XF 1.1 Disable "Security error occurred" Error

DBA · Jan 23, 2012

How would I prevent this error from showing, besides fixing it of course.

Code:

Security error occurred. Please press back, refresh the page, and try again.

Mike · Jan 23, 2012

Fixing it is really the only option without hacking the code. (Though I'm curious *why* you're running into it.)

DBA · Jan 23, 2012

It's thanks to the xFShout (chatbox), I tried reaching out to the dev's, but got no response (even offered to pay). If it was the core (xf) causing the issue then I'd be more concerned about fixing it.

What template is the overlay in?

Jake Bunce · Jan 23, 2012

If you want to suppress the error then you should just get rid of the check. The check can be overridden in your controller if you don't want to enforce it for specific actions. See this post:

http://xenforo.com/community/threads/having-issue-with-security-token-and-paypal.20657/#post-263878

Or you can fix the error. xFShout probably forgot to include the token in a form. Here is an example of a form with a security token:

Admin CP -> Appearance -> Templates -> helper_login_form

Rich (BB code):

	<xen:if is="{$xenOptions.facebookAppId}">
		<xen:require css="facebook.css" />
		<dl class="ctrlUnit">
			<dt></dt>
			<dd><a href="{xen:link register/facebook, '', 'reg=1'}" class="fbLogin"><span>{xen:phrase login_with_facebook}</span></a></dd>
		</dl>
	</xen:if>
	
	<input type="hidden" name="cookie_check" value="1" />
	<input type="hidden" name="redirect" value="{xen:if $redirect, $redirect, $requestPaths.requestUri}" />
	<input type="hidden" name="_xfToken" value="{$visitor.csrf_token_page}" />

</form>

DBA · Jan 23, 2012

Hmm, thanks guys, I'll have to poke around with this some more.

Sheldon · May 14, 2012

Jake Bunce said:
If you want to suppress the error then you should just get rid of the check. The check can be overridden in your controller if you don't want to enforce it for specific actions. See this post:

http://xenforo.com/community/threads/having-issue-with-security-token-and-paypal.20657/#post-263878

Or you can fix the error. xFShout probably forgot to include the token in a form. Here is an example of a form with a security token:

Admin CP -> Appearance -> Templates -> helper_login_form

Rich (BB code):

<xen:if is="{$xenOptions.facebookAppId}"> <xen:require css="facebook.css" /> <dl class="ctrlUnit"> <dt></dt> <dd><a href="{xen:link register/facebook, '', 'reg=1'}" class="fbLogin"><span>{xen:phrase login_with_facebook}</span></a></dd> </dl> </xen:if> <input type="hidden" name="cookie_check" value="1" /> <input type="hidden" name="redirect" value="{xen:if $redirect, $redirect, $requestPaths.requestUri}" /> <input type="hidden" name="_xfToken" value="{$visitor.csrf_token_page}" /> </form>

Jake, how would I go about finding where to insert that into xFShout... ? Would it just be added into the template?

Jake Bunce · May 15, 2012

Look through the templates for that addon. You need to find the form that is generating the error and add that security token to the form.

Sheldon · May 15, 2012

Jake, this is about the only thing in the template I could find that would be of use:

Code:

<div class="section sectionMain">
    <form id="xFShout{$instance.instance_id}" action="{xen:link 'xfshout/add'}" method="post">
 
    <table class="dataTable">
   
        <col style="width:100%; word-wrap:normal;" />
   
        <tr class="dataRow">
            <th style="margin-top: -4px; font-size: 14px; background-color: #1a3f7f" valign="top" >
<div id="dbtech_xfshout_sticky{$instance.instance_id}"<xen:if is="{$permissions.cansetsticky}"> ondblclick="XenForo.xFShout{$instance.instance_id}.editSticky();"</xen:if>>{xen:raw $instance.sticky_parsed}</th>
        </tr>
               
        <xen:if is="{$permissions.canshout}">
        <tr class="dataRow">
            <td valign="top">
            <input type="hidden" name="_xfToken" value="{$visitor.csrf_token_page}" />
            <input type="hidden" name="_instance_id" value="{$instance.instance_id}" />
            <input type="hidden" name="_sticky" value="{xen:raw $instance.sticky}" />

Now, just copy/paste that line to the bottom?

Sheldon · May 15, 2012

And looking above, it seems to already be inside that template. I have one other template with this xFShout, but I didn't think it would be relevant.

Jake Bunce · May 16, 2012

I can take a look if you give me FTP and admin access. I can examine the addon and find where the token is missing. I will need instructions to reproduce the error though.

XF 1.1 Disable "Security error occurred" Error

DBA

Well-known member

Mike

XenForo developer

DBA

Well-known member

Jake Bunce

Well-known member

DBA

Well-known member

Sheldon

Well-known member

Jake Bunce

Well-known member

Sheldon

Well-known member

Sheldon

Well-known member

Jake Bunce

Well-known member

Similar threads

We value your privacy