Jump to content

Forged, again


Joss
 Share

Recommended Posts

Okay, trying to put a site up for a client and am getting the dreaded "This request was aborted because it appears to be forged."

I have tried:

Checking all permissions (755/644

making sure the sessions/cache/logs any else is there

Add bits to config

replacing index.php

Everthing that Nico suggests in his trouble shooting guide

I emptied the sessions directory

Turning on Debug gives a warning:

Warning: Cannot modify header information - headers already sent by (output started at /home/meinthem/public_html/xxxxx/site/config.php:1) in /home/meinthem/public_html/xxxxxx/wire/core/admin.php on line 14

And the longer winded version of the original error:

 TemplateFile: This request was aborted because it appears to be forged.<pre>#0 /home/meinthem/public_html/xxxxxx/wire/modules/Inputfield/InputfieldForm.module(66): SessionCSRF->validate() #1 [internal function]: InputfieldForm->___processInput(Object(WireInputData)) #2 /home/meinthem/public_html/xxxxxx/wire/core/Wire.php(341): call_user_func_array(Array, Array) #3 /home/meinthem/public_html/xxxxxx/wire/core/Wire.php(296): Wire->runHooks('processInput', Array) #4 /home/meinthem/public_html/xxxxxx/wire/modules/Process/ProcessLogin/ProcessLogin.module(70): Wire->__call('processInput', Array) #5 /home/meinthem/public_html/xxxxxx/wire/modules/Process/ProcessLogin/ProcessLogin.module(70): InputfieldForm->processInput(Object(WireInputData)) #6 [internal function]: ProcessLogin->___execute() #7 /home/meinthem/public_html/xxxxxx/wire/core/Wire.php(341): call_user_func_array(Array, Array) #8 /home/meinthem/public_html/xxxxxx/wire/core/Wire.php(296): Wire->runHooks('execute', Array) #9 /home/meinthem/public_html/xxxxxx/wire/core/ProcessController.php(213): Wire->__call('execute', Array) #10 /home/meinthem/public_html/xxxxxx/wire/core/ProcessController.php(213): ProcessLogin->execute() #11 [internal function]: ProcessController->___execute() #12 /home/meinthem/public_html/xxxxxx/wire/core/Wire.php(341): call_user_func_array(Array, Array) #13 /home/meinthem/public_html/xxxxxx/wire/core/Wire.php(296): Wire->runHooks('execute', Array) #14 /home/meinthem/public_html/xxxxxx/wire/core/admin.php(85): Wire->__call('execute', Array) #15 /home/meinthem/public_html/xxxxxx/wire/core/admin.php(85): ProcessController->execute() #16 /home/meinthem/public_html/xxxxxx/wire/modules/AdminTheme/AdminThemeReno/controller.php(13): require('/home/meinthem/...') #17 /home/meinthem/public_html/xxxxxx/site/templates/admin.php(15): require('/home/meinthem/...') #18 /home/meinthem/public_html/xxxxxx/wire/core/TemplateFile.php(169): require('/home/meinthem/...') #19 [internal function]: TemplateFile->___render() #20 /home/meinthem/public_html/xxxxxx/wire/core/Wire.php(341): call_user_func_array(Array, Array) #21 /home/meinthem/public_html/xxxxxx/wire/core/Wire.php(296): Wire->runHooks('render', Array) #22 /home/meinthem/public_html/xxxxxx/wire/modules/PageRender.module(356): Wire->__call('render', Array) #23 /home/meinthem/public_html/xxxxxx/wire/modules/PageRender.module(356): TemplateFile->render() #24 [internal function]: PageRender->___renderPage(Object(HookEvent)) #25 /home/meinthem/public_html/xxxxxx/wire/core/Wire.php(341): call_user_func_array(Array, Array) #26 /home/meinthem/public_html/xxxxxx/wire/core/Wire.php(296): Wire->runHooks('renderPage', Array) #27 /home/meinthem/public_html/xxxxxx/wire/core/Wire.php(363): Wire->__call('renderPage', Array) #28 /home/meinthem/public_html/xxxxxx/wire/core/Wire.php(363): PageRender->renderPage(Object(HookEvent)) #29 /home/meinthem/public_html/xxxxxx/wire/core/Wire.php(296): Wire->runHooks('render', Array) #30 /home/meinthem/public_html/xxxxxx/wire/modules/Process/ProcessPageView.module(172): Wire->__call('render', Array) #31 /home/meinthem/public_html/xxxxxx/wire/modules/Process/ProcessPageView.module(172): Page->render() #32 [internal function]: ProcessPageView->___execute(true) #33 /home/meinthem/public_html/xxxxxx/wire/core/Wire.php(341): call_user_func_array(Array, Array) #34 /home/meinthem/public_html/xxxxxx/wire/core/Wire.php(296): Wire->runHooks('execute', Array) #35 /home/meinthem/public_html/xxxxxx/index.php(231): Wire->__call('execute', Array) #36 /home/meinthem/public_html/xxxxxx/index.php(231): ProcessPageView->execute(true) #37 {main}</pre>

This is on a server where I have had no problems before and I am at a complete loss what to do next.

Any thoughts?

Link to comment
Share on other sites

Joss, what's on config.php line 1? That's an unusual error to see there. I would guess that when the files were uploaded the encoding got changed somehow? Though double check that you don't have some whitespace prepended in your config.php file. Make sure the first thing in it is a <?php with nothing before it. But if everything looks normal, I would guess that when you uploaded the files something got changed. If they got FTP'd in as ascii, try putting them in as binary. 

Also, for a quick fix, turn off CSRF protection in your /site/config.php file: $config->protectCSRF = false; But i have a feeling that something might be up with the file encoding, which would cause other problems even if you get the CSRF one fixed. 

  • Like 2
Link to comment
Share on other sites

Clever chap!

There was around 30 characters of white space between the very front of the file and the <?php

removing that did it.

How would that have effected it?

EDIT: I had tried turning off CRSF protection already, but it made no difference, other than adding the header problem

Link to comment
Share on other sites

Joss, glad that did it! Here's why it caused the error: Cookies are set in the http headers. When PHP sends output before the http headers (as would be the case if you had characters before an opening PHP tag) then it wouldn't be possible to set cookies. The result is that it wasn't able to set the CSRF cookie, so when it went to check if there was a valid CSRF cookie there wasn't, making it think it was forged. 

  • Like 2
Link to comment
Share on other sites

  • 4 weeks later...

I'm running PW 2.5.3 and am experiencing the dreaded "TemplateFile: This request was aborted because it appears to be forged." error described herein while

trying to log into the admin interface AND using a mobile device running iOS.   I have tested the admin login successfully using droid mobile devices (both phone and tablets) , along w/ most desktop browsers including IE8-11, FF29+, and most recent Opera and Safari versions.

Curious if anyone has experienced the same thing w/ iOS 7 and has a recommended fix?

------------ PLEASE IGNORE:  FIXED ----------------------------------

Cookies must be enabled...had wrong settings.

Link to comment
Share on other sites

  • 1 year later...
12 hours ago, Jeroen said:

using Blisk, an awesome browser for developers.

This is the first time I've heard of this browser. Looks awesome and luckily based on Chromium! (I got used to its dev tools and I'm sort of lost when using other browsers' dev tools.) Thanks for the tip!

  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...