <tr class="dataRow">
                <td valign="top">
                <input type="hidden" name="_xfToken" value="{$visitor.csrf_token_page}" />
                <input type="hidden" name="_instance_id" value="{$instance.instance_id}" />
                <input type="hidden" name="_sticky" value="{xen:raw $instance.sticky}" />
    Now, just copy/paste that line to the bottom?
     
  9. Sheldon

    Sheldon Well-Known Member

    And looking above, it seems to already be inside that template. I have one other template with this xFShout, but I didn't think it would be relevant.
     
  10. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    I can take a look if you give me FTP and admin access. I can examine the addon and find where the token is missing. I will need instructions to reproduce the error though.
     

Share This Page