Menu
▾
▴
[xoops-trackers] [ xoops-Bugs-3569279 ] invalid tokens will be checked in an infinite loop
|
From: SourceForge.net <no...@so...> - 2012-09-19 05:51:10
|
Bugs item #3569279, was opened at 2012-09-18 22:51 Message generated for change (Tracker Item Submitted) made by irmtfan You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=430840&aid=3569279&group_id=41586 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core - Core Group: XOOPS 2.6.x Status: Open Resolution: None Priority: 5 Private: No Submitted By: irmtfan (irmtfan) Assigned to: Nobody/Anonymous (nobody) Summary: invalid tokens will be checked in an infinite loop Initial Comment: sometimes users (mostly those have low internet connections with dynamic IPs) cannot send posts in forums, news comments, .. and will receive same error again and again. This is really annoying for new users. eg: in newbb they will receive this error constantly: "Invalid submission. You could have exceeded session time. Please re-submit or make a backup of your post and login to resubmit if necessary." I noticed this issue will occur mainly when user use remember me and the reason is in XoopsSecurity class invalid tokens will be checked in an infinite loop until the user logout or somehow the tokens changed. my solution is clearing invalid tokens in the first finding. in xoops255/class/xoopssecurity.php: [code] function validateToken($token = false, $clearIfValid = true, $name = 'XOOPS_TOKEN') { global $xoopsLogger; $token = ($token !== false) ? $token : (isset($_REQUEST[$name . '_REQUEST']) ? $_REQUEST[$name . '_REQUEST'] : ''); if (empty($token) || empty($_SESSION[$name . '_SESSION'])) { $xoopsLogger->addExtra('Token Validation', 'No valid token found in request/session'); return false; } $validFound = false; $token_data = & $_SESSION[$name . '_SESSION']; foreach (array_keys($token_data) as $i) { if ($token === md5($token_data[$i]['id'] . $_SERVER['HTTP_USER_AGENT'] . XOOPS_DB_PREFIX)) { if ($this->filterToken($token_data[$i])) { if ($clearIfValid) { // token should be valid once, so clear it once validated unset($token_data[$i]); } $xoopsLogger->addExtra('Token Validation', 'Valid token found'); $validFound = true; } else { $str = 'Valid token expired'; $this->setErrors($str); $xoopsLogger->addExtra('Token Validation', $str); } } } if (!$validFound) { // START add by irmtfan if (!isset($str)) { $this->clearTokens($name); } // END add by irmtfan $xoopsLogger->addExtra('Token Validation', 'No valid token found'); } $this->garbageCollection($name); return $validFound; } [/code] It is a bug in 2.5.5 and 2.6.0 alpha please follow this topic: http://xoops.org/modules/newbb/viewtopic.php?topic_id=75499 ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=430840&aid=3569279&group_id=41586 |
