Version: 4.1.18
URL:
Print Words Curl and Lynx | |
|
AutumnWindz
Member Usergroup: Customer Joined: Oct 01, 2004 Total Topics: 14 Total Posts: 46 |
 #1
What is it with the words curl and lynx in the field articletext that does not allow the article to post? The article will post fine when either word is placed in the articletitle and articledescription fields as well as the added article fields in my form. However, when these words are by themselves in the articletext field and you click 'submit', then the following error occurs: Forbidden You don't have permission to access /suggest.php on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Now, when you add a character to the word, such as lynx_ instead of just lynx, the article will submit just fine. I recall having this issue several years ago and either those words haven't come up in all that time or something else happened. So, why does it do this with curl and lynx in only the articletext field and how can it be fixed? |
|
Paul
developer  Usergroup: Administrator Joined: Dec 20, 2001 Location: Diamond Springs, California Total Topics: 65 Total Posts: 7614 |
#2
Some overzealous PHP security configurations prevent certain words from being posted, and curl appears to be on the list. The theory is that if there are insecure scripts running on the server, some of the common exploits can still be blocked by preventing the hacker from sending certain words. Don't see how it could possibly only block certain fileds though. Both words work fine on my own setup. Edited by Paul on 01/23/08 - 5:05 PM |
|
AutumnWindz
Member Usergroup: Customer Joined: Oct 01, 2004 Total Topics: 14 Total Posts: 46 |
#3
I thought it was odd that it was only blocked in the articletext field as well, but the fact is that I was able to post an article with the words curl and lynx in every text field with the exception of articletext. This has been an issue for me since I started using the script several years ago. The installation I have had on the newspaper site since 2005 has had this problem since the beginning. Is this something with my particular server that I can let my host about? Or, is there something I can do to work around this issue? Curl and Lynx are both used as surnames as well, so this is a real issue that I need to resolve. |
|
AutumnWindz
Member Usergroup: Customer Joined: Oct 01, 2004 Total Topics: 14 Total Posts: 46 |
#4
Ok, I have been playing with it a little more and it appears the problem is with the plain text mode. If the word appears in the WYSIWYG editor it will post, however, if the editor is on plain text, the error is produced. What is the difference? |
|
Paul
developer Usergroup: Administrator Joined: Dec 20, 2001 Location: Diamond Springs, California Total Topics: 65 Total Posts: 7614 |
#5
Point your host at my post #2. My tests are without WYSIWYG, on a normal server configuration it makes no difference. The WYSIWYG mode may bypass somehow bypass the PHP security mechanisms by it's javascript somehow, or perhaps it prepends a leading space that makes a difference. |
|
AutumnWindz
Member Usergroup: Customer Joined: Oct 01, 2004 Total Topics: 14 Total Posts: 46 |
#6
Update - Information for anyone else having this issue to take to their host. I went to my VPS host with this issue and here is their response: it was a mod security filter blocking both, I have cleared it, should work properly now. [Wed Jan 30 14:58:03 2008] [error] [client ##.#.##.##] mod_security: Access denied with code 403. Pattern match "curl " at POST_PAYLOAD [severity "EMERGENCY"] [hostname "www._____.com"] [uri "/suggest.php?action=addlink&filled=1"] Edited by AutumnWindz on 01/30/08 - 1:09 PM |
|
AutumnWindz
Member Usergroup: Customer Joined: Oct 01, 2004 Total Topics: 14 Total Posts: 46 |
#7
FYI Update I recently changed hosts and ran into a similar problem again - this time with the word 'from'. Thankfully I provided the information from the fix by my previous host in this thread so I was able to give my new host the information and they were able to quickly determine it was the same issue, just with different words involved. This forum is a good backup for issues, so here is the response from the new host in the event a similar issue occurs in the future: Yes, this is a mod security problem. The "from" is being interpreted by modsec as a potential SQL injection. The same goes for words like "select", "drop" and "where". I should be able to stop this rule from causing problems. |
Sorry, you don't have permission to post. Log in, or register if you haven't yet.