[geeklog-devel] Plugin upgrade failure (was: More automation)
rouslan at placella.com
Sat May 21 20:53:27 EDT 2011
On Sun, 2011-05-22 at 00:02 +0200, Dirk Haun wrote:
> Rouslan Placella wrote:
> > Perhaps I'm missing something, but the 'header("Location: $url");' call
> > does send a referer. It's the referer that it itself received, it merely
> > copies it over.
> I hadn't considered this, I have to admit. Unfortunately it doesn't help us, since it's the wrong URL ...
> With the Location header (as with the meta refresh) we specify the URL we want the browser to go to. So that's the .../plugins.php?mode=continue_upgrade... URL. But when the CSRF token is generated, it uses the then-current URL and that's .../plugins.php, without any further parameters. So the two URLs (the one in the token and the one in the referrer) don't match.
> HTTP can be messy sometimes :P
The token mismatch isn't actually where you think it is. I got it to
work, see attached patch. However we lose a message, though I'm not sure
what it is or how important...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 625 bytes
Desc: not available
Url : <http://eight.pairlist.net/pipermail/geeklog-devel/attachments/20110522/fe405ca3/attachment-0001.bin>
More information about the geeklog-devel