4images Forum & Community
4images Issues / Ausgaben => Discussion & Troubleshooting => Topic started by: mawenzi on October 22, 2009, 03:21:01 PM
-
... I testet version 1.7 - 1.7.7 and found in all version the following problem in comments on detail page by posting of a specific url ...
... the following url you can't post via details.php and admin/comments.php ( no db-entry, no error message ) ...
http://test.blogspot.com/2009/10/text-text-text_0123.html
... and ...
[url=http://test.blogspot.com/2009/10/text-text-text_0123.html]test.blogspot.com[/url]
( there are two "-" in the filename ... )
... the following url you can post via details.php and admin/comments.php ...
http://test.blogspot.com/2009/10/text_text-text_0123.html
... and ...
[url=http://test.blogspot.com/2009/10/text_text-text_0123.html]test.blogspot.com[/url]
( there are only one "-" in the filename ... )
... I think this is a formating-bug ...
-
what do you mean by "can't post"? doest it give error message? (sorry can't test it myself at the moment)
-
... as I said ... no db-entry, no error message, only the same page ...
... after press "Post Comment"-Button ... there comes no "thank you" and no new comment in comment-list ...
... there comes only the same detail-page without any text in "comment-fields" in "comment-form" ...
PS. ... I saw ... on your demo-sites, you can't post url's ... (it's v@no-specificly) ... ;)
-
hmmm I can't reproduce it on my 4images mobile server...
PS. ... I saw ... on your demo-sites, you can't post url's ... (it's v@no-specificly) ... ;)
Yeah, and there is a little surprise for these who try to post too many of them at once...:)
-
... I will send you a PM with detail-pages of different 4i versions for testing ...
-
Somehow I suspect it's some kind of filter on the server itself...is "mod security" installed on that server?
-
... puh ... I can't say it ... that, I need to clarify it once with the hoster ...
... but why the server should filter such urls ... for server security ... ?
... is there a security problem for the db with a url where are two "-" in a filename ... ?
... meanwhile I will test it on my 4images mobile server to exclude 4images as the reason ...
thanks for testing
-
You can try trace it by doing this:
1) make sure you have in comment_form.html:
<?php
global $mode;
?>
<input type="hidden" name="mode" value="<?=$mode;?>" />
2) add this at the end of global.php:
if ((isset($_POST['mode']) && $_POST['mode'] == "yourtext") || (isset($_GET['mode']) && $_GET['mode'] == "yourtext"))
{
function _e($head = "", $txt = "")
{
echo "<pre>";
echo "<b>".$head."</b>\n\n";
echo htmlspecialchars(print_r($txt,1));
echo "\n--------------\n</pre>";
}
_e("_GET", $_GET);
_e("HTTP_GET_VARS", @$HTTP_GET_VARS);
_e("_POST", $_POST);
_e("HTTP_POST_VARS", @$HTTP_POST_VARS);
_e("_SERVER", $_SERVER);
}
(replace "yourtext" with something only you would know)
3) open details page with &mode=yourtext and post a comment
see what _POST and HTTP_POST_VARS will show.
-
before posting a comment, i get this...
GET
Array
(
[image_id] => 3849
[mode] => ...
)
--------------
HTTP_GET_VARS
Array
(
[image_id] => 3849
[mode] => ...
)
--------------
_POST
Array
(
)
--------------
HTTP_POST_VARS
Array
(
)
--------------
... and after posting a comment ... the url in browser dont show "&mode=..." ...
... there is the normal detailpage without any array, but with the new comment ...
-
That's why I included the 1) for comment_form.html ;) that code must be inserted inside the form.
-
... sorry, my fault ... I did not uploaded comment_form.html ... it was to late yesterday for me ...
... but now ...
Parse error: syntax error, unexpected '<' in /usr/export/www/vhosts/.../template.php(144) : eval()'d code on line 1336
... I think, it comes from the new value content ...
-
oh, right, v1.7 didn't allow in line php..
maybe this will work:
<?php
global $mode;
echo '<input type="hidden" name="mode" value="'.$mode.'" />';
?>
-
... and now ... in browser-html-source there is correct ...
<input type="hidden" name="mode" value="..." />
... but and after posting a comment ... the url in browser dont show "&mode=..." ...
... there is the normal detailpage without any array, but with the new comment ...
-
Can you pm me (my other account) with "yourtext" and if posible url to phpinfo.
Will check out when get home.
p.s. there is a nice ff extension, that allows intercept get/post requests, modify them before it sent to the server. Tamper Data :: Add-ons for Firefox (https://addons.mozilla.org/firefox/addon/966)
-
... I found the reason for my comment problems ...
... it's not a 4images bug ... as you already had suspected ...
... it's a word-filter of my hoster ... it filtered all text before it stored in the db ...
... but last, it is not a realy problem for me ...
... thanks for your support ...
mawenzi