4images Forum & Community

4images Issues / Ausgaben => Discussion & Troubleshooting => Topic started by: mawenzi on October 22, 2009, 03:21:01 PM

Title: [BUG ?] specific URL in comments in vers. 1.7-1.7.7
Post by: mawenzi on October 22, 2009, 03:21:01 PM
... I testet version 1.7 - 1.7.7 and found in all version the following problem in comments on detail page by posting of a specific url ...
... the following url you can't post via details.php and admin/comments.php ( no db-entry, no error message ) ...
Code: [Select]
http://test.blogspot.com/2009/10/text-text-text_0123.html
... and ...
Code: [Select]
[url=http://test.blogspot.com/2009/10/text-text-text_0123.html]test.blogspot.com[/url]
( there are two "-" in the filename ... )

... the following url you can post via details.php and admin/comments.php ...
Code: [Select]
http://test.blogspot.com/2009/10/text_text-text_0123.html
... and ...
Code: [Select]
[url=http://test.blogspot.com/2009/10/text_text-text_0123.html]test.blogspot.com[/url]
( there are only one "-" in the filename ... )

... I think this is a formating-bug ...
Title: Re: [BUG ?] specific URL in comments in vers. 1.7-1.7.7
Post by: V@no on October 22, 2009, 03:27:33 PM
what do you mean by "can't post"? doest it give error message? (sorry can't test it myself at the moment)
Title: Re: [BUG ?] specific URL in comments in vers. 1.7-1.7.7
Post by: mawenzi on October 22, 2009, 03:35:27 PM
... as I said ...  no db-entry, no error message, only the same page ...
... after press "Post Comment"-Button ... there comes no "thank you" and no new comment in comment-list ...
... there comes only the same detail-page without any text in "comment-fields" in "comment-form" ...

PS. ... I saw ... on your demo-sites, you can't post url's ... (it's v@no-specificly) ... ;)
Title: Re: [BUG ?] specific URL in comments in vers. 1.7-1.7.7
Post by: V@no on October 23, 2009, 01:16:23 AM
hmmm I can't reproduce it on my 4images mobile server...

PS. ... I saw ... on your demo-sites, you can't post url's ... (it's v@no-specificly) ... ;)
Yeah, and there is a little surprise for these who try to post too many of them at once...:)
Title: Re: [BUG ?] specific URL in comments in vers. 1.7-1.7.7
Post by: mawenzi on October 23, 2009, 01:37:38 AM
... I will send you a PM with detail-pages of different 4i versions for testing ...
Title: Re: [BUG ?] specific URL in comments in vers. 1.7-1.7.7
Post by: V@no on October 23, 2009, 01:48:15 AM
Somehow I suspect it's some kind of filter on the server itself...is "mod security" installed on that server?
Title: Re: [BUG ?] specific URL in comments in vers. 1.7-1.7.7
Post by: mawenzi on October 23, 2009, 02:07:46 AM
... puh ... I can't say it ... that, I need to clarify it once with the hoster ...
... but why the server should filter such urls ... for server security ... ?
... is there a security problem for the db with a url where are two "-" in a filename ... ?
... meanwhile I will test it on my 4images mobile server to exclude 4images as the reason ...

thanks for testing
Title: Re: [BUG ?] specific URL in comments in vers. 1.7-1.7.7
Post by: V@no on October 23, 2009, 02:47:07 AM
You can try trace it by doing this:

1) make sure you have in comment_form.html:
Code: [Select]
<?php
global $mode;
?>

<input type="hidden" name="mode" value="<?=$mode;?>" />

2) add this at the end of global.php:
if ((isset($_POST['mode']) && $_POST['mode'] == "yourtext") || (isset($_GET['mode']) && $_GET['mode'] == "yourtext"))
{
  function _e($head = "", $txt = "")
  {
    echo "<pre>";
    echo "<b>".$head."</b>\n\n";
    echo htmlspecialchars(print_r($txt,1));
    echo "\n--------------\n</pre>";
  }
  _e("_GET", $_GET);
  _e("HTTP_GET_VARS", @$HTTP_GET_VARS);
  _e("_POST", $_POST);
  _e("HTTP_POST_VARS", @$HTTP_POST_VARS);
  _e("_SERVER", $_SERVER);
}


(replace "yourtext" with something only you would know)

3) open details page with &mode=yourtext and post a comment

see what _POST and HTTP_POST_VARS will show.
Title: Re: [BUG ?] specific URL in comments in vers. 1.7-1.7.7
Post by: mawenzi on October 23, 2009, 03:12:31 AM
before posting a comment, i get this...

Code: [Select]
GET

Array
(
    [image_id] => 3849
    [mode] => ...
)
--------------
HTTP_GET_VARS
Array
(
    [image_id] => 3849
    [mode] => ...
)
--------------
_POST

Array
(
)
--------------
HTTP_POST_VARS
Array
(
)
--------------

... and after posting a comment ... the url in browser dont show "&mode=..." ...
... there is the normal detailpage without any array, but with the new comment ...
Title: Re: [BUG ?] specific URL in comments in vers. 1.7-1.7.7
Post by: V@no on October 23, 2009, 03:56:53 AM
That's why I included the 1) for comment_form.html ;) that code must be inserted inside the form.
Title: Re: [BUG ?] specific URL in comments in vers. 1.7-1.7.7
Post by: mawenzi on October 23, 2009, 11:38:19 AM
... sorry, my fault ... I did not uploaded comment_form.html ... it was to late yesterday for me ...
... but now ...
Code: [Select]
Parse error: syntax error, unexpected '<' in /usr/export/www/vhosts/.../template.php(144) : eval()'d code on line 1336
... I think, it comes from the new value content ...
Title: Re: [BUG ?] specific URL in comments in vers. 1.7-1.7.7
Post by: V@no on October 23, 2009, 02:08:15 PM
oh, right, v1.7 didn't allow in line php..

maybe this will work:
Code: [Select]
<?php
global $mode;
echo 
'<input type="hidden" name="mode" value="'.$mode.'" />';
?>


Title: Re: [BUG ?] specific URL in comments in vers. 1.7-1.7.7
Post by: mawenzi on October 23, 2009, 04:29:56 PM
... and now ... in browser-html-source there is correct ...
Code: [Select]
<input type="hidden" name="mode" value="..." />

... but and after posting a comment ... the url in browser dont show "&mode=..." ...
... there is the normal detailpage without any array, but with the new comment ...
Title: Re: [BUG ?] specific URL in comments in vers. 1.7-1.7.7
Post by: V@nо on October 23, 2009, 07:56:35 PM
Can you pm me (my other account) with "yourtext" and if posible url to phpinfo.
Will check out when get home.

p.s. there is a nice ff extension, that allows intercept get/post requests, modify them before it sent to the server. Tamper Data :: Add-ons for Firefox (https://addons.mozilla.org/firefox/addon/966)
Title: Re: [BUG ?] specific URL in comments in vers. 1.7-1.7.7
Post by: mawenzi on October 29, 2009, 10:51:53 PM
... I found the reason for my comment problems ...
... it's not a 4images bug ... as you already had suspected ...
... it's a word-filter of my hoster ... it filtered all text before it stored in the db ...
... but last, it is not a realy problem for me ...

... thanks for your support ...

mawenzi