You haven't written a message!
Permalink
Ever since I installed concrete5 I have had a problem with blocks such as comments and private messages. I'm finding it really hard to track it down but I think it's probably something to do with validation.
If, for example, I try to add a comment to this page
http://www.labview-tools.com/software/sqlite-api/...
and use something like
Previously I didn't have many members so it wasn't much of a problem. But I'm now getting e-mails daily of users reporting that they cannot post comments or PMs (basically anywhere with a comments field and submit).
It only happens only on some pages (like the one above). And I really cannot find a consistent way to replicate it apart from certain (unknown) character sequences on certain pages exhibit the problem. I have an equivalent test site on a local machine (windows - the live site is linux) which I cannot replicate the problem. Also, if I create a new page it is 50/50 whether I can replicate it or not.
I tried searching the forums but found nothing and I'm sorry it's a bit vague, but I'm hoping someone else with more experience of CC5 has had a similar experience and resolved it.
If, for example, I try to add a comment to this page
http://www.labview-tools.com/software/sqlite-api/...
and use something like
"asd;flk;sdf" \;\; 'JHGJHG' [/quote] It clears the message and reports "You haven't written a message!" However. this works fine [code] "asdflksdf" \;\; 'JHGJHG' [/quote] as does this [code] "asd;flk;sdf \;\; 'JHGJHG'
Previously I didn't have many members so it wasn't much of a problem. But I'm now getting e-mails daily of users reporting that they cannot post comments or PMs (basically anywhere with a comments field and submit).
It only happens only on some pages (like the one above). And I really cannot find a consistent way to replicate it apart from certain (unknown) character sequences on certain pages exhibit the problem. I have an equivalent test site on a local machine (windows - the live site is linux) which I cannot replicate the problem. Also, if I create a new page it is 50/50 whether I can replicate it or not.
I tried searching the forums but found nothing and I'm sorry it's a bit vague, but I'm hoping someone else with more experience of CC5 has had a similar experience and resolved it.
could it possibly be escaping the escapes...?
Possibly. The thing that gets me is it works on some pages but not others. I would have thought that if it was escaping then some chars would not exist rather than deleting the entire text.
Any suggestions on where I could put a couple of dumps to test the theory?
this also doesn't work either (by the way)
but this does
And so does this
My gut feeling is it's something to do with magic_quotes. But I havn't found any where in the code its used as yet.
Any suggestions on where I could put a couple of dumps to test the theory?
this also doesn't work either (by the way)
"asd;flks;df" 'JHGJHG'
but this does
"as;dflk;sdf 'JHGJHG'And so does this
"asdflksdf" 'JHGJHG'
My gut feeling is it's something to do with magic_quotes. But I havn't found any where in the code its used as yet.
yea i don't see any magic quote stuff in the core,
what blocks,
what blocks,
Any that have a text area. private messages, guest-book, comments etc.
do you have the security wall addon installed?
just tried
in a guestbook and it works fine,
"asd;flks;df" 'JHGJHG'
in a guestbook and it works fine,
Hmm.
Yes. It looks like Security Wall is causing it....how bizarre - good bit of lateral thinking on your behalf- kudos.
I had just figured out that I can send a PM from admin to anyone with no problems. But a registered user sending to admin failed- aguest however, was ok too. But I would have still been been a few days away from figuring out security wall...lol. Can you think of why it should be (just for interests sake).
I've disabled it now and will wait a couple of days to see if the complaints dry up.
Good call!
Yes. It looks like Security Wall is causing it....how bizarre - good bit of lateral thinking on your behalf- kudos.
I had just figured out that I can send a PM from admin to anyone with no problems. But a registered user sending to admin failed- aguest however, was ok too. But I would have still been been a few days away from figuring out security wall...lol. Can you think of why it should be (just for interests sake).
I've disabled it now and will wait a couple of days to see if the complaints dry up.
Good call!
well it uses a non perfect library to detect XSS attacks, i know it has caused problems in the past,
