Security error

lufton · Post by **lufton** » 21 Feb 2013, 01:16

I download and install Phoca GuestBook 3.0.0 beta. I do not able to add posts to guest book, I always get 500 error: possible spam detected.
I found error in the code of controller:
if ((JRequest::getCmd('view') != 'guestbook') || (JRequest::getCmd('option') != 'com_phocaguestbook') || (JRequest::getCmd('task') != 'submit'))
should be:
if ((JRequest::getCmd('view') != 'guestbook') || (JRequest::getCmd('option') != 'com_phocaguestbook') || (JRequest::getCmd('task') != 'phocaguestbook.submit'))
because form fill task field with phocaguestbook.submit value. Changing this allow me to post.

Post by **Jan** » 21 Feb 2013, 13:11

Hi, not sure what you mean, just print_r the task, it is "submit"

If I print_r the task:
print_r(JRequest::getCmd('task'));exit;

I get "submit"

Jan

lufton · Post by **lufton** » 21 Feb 2013, 23:49

It is strange, in J 3.0.3 I surely get phocaguestbook.submit in task param. You can check hidden input value on our site: [removed because of security reason]

Post by **Jan** » 24 Feb 2013, 21:30

Hi, Joomla! methods strip the component name while using the submit values in code.

Jan

FlyRide · Post by **FlyRide** » 18 Apr 2013, 10:14

Hello,

Is there a solution to apply?

My error 500 happens on: Joomla! 3.0.3 Stable with Guestbook 3.0.0 Beta.

Already uninstalled and reinstalled, didn't solve it.

Thanks,
Christophe

Additional info from debug:
6 PhocaguestbookControllerPhocaguestbook->submit() JROOT/libraries/legacy/controller/legacy.php:722
7 JError::raiseError() JROOT/components/com_phocaguestbook/controllers/phocaguestbook.php:149

Post by **Jan** » 20 Apr 2013, 12:48

Hi, yes this seems like the script cannot pass a security check but why? really no idea

you need to get "submit" value there, in case of any other, the script will not continue (because of security reason) - really no idea what part of joomla changes the "submit" to "phocaguestbook.submit" ... which is wrong ... I will try to use other methods to get variables in next version (input by application, but I think nothing will be changed there)

worknmn · Post by **worknmn** » 31 May 2013, 18:51

I have Joomla! 3.1.1 . Setup beta PhocaGuestbook . Error 500 on add post. Change controller such as lufton. Component work. Dump vareible JRequest::getCmd('task') and get 'phocaguestbook.submit'. In view default_form.php in 66 line <input type="hidden" name="task" value="phocaguestbook.submit" /> may be problem here?
Sorry for my English.

worknmn · Post by **worknmn** » 31 May 2013, 19:32

fields\phocatext.php
Absent white space before concatenation
$placeholder= htmlspecialchars($this->getTitle() . ($this->required ? ' '.JText::_('COM_PHOCAGUESTBOOK_REQUIREDSIGN') : '')

Post by **Jan** » 07 Jun 2013, 14:16

Hi, not sure what you mean for now?

Post by **Jan** » 04 Aug 2013, 18:30

Hi, should be Ok in stable 3.0.0

Jan

Phoca Forum

Security error

Security error

Re: Security error

Re: Security error

Re: Security error

Re: Security error

Re: Security error

Re: Security error

Re: Security error

Re: Security error

Re: Security error