Since the security upgrade: BUSTED - "Modify Post", "Search"

Started by DeCarlo Rules, May 19, 2017, 07:15:03 AM

Previous topic - Next topic

DeCarlo Rules

Oldiesmann -- neither of these functions work since you went to the https:// secure site URL.

Oldiesmann

Search is fixed. It was a bug with the latest version of the forum software. Still looking into the post modification stuff.

DeCarlo Rules

Quote from: Oldiesmann on May 27, 2017, 12:45:56 PM
Search has been fixed. That was due to a bug with the latest version of the forum software. I'm still looking into the post modification issues.

It's even worse than that now. Not only does the "Modify" button not work, but the "REPLY" doesn't work at all, and returns a dialogue box saying "Security Warning: The information you have entered on this page will be sent over an insecure connection and could be read by a third party.  Are you sure you want to send this information?"  Choosing "Continue" or "Cancel" in the Security Warning dialogue box is irrelevant, as the text I typed will not be posted. Instead, I'm returned to the Forum topics listing page. Or at least that's how it's working in both Firefox and Chrome browsers.

Fortunately the "Quick Reply" button does still seem to work, otherwise it would be impossible for me to post at all.

Oldiesmann

I do apologize for the problems, and am working to figure out what's going on. I'm not getting errors on my end about content being sent over an insecure connection, but am seeing an issue where the query string is being duplicated, which is what's causing the issue with posts not going through from the regular reply form.

Oldiesmann

I believe I've fixed the issues now. It was a combination of things.

Being redirected to the forum index when trying to post was due to a server setting that redirected non-secure URLs to the secure form. For some reason this was causing the query string (the "?..." part at the end of the URLs) to get duplicated. Since the forum didn't recognize the value of the "action", it just redirected to the board index.

The security errors were due to a setting with the addon that handles rewriting the URLs - it has its own setting for the forum URL and I wasn't aware that this exited or that it needed to be updated when I changed to https, so some forum URLs were still using http instead.