Security offense!! Access denied!

[BlackBird]

I think its because some modules open stuff in a new popup window or do some other kind of transaction .

I am still having the problem with ALL forms in the BE. I tried to work with it with IE instead of FF - same problem. So in fact it IS unusable here. To be able to go on with my module tests, I had to fake all DB entries and access files. So don't say unusable is a too hard word.

[BlackBird]

Found that the problem was caused by an older BE theme. Seems the SecureForm.php requires changes in the BE Themes, too.

[Luisehahne]

You can check it, the BE Theme need a variable like {FTAN} after the form tag.

Dietmar

[ruebenwurzel]

Hello,

tested it over and over again on all sites, with updeted (but non patched) versions and also did some new clean installs and cannot reproduce this error message.

But maybe biancas hint seems to be the solution. I always work with the default Backend "wb_theme". Didn't use other themes because they maybe look better but i always run in problems with them.

Matthias

[Argos]

Strange. I just tested a brand new, clean latest RC6 and had no problems (I use Argos theme of course). That is, as long as didn't have multiple tabs open. I just found out by the way that you can use multiple tabs with a simple little trick anyway (not the file hack I posted earlier).

I am disappointed though that the picture option stefek added is not yet added to the core News module. It is an essential option in my opinion.

[NorHei]

You can go and open a second tab, change a few things go back and then reload the page to have its FTAN refresh. If you try this whith more than 2 tabs you have to keep track of the last one you refreshed .  Try to explain that to your Client   

For me the atempt to install that news thingy simply lead to a bunch of error messages and nothing else.
I dont think its a good idea to put something like that even into AMASP.
Open a module thread , let pepole test it , fix all Problems , put it on AMASP.
And then after a while its ok to discuss about adding it to the Core .

I dont even expect the patch go into the core as it is. If Devs ever decide to add this patch , it needs a complete rework as its mixed coding style and some redundant functions .

[Stefek]

For me the atempt to install that news thingy simply lead to a bunch of error messages and nothing else.
I dont think its a good idea to put something like that even into AMASP.

As I remeber the problems you ran into where the same with a untoutched news module.
There shouldn't be any problems with my changes what so ever, despite those already are part of the module.

Stefek

[NorHei]

Just want to mention, this is the wrong thread for news 

[Luisehahne]

INFO!
We are working for a solution, only one FTan for each page, so all sections (module) have the same one.

The actually working is that each sections has his own FTAN and run in security error.

Ok that solved not the multitab problem, but many others.

Dietmar

[NorHei]

Jep, confirmed.
The erratic behavior seems to have  its origin in multiple section forms, that generate a FTAN for each section of the form. But only the last FTAN generated is valid, all other sections will malfunction.

Another problem i see is having javascript open a secondary form, for example to upload an image.
If the secondary form is send the main form is no longer valid. 

[babsy]

hi i just installed a new website with this 2.8.2 version, but i can´t make an page?
i just get the message:

Security offense!! Access denied!

i have followed the installed guide, and everything worked fine, and i can´t seem to find any information about how to get pass this message, and get started to make pages?

[Argos]

Untill someone comes wih a solution, you can disable the security function (FTAN) in the admin settings if you like, and see if that helps.

[babsy]

Actually, i can´t do anything in the backend, without getting the message:
Security offense!! Access denied!

i can´t make any changes in the admin security

[maverik]

1) say sleep well for 24 hours to the browser you installed wb 
2) take another browser and go to admin tools > secure form switcher and activate multitab
3) save
4) for now on all should work fine >> i hope

[babsy]

Hi yes.. i will do that.. and i see it workes ok in IE

[NorHei]

If might although help if you close all tabs , clear cache and cookies and restart your browser.

[ufferichter]

I have read about the Security offense!! Access denied!and tryed everything now, i cant update from Version 2.8.1 without this problem, i dont know what to do, i go back to this version every time

[ruebenwurzel]

@ufferichter

Wich errors you have exactely? You cannot update, means this the upgrade fails? Or did the upgrade work well and you got then error messages in the backend? Did you use a built in backend-theme or your own?

As more infos we get, the better we can help.

Matthias

[ufferichter]

I just overwrite with the new files in 2.8.2 and use the upgrade.php and i altso try to use the last upgrade to overwrite files, but no mater what i do Security offense!! Access denied everytime when i try to edit or save chances, så i go back to last stable version