MX & MEPIS Community Forum

Linux operating systems based on Debian Stable
View unanswered posts | View unsolved topics | View active topics |



Reply to topic  [ 31 posts ]  Go to page Previous  1, 2, 3, 4  Next
Post a message with a leading slash 
Author Message
Forum Guide
Forum Guide
User avatar

Joined: Mon Jun 30, 2008 8:06 pm
Posts: 2952
Has thanked: 52 times
Have thanks: 376 times
Post # 256619
Post Re: Post a message with a standalone or leading slash
bit scary if you're getting a method not implemented for posting something with a slash...

seems like it's trying to execute some sort of macro.

of course, many web based apps that handle user input will prevent slashes and other evil sql characters, or will require that they be properly escaped to prevent sql injection attacks.

don't see this as an issue, rather a security feature


Sat Jan 01, 2011 6:02 pm

GoManutd thanked by: lucky9, peregrine
Profile
Forum Guide
Forum Guide
User avatar

Joined: Sun Aug 06, 2006 3:02 pm
Posts: 2203
Location: New Zealand BOP
Has thanked: 91 times
Have thanks: 484 times
Post # 256842
Post Re: Post a message with a standalone or leading slash
It doesn't accept leading forward slashes when they're wrapped up in code tags either and this forum rejects regular text files too.

Mike P


Mon Jan 03, 2011 4:38 am
Profile
Online
Administrator
User avatar

Joined: Wed Jul 12, 2006 2:17 pm
Posts: 10968
Location: Rochester NY
Has thanked: 898 times
Have thanks: 1568 times
Post # 256845
Post Re: Post a message with a standalone or leading slash
m_pav wrote:
It doesn't accept leading forward slashes when they're wrapped up in code tags either and this forum rejects regular text files too.

Mike P


/etc/boot

It accepts slashes with code tags. Do you mean text files as attachments?

_________________
Forum Rules
Guide - How to Ask for Help
Link to Wiki
Rich

Acer Laptop V5-572G: Intel i5, 12 GIG mem, nVidia GT720M/Intel integrated graphics
MX-14.3
Kubuntu 14.10, KDE 4.14.1
Virtualbox: Windows 7


Mon Jan 03, 2011 5:41 am
Profile
Forum Guide
Forum Guide
User avatar

Joined: Sun Aug 06, 2006 3:02 pm
Posts: 2203
Location: New Zealand BOP
Has thanked: 91 times
Have thanks: 484 times
Post # 256909
Post Re: Post a message with a standalone or leading slash
Yes to the text files as attachments, it refuses them and actual code tags as in pasted code, not formatting code tags.
Code:
[b]/[/b]etc/X11/xorg.conf


In the above example, the path to xorg.conf is wrapped in code tags, but that brings up the error, so I had to add formatting tags within the code tags for it to work, but the result is sloppy. The issue does not stop with that either. I tried all manner of things like the top left key on a US keyboard, which worked as a carriage return, yet allowed the forward slash
`/etc, so my thoughts are leading towards this forums back end trying to interpret / as bbcode outside of the [] square brackets

The following seems to support my theory, as hijack is not bbcode, yet it is accepted.
[hijack]
What would be nice is to see a list of permitted attachments and size limitations when adding an attachment
[/hijack]

Mike P


Mon Jan 03, 2011 3:41 pm
Profile
Online
Administrator
User avatar

Joined: Wed Jul 12, 2006 2:17 pm
Posts: 10968
Location: Rochester NY
Has thanked: 898 times
Have thanks: 1568 times
Post # 256916
Post Re: Post a message with a standalone or leading slash
m_pav wrote:
Yes to the text files as attachments, it refuses them and actual code tags as in pasted code, not formatting code tags.
Code:
[b]/[/b]etc/X11/xorg.conf


In the above example, the path to xorg.conf is wrapped in code tags, but that brings up the error, so I had to add formatting tags within the code tags for it to work, but the result is sloppy. The issue does not stop with that either. I tried all manner of things like the top left key on a US keyboard, which worked as a carriage return, yet allowed the forward slash
`/etc, so my thoughts are leading towards this forums back end trying to interpret / as bbcode outside of the [] square brackets

The following seems to support my theory, as hijack is not bbcode, yet it is accepted.
[hijack]
What would be nice is to see a list of permitted attachments and size limitations when adding an attachment
[/hijack]

Mike P

I have enabled text file attachments.
I only wrap the slash with code tags, to make it post, not the whole path. It posts every time for me.

And Karen has a ticket in to fix it on the server. Please be patient.

EDIT: We are looking into adding that info real time, but it may be difficult. In the interim, I have posted the information in the How-To forum.
EDIT2:The How-To will have to do. Implementing file attachment information when adding an attachment is is very difficult for technical reasons. Perhaps in a future version of phpBB it will be added by the developers.

_________________
Forum Rules
Guide - How to Ask for Help
Link to Wiki
Rich

Acer Laptop V5-572G: Intel i5, 12 GIG mem, nVidia GT720M/Intel integrated graphics
MX-14.3
Kubuntu 14.10, KDE 4.14.1
Virtualbox: Windows 7


Last edited by richb on Mon Jan 03, 2011 5:40 pm, edited 2 times in total.

Added EDIT2



Mon Jan 03, 2011 4:09 pm
Profile
Forum Regular
Forum Regular
User avatar

Joined: Thu Aug 17, 2006 7:56 am
Posts: 874
Location: Scotland
Has thanked: 87 times
Have thanks: 45 times
Post # 259893
Post Re: Post a message with a standalone or leading slash
Problem is this looks really ugly when trying to quote contents of files within a code block. Anyone know how get code blocks to show leading '/' correctly without have to put something around it...?

e.g. this looks very bad:
Code:
[i]/[/i]etc/fstab


Wed Jan 26, 2011 4:32 pm
Profile
Online
Administrator
User avatar

Joined: Wed Jul 12, 2006 2:17 pm
Posts: 10968
Location: Rochester NY
Has thanked: 898 times
Have thanks: 1568 times
Post # 259895
Post Re: Post a message with a standalone or leading slash
wireman wrote:
Problem is this looks really ugly when trying to quote contents of files within a code block. Anyone know how get code blocks to show leading '/' correctly without have to put something around it...?

e.g. this looks very bad:
Code:
[i]/[/i]etc/fstab


Currently there is no way that I know of. That is what we are trying to fix with the server people.

_________________
Forum Rules
Guide - How to Ask for Help
Link to Wiki
Rich

Acer Laptop V5-572G: Intel i5, 12 GIG mem, nVidia GT720M/Intel integrated graphics
MX-14.3
Kubuntu 14.10, KDE 4.14.1
Virtualbox: Windows 7


Wed Jan 26, 2011 4:35 pm

richb thanked by: wireman
Profile
Forum Regular
Forum Regular
User avatar

Joined: Thu Aug 17, 2006 7:56 am
Posts: 874
Location: Scotland
Has thanked: 87 times
Have thanks: 45 times
Post # 259905
Post Re: Post a message with a standalone or leading slash
Quote:
Currently there is no way that I know of. That is what we are trying to fix with the server people.


OK. Here's hoping you get a solution.


Wed Jan 26, 2011 5:08 pm
Profile
Forum Veteran
Forum Veteran
User avatar

Joined: Wed Jul 12, 2006 5:54 am
Posts: 11093
Location: Tulsa, Oklahoma U.S.A.
Has thanked: 3861 times
Have thanks: 906 times
Post # 259922
Post Re: Post a message with a standalone or leading slash
/home/user/ should work also. And I think it looks better.

PS: I got another server error when originally posting this post.

_________________
Yes, even I am dishonest. Not in many ways, but in some. Forty-one, I think it is.
--Mark Twain


Wed Jan 26, 2011 6:48 pm
Profile
Forum Guide
Forum Guide
User avatar

Joined: Mon Jun 30, 2008 8:06 pm
Posts: 2952
Has thanked: 52 times
Have thanks: 376 times
Post # 259935
Post Re: Post a message with a standalone or leading slash
i've found the source of the error. it's a security feature that needs to be tweaked. it is not forum software related.


Wed Jan 26, 2011 7:24 pm Profile
Display posts from previous:  Sort by  
Reply to topic   [ 31 posts ]  Go to page Previous  1, 2, 3, 4  Next

Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by STSoftware for PTF.