Invalid redirect url appearing since security patch

**canyoncomposite** · Fri 15 Jul '11, 12:04pm

I'm having the same problem running Vbulletin 3.8 as well.

**Hawk2** · Fri 15 Jul '11, 12:35pm

This is probably a cookie domain/path issue. To fix this, upload the tools.php script in the 'do_not_upload' folder of the vB zip file to your Admin CP directory and run it from your browser. Use this to reset the cookie domain and path back to the defaults. And then leave your cookie domain and path at the default settings. There is no reason to change these. If you need to specify a unique cookie, use the cookie prefix setting in config.php instead.

**Black Tiger** · Fri 15 Jul '11, 2:12pm

Why do you think it's a cookie domain/path issue? Nothing is changed, it worked before, and problem started after applying the security patch.
So there is no reason to think it would be a cookie problem. The cookie path never changed and neither did any kindlike settings.

So thank you for thinking with us, but the cause of the problem is the security patch, as is also to be seen in a couple vb4 threads.

**canyoncomposite** · Fri 15 Jul '11, 4:09pm

I'll try the tools.php method. In the meanwhile though I changed the "$vbphrase[invalid_redirect_url_x]" phrase to a more informative one for my users.

**Black Tiger** · Fri 15 Jul '11, 4:25pm

When correctly reading the cookie path setting, it should not be default when using domain.com and *.domain.com (f.e. forum.domain.com or www.domain.com), because in that case the correct setting should be .domain.com and not default.
However, I've always used the default and it always worked fine so I'll wait and see if your problem gets solved by using the tools.php. I doubt it because I'm having this problem at 3 different forums, and only after applying the security fix.

**Lynne** · Fri 15 Jul '11, 4:28pm

Do you guys all allow users to browse your site via both www.yoursite.com and just yoursite.com? If so, you need to have the cookie domain set to be ".yoursite.com" (no quotes, but note the period at the beginning).

**Black Tiger** · Fri 15 Jul '11, 4:30pm

Yes, at least I do. So my explanation about how the cookie domain setting should be, is correct.
However it's strange this problem did not occur before the security patch.
The correct setting is already the only possible setting in the pulldown menu, so it's easy to change.

**Lynne** · Fri 15 Jul '11, 4:32pm

Originally posted by Black Tiger

Yes, at least I do. So my explanation about how the cookie domain setting should be, is correct.
However it's strange this problem did not occur before the security patch.
The correct setting is already the only possible setting in the pulldown menu, so it's easy to change.

So you are set up correctly and your users go to sitea.com and then get a message about an invalid redirection to siteb.com (the OP used two different domain urls in describing his problem).

If so, try disabling your modifications/plugins and see if you still have this problem.
Note: To temporarily disable the plugin system, edit includes/config.php and add this line right under <?php

PHP Code:


define('DISABLE_HOOKS', true);

**Black Tiger** · Fri 15 Jul '11, 4:33pm

No i did use the default way... which is not correct, but now just understood that it should be different in that case.

By the way.... Is there a way to oblige your users to use www.domain.com instead of domain.com? This way I can leave everything at default.

**Black Tiger** · Fri 15 Jul '11, 4:38pm

I found an easyer solution, just add "http://domain.com/forums" to your Redirect Domain Whitelist in the Admincp->Site/Url/Contact details.
Problem fixed.

However, an automatic redirect from domain.com to www.domain.com should be nicer.

**Black Tiger** · Fri 15 Jul '11, 4:46pm

Fixed that too. So in case you only want you users to use the www version, put a .htaccess in your public_html directory with this content:

Code:

Options +FollowSymLinks 
RewriteEngine on 
RewriteCond %{HTTP_HOST} ^domain.com [NC] 
RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301]

**Bahadar Musalman** · Sat 16 Jul '11, 3:55am

i have also the same problem

i upload this vBulletin Security Patch for vB 3.8.7 : Low Risk "phishing" patch
after that this error is coming

my forum is in trouble becuase forums member facing troubling to login so help me

**Black Tiger** · Sat 16 Jul '11, 4:13am

One of the above solutions should be working for you.
By the way... your attached picture is not working.

**Bahadar Musalman** · Sat 16 Jul '11, 4:49am

login.php?do=login
could not find phrase 'invalid_redirect_url_x'.
this file
please make soluation for me

Attached Files

vBulletin 3 End of Life

Invalid redirect url appearing since security patch

Invalid redirect url appearing since security patch

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment