Topic Poll Module
Posted by Maurice Makaay
Re: Topic Poll Module October 26, 2010 10:32PM |
Registered: 14 years ago Posts: 62 |
October 27, 2010 12:17AM |
Moderator Registered: 18 years ago Posts: 1,301 |
To make future upgrades easier, I would suggest putting the line change (and line number) in a {your_site_name}_changes.txt file within the module's folder on your server. Then you can easily recreate the changes in the future.
Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald
Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald
October 27, 2010 08:40AM |
Admin Registered: 20 years ago Posts: 8,532 |
POST_URL is not part of my templates, so I guess you did a template change as well, by adding {POLL->POST_URL} to the template as the form action parameter.
I updated the package to include this URL. The default templates use the updated action parameter by default now. Note that voting_results.tpl was also updated to use this action URL.
Try topic poll v.1.0.19 to see if the package fits your use case now.
This thread is about the Phorum 5.1 version of the module. Check the Phorum 5.2 module forum for the updated package.
Maurice Makaay
Phorum Development Team
my blog
linkedin profile
secret sauce
Edited 1 time(s). Last edit at 10/27/2010 08:42AM by Maurice Makaay.
I updated the package to include this URL. The default templates use the updated action parameter by default now. Note that voting_results.tpl was also updated to use this action URL.
Try topic poll v.1.0.19 to see if the package fits your use case now.
This thread is about the Phorum 5.1 version of the module. Check the Phorum 5.2 module forum for the updated package.
Maurice Makaay
Phorum Development Team



Edited 1 time(s). Last edit at 10/27/2010 08:42AM by Maurice Makaay.
Re: Topic Poll Module October 27, 2010 05:13PM |
Registered: 14 years ago Posts: 62 |
The version I had did not have a url in the post action. I'll take a look at the updated topic poll. Thanks!
- Vote revoking only revokes the vote for the first post in list.php regardless of which revoke vote button you click in any message.
- I inserted {POLL->POST_URL} into the post action in voting_results.tpl to fix it.
Edited 6 time(s). Last edit at 10/27/2010 05:37PM by Meadock.
- Vote revoking only revokes the vote for the first post in list.php regardless of which revoke vote button you click in any message.
- I inserted {POLL->POST_URL} into the post action in voting_results.tpl to fix it.
Edited 6 time(s). Last edit at 10/27/2010 05:37PM by Meadock.
Re: Topic Poll Module October 28, 2010 08:20PM |
Registered: 14 years ago Posts: 62 |
Ok, so I don't know what I did, or if it had to do with upgrading to the latest version of topic poll, but now I'm getting an error message that reads "Possible hack attempt detected. The posted form data was rejected."
{POST_VARS} outputs <input type="hidden" name="forum_id" value="2" /> and <input type="hidden" name="posting_token:post" value="33e185e306259b0a99ffa2ba7b34bbbf"/> on read.php, but only <input type="hidden" name="forum_id" value="2" /> on list.php
Does this have to do with the newer version of topic poll or did I manage to goof something up with my template? Thanks.
{POST_VARS} outputs <input type="hidden" name="forum_id" value="2" /> and <input type="hidden" name="posting_token:post" value="33e185e306259b0a99ffa2ba7b34bbbf"/> on read.php, but only <input type="hidden" name="forum_id" value="2" /> on list.php
Does this have to do with the newer version of topic poll or did I manage to goof something up with my template? Thanks.
October 29, 2010 03:01AM |
Admin Registered: 20 years ago Posts: 8,532 |
That means that the anti-CSRF hack protection has kicked in. The posting token is missing (what you also discovered yourself). Without a posting token, the client's post data is rejected.
This is indeed a result of upgrading the topic poll, since CSRF protection is relatively new in there.
Easiest solution would be to hack the topic_poll.php. Search for the following code:
and change it to
The other solution would be to make sure that on the list page, the POST_DATA is extended with a valid posting_token that will be accepted by the read page.
Maurice Makaay
Phorum Development Team
my blog
linkedin profile
secret sauce
This is indeed a result of upgrading the topic poll, since CSRF protection is relatively new in there.
Easiest solution would be to hack the topic_poll.php. Search for the following code:
// To satisfy the CSRF check that the posting form uses on the // same page as our topic poll form. This will add a posting // token to the {POST_VARS}. The forms that we use have the // {POST_VARS} in them, so when posting a poll form, the CSRF // check from posting.php will succeed. // The function_exists is for making this work in older versions // of Phorum as well. if (function_exists('phorum_check_posting_token')) { phorum_check_posting_token('post'); }
and change it to
// To satisfy the CSRF check that the posting form uses on the // same page as our topic poll form. This will add a posting // token to the {POST_VARS}. The forms that we use have the // {POST_VARS} in them, so when posting a poll form, the CSRF // check from posting.php will succeed. // The function_exists is for making this work in older versions // of Phorum as well. # if (function_exists('phorum_check_posting_token')) { # phorum_check_posting_token('post'); # }
The other solution would be to make sure that on the list page, the POST_DATA is extended with a valid posting_token that will be accepted by the read page.
Maurice Makaay
Phorum Development Team



Re: Topic Poll Module October 29, 2010 04:53PM |
Registered: 14 years ago Posts: 62 |
Re: Topic Poll Module October 30, 2010 12:46PM |
Registered: 14 years ago Posts: 62 |
Ok so I just tried what you suggested, Maurice. I'm still getting the "Possible hack attempt detected. The posted form data was rejected." message. However, the voting action does succeed. I just have to go back to list.php and refresh. So maybe this is happening somewhere else in the code?
October 30, 2010 01:27PM |
Admin Registered: 20 years ago Posts: 8,532 |
Try changing phorum_check_posting_token() to phorum_check_posting_token('read') within the topic poll code. That should setup a token that can be processed on the read page (which matches the posting target URL that you setup).
Maurice Makaay
Phorum Development Team
my blog
linkedin profile
secret sauce
Maurice Makaay
Phorum Development Team



Re: Topic Poll Module October 30, 2010 01:35PM |
Registered: 14 years ago Posts: 62 |
Doesn't appear to have worked. I don't understand what happened. If I remember correctly, it was working not too long ago. I'm not sure what I changed that causes it not to work...
So how are the {POST_VARS} set up? I see $PHORUM["DATA"]["POST_VARS"] is assigned the data in phorum_mod_topic_poll_posting_custom_action. This takes place during poll creation right? phorum_check_posting_token('post'); adds a posting token to {POST_VARS} in phorum_mod_topic_poll_read. So why does it do it in read.php but not list.php. I made sure hook: list|phorum_mod_topic_poll_read was included in info.txt, although since the information is going to read.php anyway, this probably doesn't matter.
I've been looking at the code and I really am at a loss. What determines what goes into {POST_VARS} and when?
Edited 4 time(s). Last edit at 10/30/2010 02:16PM by Meadock.
So how are the {POST_VARS} set up? I see $PHORUM["DATA"]["POST_VARS"] is assigned the data in phorum_mod_topic_poll_posting_custom_action. This takes place during poll creation right? phorum_check_posting_token('post'); adds a posting token to {POST_VARS} in phorum_mod_topic_poll_read. So why does it do it in read.php but not list.php. I made sure hook: list|phorum_mod_topic_poll_read was included in info.txt, although since the information is going to read.php anyway, this probably doesn't matter.
I've been looking at the code and I really am at a loss. What determines what goes into {POST_VARS} and when?
Edited 4 time(s). Last edit at 10/30/2010 02:16PM by Meadock.
Sorry, only registered users may post in this forum.