Author Topic: Problem in the file csrf-magic.php  (Read 302 times)

pourkoipas78

  • Prime Member
  • ****
  • Posts: 107
  • Karma: +1/-0
Problem in the file csrf-magic.php
« on: March 15, 2017, 11:13:44 AM »
Hello,

I have lot of errors in my logs :
mod_fcgid: stderr: PHP Notice:  Undefined index: IP_ADDRESS in /home/user_site/public_html/includes/csrf-magic.php on line 220

I found a solution on the internet, is this replacement code good ?
https://fossies.org/diffs/cacti/0.8.8h_vs_1.0.0/include/csrf/csrf-magic.php-diff.html
Code: [Select]
$secret = csrf_get_secret();
if (!$has_cookies && $secret) {
        // :TODO: Harden this against proxy-spoofing attacks
if (isset($_SERVER['REMOTE_ADDR'])) {
                 $ip = ';ip:' . csrf_hash($_SERVER['REMOTE_ADDR']);
         } else {
                 $ip = '';
         }
} else {
        $ip = '';
    }
    csrf_start();

Thank you



maverick

  • Administrator
  • Veteran Member
  • *****
  • Posts: 2988
  • Karma: +210/-7
    • Maverick Webworks
Re: Problem in the file csrf-magic.php
« Reply #1 on: March 15, 2017, 01:41:26 PM »
First off, these aren't actual errors that will prevent things from functioning, they are just notices.
mod_fcgid: stderr: PHP Notice:  Undefined index:

The problem technically isn't with the csrf-magic script, it's has more to do with your server configuration.
mod_fcgid: stderr: PHP Notice:  Undefined index:
This basically says that the PHP on your server is being run through the fcgid module. The problem is being caused either by your PHP version or php.ini configurations.

The easiest fix is just to prevent or suppress such notices by adding the following to your server's php.ini file:
error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED

You may need to contact your host to do this for you.

Fusion Responsive Template & Free Mods
http://www.maverickwebworks.com
DO NOT PM me asking for personal help. Post your problem or request in the forums so the entire community can contribute and benefit.

pourkoipas78

  • Prime Member
  • ****
  • Posts: 107
  • Karma: +1/-0
Re: Problem in the file csrf-magic.php
« Reply #2 on: March 16, 2017, 04:42:50 AM »
Yes but it is always good to check if a variable is well declared, right?

maverick

  • Administrator
  • Veteran Member
  • *****
  • Posts: 2988
  • Karma: +210/-7
    • Maverick Webworks
Re: Problem in the file csrf-magic.php
« Reply #3 on: March 16, 2017, 12:11:47 PM »
The replacement code provided by "fossie" just didn't seem totally correct or complete to me, so I did some further research and found a more recent and complete CSFR update for SERVER checks for IP ADDRESS.

You can try it out by downloading the "csrf-magic.php" file with the applied updates from here:
http://datemill.com/extras/csrf-update.zip

Simply replace the file with the one located in your "includes" folder.

Fusion Responsive Template & Free Mods
http://www.maverickwebworks.com
DO NOT PM me asking for personal help. Post your problem or request in the forums so the entire community can contribute and benefit.

pourkoipas78

  • Prime Member
  • ****
  • Posts: 107
  • Karma: +1/-0
Re: Problem in the file csrf-magic.php
« Reply #4 on: March 17, 2017, 04:44:25 AM »
Thank you very much Maverick  ;)

I will try it...

pourkoipas78

  • Prime Member
  • ****
  • Posts: 107
  • Karma: +1/-0
Re: Problem in the file csrf-magic.php
« Reply #5 on: March 17, 2017, 05:07:21 AM »
For "Impersonate User" to work, you have to set to false :
$GLOBALS['csrf']['frame-breaker'] = false;

maverick

  • Administrator
  • Veteran Member
  • *****
  • Posts: 2988
  • Karma: +210/-7
    • Maverick Webworks
Re: Problem in the file csrf-magic.php
« Reply #6 on: March 17, 2017, 08:06:53 AM »
Not sure how I overlooked that, but thanks for letting me know.

Fusion Responsive Template & Free Mods
http://www.maverickwebworks.com
DO NOT PM me asking for personal help. Post your problem or request in the forums so the entire community can contribute and benefit.