HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

NEW critical security update: Vanilla 2.6.3

2»

Comments

  • Okay, thanks for the idea. I'm going to test it out first on dev mode.

  • Couldn't upgrade to 2.6.3 from 2.6.1 successfully using Filezilla - had to keep rolling back. Tried WinSCP instead and it worked perfectly.

  • @Vivant said:
    Couldn't upgrade to 2.6.3 from 2.6.1 successfully using Filezilla - had to keep rolling back. Tried WinSCP instead and it worked perfectly.

    I'd compare settings between the two. Filezilla isn't deficient, but FTP settings can be very finicky. Folder vs file overwrites, hidden files, and other variables can determine behavior.

  • It's strange because I've been using FileZilla for years without an issue - just this release for some reason.

  • @Vivant said:
    It's strange because I've been using FileZilla for years without an issue - just this release for some reason.

    I'm afraid only one of us has FileZilla to determine the root cause of that one. :)

  • When I try to access the notification area, this message appears:

    "The CSRF token is not valid. Please try again."

    Can you help me?

  • LincLinc Admin
    edited October 2018

    @thiagogoedert said:
    "The CSRF token is not valid. Please try again."

    I think your theme needs an update.

    Check out this update to the MeModule's view, me.php.

    It's possible your theme also has a me.php (or some other way of displaying the notifications menu) that needs the transient key added to it like that.

    Note the line above it where the transient key is first retrieved, too!

    If I were gonna try and hack it, I'd search for /notificationspopin in your theme, and replace it with /notificationspopin?TransientKey='.htmlspecialchars(urlencode(Gdn::session()->transientKey())).

  • @Linc said:

    @thiagogoedert said:
    "The CSRF token is not valid. Please try again."

    I think your theme needs an update.

    Check out this update to the MeModule's view, me.php.

    It's possible your theme also has a me.php (or some other way of displaying the notifications menu) that needs the transient key added to it like that.

    Note the line above it where the transient key is first retrieved, too!

    If I were gonna try and hack it, I'd search for /notificationspopin in your theme, and replace it with /notificationspopin?TransientKey='.htmlspecialchars(urlencode(Gdn::session()->transientKey())).

    Did not work :(

  • @thiagogoedert said:

    @Linc said:

    @thiagogoedert said:
    "The CSRF token is not valid. Please try again."

    I think your theme needs an update.

    Check out this update to the MeModule's view, me.php.

    It's possible your theme also has a me.php (or some other way of displaying the notifications menu) that needs the transient key added to it like that.

    Note the line above it where the transient key is first retrieved, too!

    If I were gonna try and hack it, I'd search for /notificationspopin in your theme, and replace it with /notificationspopin?TransientKey='.htmlspecialchars(urlencode(Gdn::session()->transientKey())).

    Did not work :(

    It would be really helpful if you mentioned the name of the theme you have installed on your forum, or if it is a theme created by you then you could create a new thread asking for help on it and mentioning what you have done (debugging process).

  • edited October 2018

    @Linc said:

    @thiagogoedert said:
    "The CSRF token is not valid. Please try again."

    I think your theme needs an update.

    Check out this update to the MeModule's view, me.php.

    It's possible your theme also has a me.php (or some other way of displaying the notifications menu) that needs the transient key added to it like that.

    Note the line above it where the transient key is first retrieved, too!

    I had a theme that gave this error when viewing the notification flyout in the MeModule and adding these transient key changes to the theme fixed it for me.

    Add Pages to Vanilla with the Basic Pages app

Sign In or Register to comment.