• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.1 Disable "Security error occurred" Error

DBA

Well-known member
#1
How would I prevent this error from showing, besides fixing it of course. :p

Code:
Security error occurred. Please press back, refresh the page, and try again.
 

Mike

XenForo developer
Staff member
#2
Fixing it is really the only option without hacking the code. (Though I'm curious *why* you're running into it.)
 

DBA

Well-known member
#3
It's thanks to the xFShout (chatbox), I tried reaching out to the dev's, but got no response (even offered to pay). If it was the core (xf) causing the issue then I'd be more concerned about fixing it.

What template is the overlay in?
 

Jake Bunce

XenForo moderator
Staff member
#4
If you want to suppress the error then you should just get rid of the check. The check can be overridden in your controller if you don't want to enforce it for specific actions. See this post:

http://xenforo.com/community/threads/having-issue-with-security-token-and-paypal.20657/#post-263878

Or you can fix the error. xFShout probably forgot to include the token in a form. Here is an example of a form with a security token:

Admin CP -> Appearance -> Templates -> helper_login_form

Code:
	<xen:if is="{$xenOptions.facebookAppId}">
		<xen:require css="facebook.css" />
		<dl class="ctrlUnit">
			<dt></dt>
			<dd><a href="{xen:link register/facebook, '', 'reg=1'}" class="fbLogin"><span>{xen:phrase login_with_facebook}</span></a></dd>
		</dl>
	</xen:if>
	
	<input type="hidden" name="cookie_check" value="1" />
	<input type="hidden" name="redirect" value="{xen:if $redirect, $redirect, $requestPaths.requestUri}" />
	<input type="hidden" name="_xfToken" value="{$visitor.csrf_token_page}" />

</form>
 

Sheldon

Well-known member
#6
If you want to suppress the error then you should just get rid of the check. The check can be overridden in your controller if you don't want to enforce it for specific actions. See this post:

http://xenforo.com/community/threads/having-issue-with-security-token-and-paypal.20657/#post-263878

Or you can fix the error. xFShout probably forgot to include the token in a form. Here is an example of a form with a security token:

Admin CP -> Appearance -> Templates -> helper_login_form

Code:
<xen:if is="{$xenOptions.facebookAppId}">
<xen:require css="facebook.css" />
<dl class="ctrlUnit">
<dt></dt>
<dd><a href="{xen:link register/facebook, '', 'reg=1'}" class="fbLogin"><span>{xen:phrase login_with_facebook}</span></a></dd>
</dl>
</xen:if>
 
<input type="hidden" name="cookie_check" value="1" />
<input type="hidden" name="redirect" value="{xen:if $redirect, $redirect, $requestPaths.requestUri}" />
<input type="hidden" name="_xfToken" value="{$visitor.csrf_token_page}" />
 
</form>

Jake, how would I go about finding where to insert that into xFShout... ? Would it just be added into the template?
 

Jake Bunce

XenForo moderator
Staff member
#7
Look through the templates for that addon. You need to find the form that is generating the error and add that security token to the form.
 

Sheldon

Well-known member
#8
Jake, this is about the only thing in the template I could find that would be of use:

Code:
<div class="section sectionMain">
    <form id="xFShout{$instance.instance_id}" action="{xen:link 'xfshout/add'}" method="post">
 
    <table class="dataTable">
   
        <col style="width:100%; word-wrap:normal;" />
   
        <tr class="dataRow">
            <th style="margin-top: -4px; font-size: 14px; background-color: #1a3f7f" valign="top" >
<div id="dbtech_xfshout_sticky{$instance.instance_id}"<xen:if is="{$permissions.cansetsticky}"> ondblclick="XenForo.xFShout{$instance.instance_id}.editSticky();"</xen:if>>{xen:raw $instance.sticky_parsed}</th>
        </tr>
               
        <xen:if is="{$permissions.canshout}">
        <tr class="dataRow">
            <td valign="top">
            <input type="hidden" name="_xfToken" value="{$visitor.csrf_token_page}" />
            <input type="hidden" name="_instance_id" value="{$instance.instance_id}" />
            <input type="hidden" name="_sticky" value="{xen:raw $instance.sticky}" />
Now, just copy/paste that line to the bottom?
 

Sheldon

Well-known member
#9
And looking above, it seems to already be inside that template. I have one other template with this xFShout, but I didn't think it would be relevant.
 

Jake Bunce

XenForo moderator
Staff member
#10
I can take a look if you give me FTP and admin access. I can examine the addon and find where the token is missing. I will need instructions to reproduce the error though.