Member is receiving "Tried to redirect to potentially insecure url" after posting/log in

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Scam Warning
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Locked
corleoner
Registered User
Posts: 189
Joined: Wed Jan 29, 2014 9:57 pm

Member is receiving "Tried to redirect to potentially insecure url" after posting/log in

Post by corleoner » Fri Jul 08, 2016 7:29 pm

Greetings.

Today a user told me about an issue they've encountered while logging in and posting. He says every time he posts or logs in, he gets the following message:

Here's his words:
Actually here is the message I get everytime I log in or post (it does however have a link for me to return to index page) -----> General Error Tried to redirect to potentially insecure url.
I asked him to copy the page source, and here's where I think it may be:

Code: Select all

<body id="errorpage"><div id="wrap"> <div id="page-header"> <a href="./">Return to the index page</a> </div> <div id="acp"> <div class="panel"> <div id="content"> <h1>General Error</h1> <div>Tried to redirect to potentially insecure url.</div><p>Please notify the board administrator or webmaster: <a href="/cdn-cgi/l/email-protection#5b282e2b2b34292f1b293a323f3e293d34292e362875383436"><span class="__cf_email__" data-cfemail="b3c0c6c3c3dcc1c7f3c1d2dad7d6c1d5dcc1c6dec09dd0dcde">[email&#160;protected]</span>
From what I can gather, I believe this may have started when I updated to 3.0.14 a few weeks ago. The only other mod I've added was the auto backup mod.

Here's the full code FYI:

Code: Select all

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr"><head><meta http-equiv="content-type" content="text/html; charset=utf-8" /><title>General Error</title><script type="text/javascript">
//<![CDATA[
try{if (!window.CloudFlare) {var CloudFlare=[{verbose:0,p:1467991416,byc:0,owlid:"cf",bag2:1,mirage2:0,oracle:0,paths:{cloudflare:"/cdn-cgi/nexp/dok3v=1613a3a185/"},atok:"45e0a19b5d2bc13deae2416f8bb7fdc0",petok:"8fbd9b38c34f02a52b61ee244e7edc41bff5720c-1468004577-1800",zone:"raiderforums.com",rocket:"0",apps:{"ga_key":{"ua":"UA-72262668-1","ga_bs":"2"}},sha2test:0}];!function(a,b){a=document.createElement("script"),b=document.getElementsByTagName("script")[0],a.async=!0,a.src="//ajax.cloudflare.com/cdn-cgi/nexp/dok3v=e982913d31/cloudflare.min.js",b.parentNode.insertBefore(a,b)}()}}catch(e){};
//]]>
</script>
<style type="text/css">
/* <![CDATA[ */
* { margin: 0; padding: 0; } html { font-size: 100%; height: 100%; margin-bottom: 1px; background-color: #E4EDF0; } body { font-family: "Lucida Grande", Verdana, Helvetica, Arial, sans-serif; color: #536482; background: #E4EDF0; font-size: 62.5%; margin: 0; } a:link, a:active, a:visited { color: #006699; text-decoration: none; } a:hover { color: #DD6900; text-decoration: underline; } #wrap { padding: 0 20px 15px 20px; min-width: 615px; } #page-header { text-align: right; height: 40px; } #page-footer { clear: both; font-size: 1em; text-align: center; } .panel { margin: 4px 0; background-color: #FFFFFF; border: solid 1px #A9B8C2; } #errorpage #page-header a { font-weight: bold; line-height: 6em; } #errorpage #content { padding: 10px; } #errorpage #content h1 { line-height: 1.2em; margin-bottom: 0; color: #DF075C; } #errorpage #content div { margin-top: 20px; margin-bottom: 5px; border-bottom: 1px solid #CCCCCC; padding-bottom: 5px; color: #333333; font: bold 1.2em "Lucida Grande", Arial, Helvetica, sans-serif; text-decoration: none; line-height: 120%; text-align: left; }
/* ]]> */
</style><script type="text/javascript">
/* <![CDATA[ */
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-72262668-1']);
_gaq.push(['_trackPageview']);

(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

(function(b){(function(a){"__CF"in b&&"DJS"in b.__CF?b.__CF.DJS.push(a):"addEventListener"in b?b.addEventListener("load",a,!1):b.attachEvent("onload",a)})(function(){"FB"in b&&"Event"in FB&&"subscribe"in FB.Event&&(FB.Event.subscribe("edge.create",function(a){_gaq.push(["_trackSocial","facebook","like",a])}),FB.Event.subscribe("edge.remove",function(a){_gaq.push(["_trackSocial","facebook","unlike",a])}),FB.Event.subscribe("message.send",function(a){_gaq.push(["_trackSocial","facebook","send",a])}));"twttr"in b&&"events"in twttr&&"bind"in twttr.events&&twttr.events.bind("tweet",function(a){if(a){var b;if(a.target&&a.target.nodeName=="IFRAME")a:{if(a=a.target.src){a=a.split("#")[0].match(/[^?=&]+=([^&]*)?/g);b=0;for(var c;c=a[b];++b)if(c.indexOf("url")===0){b=unescape(c.split("=")[1]);break a}}b=void 0}_gaq.push(["_trackSocial","twitter","tweet",b])}})})})(window);
/* ]]> */
</script>
</head><body id="errorpage"><div id="wrap"> <div id="page-header"> <a href="./">Return to the index page</a> </div> <div id="acp"> <div class="panel"> <div id="content"> <h1>General Error</h1> <div>Tried to redirect to potentially insecure url.</div><p>Please notify the board administrator or webmaster: <a href="/cdn-cgi/l/email-protection#5b282e2b2b34292f1b293a323f3e293d34292e362875383436"><span class="__cf_email__" data-cfemail="b3c0c6c3c3dcc1c7f3c1d2dad7d6c1d5dcc1c6dec09dd0dcde">[email&#160;protected]</span><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script></a></p> </div> </div> </div> <div id="page-footer"> Powered by <a href="https://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group </div></div><script type="text/javascript">/* <![CDATA[ */(function(d,s,a,i,j,r,l,m,t){try{l=d.getElementsByTagName('a');t=d.createElement('textarea');for(i=0;l.length-i;i++){try{a=l[i].href;s=a.indexOf('/cdn-cgi/l/email-protection');m=a.length;if(a&&s>-1&&m>28){j=28+s;s='';if(j<m){r='0x'+a.substr(j,2)|0;for(j+=2;j<m&&a.charAt(j)!='X';j+=2)s+='%'+('0'+('0x'+a.substr(j,2)^r).toString(16)).slice(-2);j++;s=decodeURIComponent(s)+a.substr(j,m-j)}t.innerHTML=s.replace(/</g,'<').replace(/>/g,'>');l[i].href='mailto:'+t.value}}catch(e){}}}catch(e){}})(document);/* ]]> */</script></body></html> 

Support Request Template
What version of phpBB are you using? phpBB 3.0.14
What is your board's URL? http://raiderforums.com
Who do you host your board with? hostdime
How did you install your board? I used the download package from phpBB.com
What is the most recent action performed on your board? Update from a previous version of phpBB3
Is registration required to reproduce this issue? Yes
Do you have any MODs installed? Yes
Do you have any extensions installed? No
What version of phpBB3 did you update from? phpBB 3.0.12
What MODs do you have installed? Share On Details Uninstall


Wed Dec 04, 2013 9:48 am
Thanks for posts Details Uninstall

Mon Dec 09, 2013 8:54 pm
Topic Preview Details Uninstall

Fri Dec 20, 2013 11:30 am
Prime Quote Remover Details Uninstall

Mon Jan 27, 2014 4:50 pm
Prime Links Details Uninstall

Tue Jan 28, 2014 3:27 pm
Prime Instant Redirect Details Uninstall

Tue Jan 28, 2014 4:27 pm
Prime Login Return Details Uninstall

Tue Jan 28, 2014 4:29 pm
Prime Quick Reply Details Uninstall

Tue Jan 28, 2014 9:59 pm
Prime Logout Return Details Uninstall

Wed Jan 29, 2014 7:36 am
Red Blinking PM MOD Details Uninstall

Tue Feb 04, 2014 9:51 am
Anti Double Post Details Uninstall

Tue Feb 04, 2014 6:35 pm
Top Stats Details Uninstall


Mon Feb 10, 2014 8:53 am
Prime Quick Style Details Uninstall

Fri Feb 14, 2014 3:28 pm
Prime Parse URL Fix Details Uninstall

Thu Feb 20, 2014 5:17 pm
Ultimate Points Details Uninstall

Sun Feb 23, 2014 11:23 am
Full Style Refresh Details Uninstall

Sun Feb 23, 2014 1:47 pm
Latest Topic Title Details Uninstall

Sun Feb 23, 2014 3:40 pm
Debug Errors and Notices Details Uninstall

Sun Feb 23, 2014 9:48 pm
phpBB mChat Details Uninstall

Tue Feb 25, 2014 8:43 am
Prime Quick Buddies Details Uninstall

Wed Apr 02, 2014 9:49 am
Prime BBCode Spoiler Details Uninstall

Sun Apr 13, 2014 3:14 pm
Prime Nest BBCodes Details Uninstall

Mon Apr 21, 2014 6:08 pm
KeyCAPTCHA Details Uninstall

Tue Apr 29, 2014 2:07 pm
Prime Ban to Group Details Uninstall

Fri May 30, 2014 6:24 am
Sortables CAPTCHA Plugin Details Uninstall

Sat Jan 10, 2015 10:37 am
ACP Announcement Centre Details Uninstall

Tue Feb 17, 2015 7:48 am
Prime Birthdate Details Uninstall

Tue Feb 17, 2015 9:08 am
Medal System Details Uninstall

Fri Mar 06, 2015 12:42 pm
Quote Post Back Link (QPBL) Details Uninstall

Sat Mar 07, 2015 5:02 pm
Prime User Topics Details Uninstall

Wed Mar 11, 2015 4:43 pm
Prime Post Revisions Details Uninstall

Mon Mar 16, 2015 7:45 am
Automatic DST 2 Details Uninstall

Mon Mar 16, 2015 3:25 pm
Changing methods for password reset Details Uninstall

Tue Nov 10, 2015 2:11 pm
Prime Trash Bin Details Uninstall

Wed Nov 25, 2015 1:02 pm
Show Users Browsing Topic Details Uninstall

Wed May 04, 2016 12:36 pm
Paypal Donation Mod Details Uninstall

Thu May 05, 2016 11:56 am
Prime Self Topics Details Uninstall

Fri Jun 17, 2016 11:21 am
Advanced Custom Rank Titles Details Uninstall

Mon Jun 20, 2016 9:18 pm
Auto Backup Details Uninstall

Wed Jun 22, 2016 6:42 am
ReIMG Image Resizer
What styles do you currently have installed? rockettheme corvus
What language(s) is your board currently using? en
Which database type/version are you using? I Don't Know
What is your level of experience? New to PHP and phpBB
What username can be used to view this issue? No answer given
What password can be used to view this issue? No answer given
What actions did you take (updating your board; installing a MOD, style or extension; etc.) prior to this problem becoming noticeable? I believe this problem occurred after updating to 3.0.14, but I'm not positive as I can't replicate the issue myself.
Please describe your problem. General Error Tried to redirect to potentially insecure url.
Generated by SRT Generator

corleoner
Registered User
Posts: 189
Joined: Wed Jan 29, 2014 9:57 pm

Re: Member is receiving "Tried to redirect to potentially insecure url" after posting/log in

Post by corleoner » Fri Jul 08, 2016 7:39 pm

could this be the reason? (I do have login redirect, but not the bridge version through wordpress, just the prime redirect mod).

http://bridgedd.com/support/viewtopic.php?f=24&t=338
That's due to the "security fix" (in quotes because it was a stupid change) added in phpBB 3.0.14. That "fix" is going to break a lot of sites that use login redirection.

I am planning to release new versions of BridgeDD and BridgeDD PRO this weekend, and they will have a workaround for this "security fix". In the meantime, you can use the regular Login/Logout widget instead of the phpBB Login/Logout widget.

Alternately, if you are comfortable with editing phpBB core files, this problem can be solved by reverting the "fix" back to the code that existed in all previous versions of phpBB. It's a one-line change. Find this line in includes/functions.php:

corleoner
Registered User
Posts: 189
Joined: Wed Jan 29, 2014 9:57 pm

Re: Member is receiving "Tried to redirect to potentially insecure url" after posting/log in

Post by corleoner » Fri Jul 08, 2016 7:48 pm

I'm pretty sure that's gotta be it.

Can I just remove the line that 3.0.14 added?

Code: Select all

	// Make sure we don't redirect to external URLs
	if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0)
	{
		trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
	}
Or should I investigate the problem because this shouldn't be causing an issue?

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 49313
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Member is receiving "Tried to redirect to potentially insecure url" after posting/log in

Post by stevemaury » Fri Jul 08, 2016 8:20 pm

Please stop bumping your topic in violation of our 6 hour bump rule. If you have something to add within 6 hours, edit your prior post. Thanks.
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. PM or email me.

All unsolicited PMs will be ignored.

corleoner
Registered User
Posts: 189
Joined: Wed Jan 29, 2014 9:57 pm

Re: Member is receiving "Tried to redirect to potentially insecure url" after posting/log in

Post by corleoner » Fri Jul 08, 2016 8:27 pm

stevemaury wrote:Please stop bumping your topic in violation of our 6 hour bump rule. If you have something to add within 6 hours, edit your prior post. Thanks.
I figured I was allowed.

If a topic is already at the top, how is it getting "bumped"? The 3 posts were about 10 minutes apart, and I figured it was within the rules, it's not like I was trying to get extra attention to leapfrog other support topics.

Jeez, cut me some slack on this one, I don't cause you guys problems, I know how to follow rules, you could have at least offered some advice despite my annoying presence to your wonderful day. :D

[EDIT] - some of that was tongue in cheek. After re-reading it I figured I should let you know that since tone isn't always easy to recognize over the internet.

User avatar
david63
Jr. Extension Validator
Posts: 14551
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: Member is receiving "Tried to redirect to potentially insecure url" after posting/log in

Post by david63 » Fri Jul 08, 2016 8:37 pm

I would hazard a guess that your problem is due to moving between https and http (your site is https not http as you stated above) and is probably being compounded by using Cloudflare.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
JimA
Community Team Leader
Community Team Leader
Posts: 7276
Joined: Thu Jul 31, 2008 5:54 am
Location: The Netherlands
Name: Jim Mossing Holsteyn
Contact:

Re: Member is receiving "Tried to redirect to potentially insecure url" after posting/log in

Post by JimA » Fri Jul 08, 2016 8:44 pm

corleoner wrote: I figured I was allowed.

If a topic is already at the top, how is it getting "bumped"? The 3 posts were about 10 minutes apart, and I figured it was within the rules, it's not like I was trying to get extra attention to leapfrog other support topics.
Like Steve said, we prefer you edit your original post when you have new information if you're still within six hours. Whilst your intention might not be to get your topic to the top of the queue, we usually can't tell the difference and therefore ask everybody not to double-post within those six hours. Additionally, the supporting members usually start with handling the oldest posts first.

If you have any questions about this rule, or any of our other rules, feel free to send a PM about this. :)

Also, I think that your trouble might be caused by a combination of the code addition that you posted yourselves in 3.0.14 which doesn't cope well with the Prime Instant Redirect MOD. We've seen that before.
Image Jim Mossing Holsteyn - Community Team Leader
Knowledge Base | Documentation | Board rules

If you're having any questions about the rules/customs of this website, feel free to drop me a PM.

corleoner
Registered User
Posts: 189
Joined: Wed Jan 29, 2014 9:57 pm

Re: Member is receiving "Tried to redirect to potentially insecure url" after posting/log in

Post by corleoner » Fri Jul 08, 2016 8:58 pm

david63 wrote:I would hazard a guess that your problem is due to moving between https and http (your site is https not http as you stated above) and is probably being compounded by using Cloudflare.
I overlooked that in the template, but it's always been https since we opened in 2013.
JimA wrote:
Also, I think that your trouble might be caused by a combination of the code addition that you posted yourselves in 3.0.14 which doesn't cope well with the Prime Instant Redirect MOD. We've seen that before.
Thanks Jim, I removed the edit from functions and as long as that fixes it then I'm good with it.

Locked

Return to “[3.0.x] Support Forum”

Who is online

Users browsing this forum: No registered users and 81 guests