Loading...
 

Tikiwiki-devel (mailman list mirror)


CSRF problem

posts: 1545

Hello devs,

on a Tiki 15 I try to set file storage to directory. Instead of
accepting the change of preference, my Tiki says "Potential CRRF Bad
request ... Operation blocked. ...".

When I try to switch off the CSFR preference, Instead of accepting,
Tiki again says "Potential CSRF Bad request. ... Operation blocked.
...". No way to switch that off.

Deleting caches and Cookies did not help. Switching to a new "lastiki"
die not help either - cannot go through the installer due to a php
something exceed error during the installer.

Any ideas what might be wrong and how to get rid of the CSRF?


Potential Cross-Site Request Forgery

Bad request - potential cross-site request forgery (CSRF) detected.
Operation blocked. The security ticket may have expired - try
reloading the page in this case.

posts: 1545

Hello devs,

adding up to the CSRF problem, although I do not know if it is related
or a coinsidence: I just tried a new installation of trunk (as lasttiki
download), started the installer and got this error message:

Warning: session_start():
open(/tmp/sess_8ceb426b2eaeef5470c718d319944a87, O_RDWR) failed: Disk
quota exceeded (122) in
/homepages/28/XXXXXXX/htdocs/tiki/test/trunk/tiki-install.php on line 58

Warning: session_start(): Cannot send session cache limiter - headers
already sent (output started at
/homepages/28/XXXXXXX/htdocs/tiki/test/trunk/tiki-install.php:58) in
/homepages/28/XXXXXXX/htdocs/tiki/test/trunk/tiki-install.php on line 58

Any ideas?

Torsten

On 21.03.2016 23:29, Torsten wrote:
> Hello devs,
>
> on a Tiki 15 I try to set file storage to directory. Instead of
> accepting the change of preference, my Tiki says "Potential CRRF Bad
> request ... Operation blocked. ...".
>
> When I try to switch off the CSFR preference, Instead of accepting,
> Tiki again says "Potential CSRF Bad request. ... Operation blocked.
> ...". No way to switch that off.
>
> Deleting caches and Cookies did not help. Switching to a new "lastiki"
> die not help either - cannot go through the installer due to a php
> something exceed error during the installer.
>
> Any ideas what might be wrong and how to get rid of the CSRF?
>
>
> Potential Cross-Site Request Forgery
>
> Bad request - potential cross-site request forgery (CSRF)
> detected. Operation blocked. The security ticket may have expired
> - try reloading the page in this case.
>
>
>
>
>
> ------------------------------------------------------------------------------
> Transform Data into Opportunity.
> Accelerate data analysis in your applications with
> Intel Data Analytics Acceleration Library.
> Click to learn more.
> http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
>
>
> ___
> TikiWiki-devel mailing list
> TikiWiki-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel

"Disk quota exceeded" sounds like you hit some kind of disk space or number
of files limitation on your hosting instance...

On Mon, Mar 21, 2016 at 7:57 PM, Torsten <torsten@tiki.org> wrote:

> Hello devs,
>
> adding up to the CSRF problem, although I do not know if it is related or
> a coinsidence: I just tried a new installation of trunk (as lasttiki
> download), started the installer and got this error message:
>
> Warning: session_start(): open(/tmp/sess_8ceb426b2eaeef5470c718d319944a87,
> O_RDWR) failed: Disk quota exceeded (122) in
> /homepages/28/XXXXXXX/htdocs/tiki/test/trunk/tiki-install.php on line 58
>
> Warning: session_start(): Cannot send session cache limiter - headers
> already sent (output started at
> /homepages/28/XXXXXXX/htdocs/tiki/test/trunk/tiki-install.php:58) in
> /homepages/28/XXXXXXX/htdocs/tiki/test/trunk/tiki-install.php on line 58
>
> Any ideas?
>
> Torsten
>
>
> On 21.03.2016 23:29, Torsten wrote:
>
> Hello devs,
>
> on a Tiki 15 I try to set file storage to directory. Instead of accepting
> the change of preference, my Tiki says "Potential CRRF Bad request ...
> Operation blocked. ...".
>
> When I try to switch off the CSFR preference, Instead of accepting, Tiki
> again says "Potential CSRF Bad request. ... Operation blocked. ...". No way
> to switch that off.
>
> Deleting caches and Cookies did not help. Switching to a new "lastiki" die
> not help either - cannot go through the installer due to a php something
> exceed error during the installer.
>
> Any ideas what might be wrong and how to get rid of the CSRF?
>
>
> Potential Cross-Site Request Forgery Bad request - potential cross-site
> request forgery (CSRF) detected. Operation blocked. The security ticket may
> have expired - try reloading the page in this case.
>
>
>
>
>
> ------------------------------------------------------------------------------
> Transform Data into Opportunity.
> Accelerate data analysis in your applications with
> Intel Data Analytics Acceleration Library.
> Click to learn more.http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
>
>
>
> ___
> TikiWiki-devel mailing listTikiWiki-devel at lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
>
>
>
>
> ------------------------------------------------------------------------------
> Transform Data into Opportunity.
> Accelerate data analysis in your applications with
> Intel Data Analytics Acceleration Library.
> Click to learn more.
> http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> ___
> TikiWiki-devel mailing list
> TikiWiki-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel

posts: 1545
  1. Solved.


The CSRF and the installation problem was just a side effect of another
problem on the managed server, but the error message of Tiki finally
pointed to the solution.

The temp folder in the operating system was kind of filled up, which did
cause the "Disk Quota Exceeded" issue, the CSRF issue, the issue that we
could not upload any file via php etc.. Further more the poviders
support mentioned some kind of "i-node" or so, which I did not really
get. Anyhow the problem was solved via a special restart including a
file-system-check.

All issues including the CSRF and the missing opportunity to switch the
CSRF preference of and to switch to file storage to directory (instead
database) all disappeared.
I think I should check if that is on doc.t.o "Troubleshooting" and add
to a section "strange behaviour" ...

Thx to everybody thinking about the problem,
especially Nelson and Jonny, who pointed me to the right questions to
ask the providers support.

Best regards,
Torsten


On 22.03.2016 01:00, Nelson Ko wrote:
> "Disk quota exceeded" sounds like you hit some kind of disk space or
> number of files limitation on your hosting instance...
>
> On Mon, Mar 21, 2016 at 7:57 PM, Torsten <torsten@tiki.org
> <mailto:torsten@tiki.org>> wrote:
>
> Hello devs,
>
> adding up to the CSRF problem, although I do not know if it is
> related or a coinsidence: I just tried a new installation of trunk
> (as lasttiki download), started the installer and got this error
> message:
>
> Warning: session_start():
> open(/tmp/sess_8ceb426b2eaeef5470c718d319944a87, O_RDWR) failed:
> Disk quota exceeded (122) in
> /homepages/28/XXXXXXX/htdocs/tiki/test/trunk/tiki-install.php on
> line 58
>
> Warning: session_start(): Cannot send session cache limiter -
> headers already sent (output started at
> /homepages/28/XXXXXXX/htdocs/tiki/test/trunk/tiki-install.php:58)
> in /homepages/28/XXXXXXX/htdocs/tiki/test/trunk/tiki-install.php
> on line 58
>
> Any ideas?
>
> Torsten
>
>
> On 21.03.2016 23:29, Torsten wrote:
>> Hello devs,
>>
>> on a Tiki 15 I try to set file storage to directory. Instead of
>> accepting the change of preference, my Tiki says "Potential CRRF
>> Bad request ... Operation blocked. ...".
>>
>> When I try to switch off the CSFR preference, Instead of
>> accepting, Tiki again says "Potential CSRF Bad request. ...
>> Operation blocked. ...". No way to switch that off.
>>
>> Deleting caches and Cookies did not help. Switching to a new
>> "lastiki" die not help either - cannot go through the installer
>> due to a php something exceed error during the installer.
>>
>> Any ideas what might be wrong and how to get rid of the CSRF?
>>
>>
>> Potential Cross-Site Request Forgery
>>
>> Bad request - potential cross-site request forgery (CSRF)
>> detected. Operation blocked. The security ticket may have
>> expired - try reloading the page in this case.
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Transform Data into Opportunity.
>> Accelerate data analysis in your applications with
>> Intel Data Analytics Acceleration Library.
>> Click to learn more.
>> http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
>>
>>
>> ___
>> TikiWiki-devel mailing list
>> TikiWiki-devel at lists.sourceforge.net
>> <mailto:TikiWiki-devel@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
>
>
> ------------------------------------------------------------------------------
> Transform Data into Opportunity.
> Accelerate data analysis in your applications with
> Intel Data Analytics Acceleration Library.
> Click to learn more.
> http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> ___
> TikiWiki-devel mailing list
> TikiWiki-devel at lists.sourceforge.net
> <mailto:TikiWiki-devel@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
>
>
>
>
> ------------------------------------------------------------------------------
> Transform Data into Opportunity.
> Accelerate data analysis in your applications with
> Intel Data Analytics Acceleration Library.
> Click to learn more.
> http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
>
>
> ___
> TikiWiki-devel mailing list
> TikiWiki-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel


Why Register?

Register at tiki.org and you'll be able to use the account at any *.tiki.org site, thanks to the InterTiki feature. A valid email address is required to receive site notifications and occasional newsletters. You can opt out of these items at any time.