s9y + iis

[imperia]

hello,

i am receiving the following error if I try to save any settings in admin panel and I cannot make new blog entries(they just don't save. without error):

Code: Select all

Your browser did not sent a valid HTTP-Referrer string. This may have either been caused by a misconfigured browser/proxy or by a Cross Site Request Forgery (XSRF) aimed at you. The action you requested could not be completed.

i have tested with firefox 2.0.0.9 and ie 7.0.5730.13.

i am using php 5.2.5 and win 2003 r2 sp2.
when i was installing s9y everything was green on the report screen except imagemagick. i also created serendipity user in mysql and the database. the db is populated correctly.

i have the following php extensions enabled:

Code: Select all

extension=php_mysql.dll
extension=php_mysqli.dll
extension=php_mbstring.dll
extension=php_gd2.dll
extension=php_openssl.dll

can you help me solve that please.

[garvinhicking]

Hi!

How did you configure your browseR? Could it be you'Re not accepting cookies?

Also check if your PHP config has session.use_cookies enabled.

Regards,
Garvin

[imperia]

settings are: session.use_cookies On

i think cookies are ok. i can login but can't save settings.

[garvinhicking]

Hi!

Are you using a HTTP proxy? Have you tried a different browser?

Regards,
Garvin

[imperia]

i have tried the latest version of IE and Firefox. i am not using proxy at all.

[garvinhicking]

Hi!

Phew. This goes beyond my knowledge of IIS then. I believe people are successfully using it with serendipity, but I have no testing environment, since IIS doesn't seem to be available for free like Apache.

Regards,
Garvin

[imperia]

i've just installed the nightly build to test if this issue is fixed with it. no luck but found this thread: http://board.s9y.org/viewtopic.php?t=4755

my code looks like this now:

Code: Select all

function serendipity_checkXSRF() {
    global $serendipity;
    return false;

but I still receive:

Code: Select all

Your browser did not sent a valid HTTP-Referrer string. This may have either been caused by a misconfigured browser/proxy or by a Cross Site Request Forgery (XSRF) aimed at you. The action you requested could not be completed.

very strange do you have any ideas?

you said that browser may not send referrer string.
so i did simple test:

created 2 files - 1 html 1 php
html:

Code: Select all

This a link to <a href="referrer.php">Test Referrer page</a>.

php:

Code: Select all

<?php
$ref=@$HTTP_REFERER;

echo "<font face='Verdana' size='3'><b>Referrer of this page  = $ref </b>"; 
?>

I launch html file in browser then I click the link and there is no referrer string.

story continues:

i found another php example and I added it to the php file:

Code: Select all

<?php
$ref=@$HTTP_REFERER;

echo "<font face='Verdana' size='3'><b>Referrer of this page  = $ref </b>"; 
echo $_SERVER['HTTP_REFERER'];
?>

now it works. it displays the referrer:

Code: Select all

Referrer of this page = http://192.168.0.2/incoming/link_to_referrer.htm

So the first php file is not written correctly or something is wrong with my PHP



PS: Finally I found the problem.

it was session folder permission issue.
when I was installing s9y and even when I upgraded it to the nightly build
installation clearly said writable for the all 3 folders. but they weren't! version 1.3 told me that with little warning at the bottom of the screen (permission denied). 1.2 didn't So something is wrong with permission checking for folders during installation.

later i will try to enable XSRF to see if its working.

[irfan12jan]

hi, could you please let me know where did you get the version 1.3, i am facing same issue.

[garvinhicking]

Hi!

version 1.3 is the current snapshot version, the nightlies you can download on s9y.org

Regards,
Garvin