and blocks the visitors.
You need to be logged in to post in the forum - Log In
An active JCE Pro Subscription is required to post in the forum - Buy a Subscription
Support is currently Offline
09:00 - 17:00 Europe/London (BST)
Please create a new Ticket and we will get back to you as soon as we can.
#101881 Jcemediabox 2 and admintools: csrf block
This is a public ticket
Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Latest post by Ryan on Saturday, 07 December 2019 12:23 GMT
Wednesday, 27 November 2019 08:22 GMT
and blocks the visitors.
Wednesday, 27 November 2019 09:50 GMT
Please download and install JCE MediaBox 2.0.13 - https://www.joomlacontenteditor.net/downloads/mediabox
Ryan Demmer
Lead Developer / CEO / CTO
Just because you're not paranoid doesn't mean everybody isn't out to get you.
Saturday, 30 November 2019 13:44 GMT
Why are tooltip.html and popup.html still called?
They are not used in JCE MediaBox 2.
Please uninstall JCE MediaBox 2, then re-install.
Ryan Demmer
Lead Developer / CEO / CTO
Just because you're not paranoid doesn't mean everybody isn't out to get you.
Sunday, 01 December 2019 13:33 GMT
Peter
Sunday, 01 December 2019 19:27 GMT
Ryan Demmer
Lead Developer / CEO / CTO
Just because you're not paranoid doesn't mean everybody isn't out to get you.
Monday, 02 December 2019 09:54 GMT
What is displayed when a visitor clicks on the popup?
Ryan Demmer
Lead Developer / CEO / CTO
Just because you're not paranoid doesn't mean everybody isn't out to get you.
Tuesday, 03 December 2019 18:41 GMT
I will try to get more information, on which page it happens.
Peter
Saturday, 07 December 2019 08:24 GMT
---
It seems that all the blocks are from users using their mobile phones; moreover there is nothing in the request, it seems that they are requesting the file directly.
My theory is that in this cache mobile phone browser is pre-fetching the page, even if they are guests, triggering Admin Tools protection.
---
So it seems that both files are called in cache.
Were popup.html and tooltip.html available before 2.0.13?
Saturday, 07 December 2019 12:23 GMT
---
It seems that all the blocks are from users using their mobile phones; moreover there is nothing in the request, it seems that they are requesting the file directly.
My theory is that in this cache mobile phone browser is pre-fetching the page, even if they are guests, triggering Admin Tools protection.
---
So it seems that both files are called in cache.
That seems a reasonable assessment to me. The user's browser has cached the old MediaBox javascript file, which is attempting to load the popup.html and tooltip.html files when the page loads. This action is then being blocked by Admin Tools.
Were popup.html and tooltip.html available before 2.0.13?
They were included in MediaBox 1.2.x
Ryan Demmer
Lead Developer / CEO / CTO
Just because you're not paranoid doesn't mean everybody isn't out to get you.
Please wait
Your post is being submitted…