[geeklog-devel] Plugin upgrade failure (was: More automation)
Rouslan Placella
rouslan at placella.com
Sat May 21 20:53:27 EDT 2011
On Sun, 2011-05-22 at 00:02 +0200, Dirk Haun wrote:
> Rouslan Placella wrote:
>
> > Perhaps I'm missing something, but the 'header("Location: $url");' call
> > does send a referer. It's the referer that it itself received, it merely
> > copies it over.
>
> I hadn't considered this, I have to admit. Unfortunately it doesn't help us, since it's the wrong URL ...
>
> With the Location header (as with the meta refresh) we specify the URL we want the browser to go to. So that's the .../plugins.php?mode=continue_upgrade... URL. But when the CSRF token is generated, it uses the then-current URL and that's .../plugins.php, without any further parameters. So the two URLs (the one in the token and the one in the referrer) don't match.
>
> HTTP can be messy sometimes :P
The token mismatch isn't actually where you think it is. I got it to
work, see attached patch. However we lose a message, though I'm not sure
what it is or how important...
Rouslan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch.diff.gz
Type: application/x-gzip
Size: 625 bytes
Desc: not available
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20110522/fe405ca3/attachment.bin>
More information about the geeklog-devel
mailing list