WebmasterSite.net: PHP scripts to enable your creativity
WSN Links PHP Directory Software
PHP Scripts Webmaster Links Support Forums

Register | Forgot Password
WSN Support » WSN Knowledge Base » Words Curl and Lynx » Words Curl and Lynx

Words Curl and Lynx

Version: 4.1.18
printPrint


Words Curl and Lynx
AutumnWindz
Member

Usergroup: Customer
Joined: Oct 01, 2004
Total Topics: 10
Total Posts: 32
Posted 01/21/08 - 12:29 PM:
quote post
#1
What is it with the words curl and lynx in the field articletext that does not allow the article to post? The article will post fine when either word is placed in the articletitle and articledescription fields as well as the added article fields in my form. However, when these words are by themselves in the articletext field and you click 'submit', then the following error occurs:

Forbidden
You don't have permission to access /suggest.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Now, when you add a character to the word, such as lynx_ instead of just lynx, the article will submit just fine. I recall having this issue several years ago and either those words haven't come up in all that time or something else happened.

So, why does it do this with curl and lynx in only the articletext field and how can it be fixed?
Paul
Administrator
Avatar

Usergroup: Administrator
Joined: Dec 21, 2001
Location: Northern California
Total Topics: 55
Total Posts: 5961
Posted 01/23/08 - 05:02 PM:
quote post
#2
Some overzealous PHP security configurations prevent certain words from being posted, and curl appears to be on the list. The theory is that if there are insecure scripts running on the server, some of the common exploits can still be blocked by preventing the hacker from sending certain words. Don't see how it could possibly only block certain fileds though.

Both words work fine on my own setup.

Edited by Paul on 01/23/08 - 05:05 PM
"Do things you love doing, because then it ain't work. Don't do something you don't really enjoy, because you're never going to work hard enough at it." - Bob Young, founder of Red Hat
AutumnWindz
Member

Usergroup: Customer
Joined: Oct 01, 2004
Total Topics: 10
Total Posts: 32
Posted 01/26/08 - 12:16 AM:
quote post
#3
I thought it was odd that it was only blocked in the articletext field as well, but the fact is that I was able to post an article with the words curl and lynx in every text field with the exception of articletext. This has been an issue for me since I started using the script several years ago. The installation I have had on the newspaper site since 2005 has had this problem since the beginning. Is this something with my particular server that I can let my host about? Or, is there something I can do to work around this issue? Curl and Lynx are both used as surnames as well, so this is a real issue that I need to resolve.
AutumnWindz
Member

Usergroup: Customer
Joined: Oct 01, 2004
Total Topics: 10
Total Posts: 32
Posted 01/26/08 - 12:25 AM:
quote post
#4
Ok, I have been playing with it a little more and it appears the problem is with the plain text mode. If the word appears in the WYSIWYG editor it will post, however, if the editor is on plain text, the error is produced. What is the difference?
Paul
Administrator
Avatar

Usergroup: Administrator
Joined: Dec 21, 2001
Location: Northern California
Total Topics: 55
Total Posts: 5961
Posted 01/28/08 - 12:50 AM:
quote post
#5
Point your host at my post #2.

My tests are without WYSIWYG, on a normal server configuration it makes no difference. The WYSIWYG mode may bypass somehow bypass the PHP security mechanisms by it's javascript somehow, or perhaps it prepends a leading space that makes a difference.
"Do things you love doing, because then it ain't work. Don't do something you don't really enjoy, because you're never going to work hard enough at it." - Bob Young, founder of Red Hat
AutumnWindz
Member

Usergroup: Customer
Joined: Oct 01, 2004
Total Topics: 10
Total Posts: 32
Posted 01/30/08 - 01:05 PM:
quote post
#6
Update - Information for anyone else having this issue to take to their host.

I went to my VPS host with this issue and here is their response:

it was a mod security filter blocking both, I have cleared it, should work properly now.

[Wed Jan 30 14:58:03 2008] [error] [client ##.#.##.##] mod_security: Access denied with code 403. Pattern match "curl " at POST_PAYLOAD [severity "EMERGENCY"] [hostname "www._____.com"] [uri "/suggest.php?action=addlink&filled=1"]

Edited by AutumnWindz on 01/30/08 - 01:09 PM
Search thread for
Download thread as


You don't have permission to post.

Please login or register.

© 2008

   
 
© 2008 Paul Knierim. All rights reserved.