The simpler media website CMS
Forum search only. You might also want to search on the main site's user guide.
Visit the troubleshooting guide.
Visit the paid support page.
Your support helps pay for this server, and helps development of zenphoto. Thank you!
Visit the donations page
When I try to rotate an image via zenphoto, i get an error: "“albumedit” Cross Site Request Forgery blocked." What is causing this?
Generally it means the internal XSRFtoken is not matching which is partly based on the session. Just tried locally and on our own site and it is working as expected to me. Any other errors in the logs?
I don't see anything in the logs that points to zenphoto directory. It here a way to turn off the check to test this theory?
I found this in the zenphoto security logs:
2018-10-13 16:01:40 #.#.#.# Cross Site Reference admin fName lName Blocked albumedit
Yeah, that is the error if the tokens don't match. Sorry I cannot tell why they won't. Try to clear cookies and caches in the browser used.
You cannot turn of this check expect hacking core files.
I cleared the browser cache/cookies and restarted the browser (FireFox) and got the same error.
Then I have no idea except that something is wrong with sessions. You could "hack" the XSRFtoken() function and add a debuglog() call to it.
Where are the sessions stored?
Looking at the admin screen, I see " PHP Session path: /tmp". Is that inside my public_html folder? ~/public_html/tmp or ~/tmp on my hosting service? I see no session information in either of these locations.
Further inspection revealed that /tmp is at the root of the server filesystem. My user has rw- and there is no other perms on this session data. Can this be why? doesn't the session data need to be writeable by the web server user?
Actually where the server puts session data is server configuration as is the rights management needed for that. Don't have the code in front of me but ZP only set a path if none is defined by the server or so. Can you maybe check your server config (via phpinfo for example).
sys_temp_dir = ~/public_html/tmp
session.save_path = /tmp
That at least matched what you reported above. Why the permissions are not correct I cannot really tell. Maybe ask your host for assistance?
Website powered by Zenphoto
Forum powered by Vanilla