scotsmist
Tue 10th Jun '08, 10:01am
Sorry if this has already been asked.
During a vB upgrade, all of my custom templates which have
<input type="hidden" name="s" value="$session[sessionhash]" />
had this added after the above line
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
The problem is with forms that use method="get" - the securitytoken is being passed in the URL.
Looking through the vbulletin-style.xml I see templates that use method="get" that also include the $session[sessionhash], do not have the securitytoken so my question is, do I need to go through the custom templates and remove the securitytoken that was added by the vB upgrade, from all forms that use method="get"
During a vB upgrade, all of my custom templates which have
<input type="hidden" name="s" value="$session[sessionhash]" />
had this added after the above line
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
The problem is with forms that use method="get" - the securitytoken is being passed in the URL.
Looking through the vbulletin-style.xml I see templates that use method="get" that also include the $session[sessionhash], do not have the securitytoken so my question is, do I need to go through the custom templates and remove the securitytoken that was added by the vB upgrade, from all forms that use method="get"