I am facing one kinda odd problem and I'd appreciate any help.
I am looking to have a page submit a Google Adsense code and then save it to the database (I have a input field to accept GA code and a submit button, very simple form)
The thing is, I always get 403 forbidden when submiting a form, if input field contain "<script>" as a value.
If I try to submit anything else it works fine, but I can't figure out why text must not contain "<script>".
Note: it's not a problem with mysql escape or something similar, it happens even if I comment out complete PHP code. It just seems like POST won't accept this.
Another thing to mention, this problem DOES NOT occurs in localhost (xampp), but only when uploaded to Namecheap hosting.
Any ideas why this happens and how to make a workaround?
Namecheap has probably configured mod_security rules on their servers so to block posts which contain tags as these tags being allowed to be posted back to a webpage opens the door to very serious client side scripting vulnerabilities if the web app doesn't handle this correctly. If the post can even make it to php (which in your case it can't) you should be able to call htmlspecialchars or htmlentities on it to filter these out. If Namecheap is doing this for you and this is a problem then there's not much you can do other than changing hosts as shared hosting doesn't allow you any say over server configuration.
I had this problem, I needed to use tags in the form I was submitting in the admin system (embedding a google adsense ad).
To fix I edited the .htaccess file and added the line
SecFilterEngine Off
I only needed to do this temporarily to get the job done & turn it back on when I'm done.
Related
I have a main php Admin page that allows me to edit information contained within my database. I have several forms on the page, and a tabbed setup that allows me to nest the edit forms within each tab. All the forms refer Action="" back to the same php page for process and the page naturally looks to see if a button isset after POSTing otherwise just loads the usual tables and does not UPDATE the database.
Prior to web deployment I utilise XAMPP to develop the pages, however, once contented with the pages I upload to HostPapa. Whilst in the XAMPP environment, when i submit my information to be processed the page loads fine, the database is UPDATEd and the Success Message displays fine. However, once I upload to HostPapa and attempt the same steps, once i click the submit button and the data is sent back to the same page for processing, only a blank screen appears. When i hit refresh though it completes the processing and displays the Success Message. Data is UPDATEd in the database and nothing else appears to be wrong.
My questions are:
Any idea why my localhost website would display fine but my live version kind of stutters through the processing
Is this a setting on HostPapa that may need changing
Have i fallen pray to a coding taboo that prompts this response in the live environment
Worth noting that I had another XAMPP/HostPapa issue where I had not utilised the correct file name with Capitals in a form and this caused a failure as the file name did not match the coded file name exactly. This was rectified by insuring that file names and coded file name were match and case sensitive. The local XAMPP server did not care about case sensitivity which makes be believe that the form submission issue noted above may be a PHP option on HostPapa that is currently turn one.
Any assistance in this matter would be appreciated.
Regards,
C
To anyone who reads this and had a similar issue when utilising multiple forms on the same page. My issue is I had breaks(empty rows) between my <?php ?> tags in the header of the document.
I used several <?php ?> tags to encompass the different $_POST functions for my own clarity. This caused the server to interpret these breaks(empty rows) as an intentional space and made it appear that the header had already been sent. So naturally as my page attempted to load, the server believed i was attempting modify the header that had already been sent.
I believe this coding faux pas was masked by XAMPP during my offline build. I did a bit more research and I believe this also has something to do with the UTC selection.
At any rate, thank you Dony for attempting to assist. It was a hard issue to articulate.
Regards,
Cheyne
I have this website http://www.kdomestriha.cz/recenze-kadernicvi which basically shows list of hairdressers you searched for. When you enter one word term and search (you can try "Praha"), ajax update on pagination works perfectly fine. However if you try to enter two words (you can try Hradec Králové), pagination will refresh whole site. I am not sure, if showing all of my code helps... Does anyone have any clue what could be a cause of this strange behavior? Thanks
Since you didn't post any code, only way I got that looking your web source, and I point what wrong was in it.
If I searched by word "Praha", your web would generate following things:
<div id="Praha" class="list-view">....
After then in jQuery, you have code to access it through syntax:
$('#Praha').....
In order to achieve your own purpose, I think you used searching word as element id, it would caused the problem if you entered more one word into your filter, space character is not a valid for ID attribute in jQuery
$('#Hradec Králové').. //failed
It did not raise any error, but it wouldn't work as you expected.
If pagination is causing your site to refresh, the most likely cause is that something in the search/filter result is causing javascript error, thus causing yii to revert to full page refresh.
I'd advice that you look at your page in chrome's web inspector (cos that's what I use) after searching and confirm that the javascript isn't broken
I was coding from some ideas collected over the web a "solution" to redirect all pdf, for example, downloads on a server to a reCAPTCHA form and, after passed, download the requested file. It is cms agnostic and works but I have one situation that downloads an incorrect file.
The code is at: https://github.com/Siot/docafi (request.php file)
I explain the process:
All .pdf requests where redirected to request.php through .htaccess:
RewriteRule ^(.+.pdf)$ request.php?file=$1 [NC,L]
If it's the first time ($_SESSION var) request.php will show you a reCAPTCHA form.
If reCAPTCHA passed -> download starts.
If error -> error message.
If reCAPTCHA was passed previously on the same session, download starts automatically.
The special case is when is the first time in the session but starts download using right-click over the link.
It downloads an incorrect file content because I can't show the reCAPTCHA form. Can I know if a user had right-clicked over the link without javascript? I want a transparent solution over the different cms/html files on the server.
Can I solve this on another way?
No, selecting 'Save as...' in the popup menu works exactly as it should - it saves whatever is fetched by the link to local disk instead of trying to show it in the browser. It's thus completely correct that it's downloading the HTML file with the reCAPTCHA instead, and there's no way to detect it, not even with Javascript - to the server it's all the same, since the browser issues the same request, it just processes the result differently. You could set a flag on onContextMenu event, but it'd just have the wrong setting anyway if you then opened the link by leftclicking it or pasting the address in the address bar by hand.
It should be possible with javascript however PHP i'm fairly confident there will be no way this can be done considering it is server side.
Look through some previous stack overflow questions like:
how to get right click event javascript
I'm using CodeIgniter next to a Wordpress install.
So, I've got this site that I developed on one server. That works fine. I've moved it to another server and actually hacked it up to make another site which also works fine.
So now I've moved that site to a third server and my forms aren't posting right, or something.
They are submitting to the correct controller but when I var_dump $_POST or $this->input->post('anyvariable') Im getting empty arrays and falses.
I'm banging my head against the wall over this. I'm thinking maybe it's a .htaccess problem as nothing else has changed from the other sites.
Can anyone suggest a way to resolve this?
Ok so i turns out that I was getting a 301 redirect when I submitted the form because in my codeigniter config file i didn't put http://www.mysite.com but instead had http://mysite.com.
Thats why my post data was being cleared but I was still reaching the correct controller to do the var_dump.
I noticed this after checking the Net tab in firebug.
I should have realized this sooner but i was coding for 12 hours already when I got to this point because I needed to make a deadline.
In the config file check all settings and especially $config['base_url']. Maybe when you use form_open(method_name), form doesn't redirect correctly.
Sounds like you're not posting any data to the page. Are you sure the URL is correct, and you're working on the right file? Perhaps add a print at the top to make sure you're editing the right file, and posting to the right one as well. Also, consider using wireshark or something to see the raw POST request, to see if the data is in fact there. Not sure what else to tell you at this point.
I'm new around so if I'm missing some info or something, please let me know and I'll provide it. I've already looked for informationg regarding this error, but I haven't found anything relevant yet.
So, here's the deal.. Some of my controllers actions are being called twice, and I've just noticed that when I was wondering why was I sending SOME mails twice (the application I've got has an email client incorporated).. and only then after logging what was I doing I noticed the controller gets called twice... By the way, this only happens when I called the action from a link outside the application or by typing the url.
If I'm not making myself clear or I'm missing something, please do post here anyway so I can add more info..
Thanks in advance!
Aggregating possible answers from other sources as per my comment:
<img src="" /> and relatives.
If you have places where you generate the src attribute of the img tag, make sure it isn't empty in any freak cases; a handful of browsers take the empty src as a prompt to load the page again. 1, 2, 3
The same is true for an empty favicon, javascript or css href - generally anything where you're asking the browser to fetch an external resource, but no url is supplied, even in css1.
The phenomenom is perhaps a more understandable if you consider, for example, where you're sending form data when you do <form action=""> (or even just <form>) - namely the same page.
.htaccess shenanigans.
Check your rewrite rule(s): Are you making the server take a roundtrip to your script for any static content (e.g. favicon1)? Do non-existent files trigger a call to your script, and is an external resource link pointing to one (e.g. an ancient css stylesheet that was finally deleted from the filesystem but someone forgot to remove it from the HTML source)?
Browser-based debuggers.
Some browser-based debuggers, e.g. firebug1, will send a second request to the page depending on circumstances, to gather data that wasn't natively supplied to them by the browser itself. Make sure you're not getting that.
See if any of those help you.
For me, having Firebug open was causing the page to be called twice.
Without seeing the actual application code, I'm left to simply guess - however, I know of at least one semi-famous bug in this arena, see http://blog.codekills.net/archives/27-Fun-with-Firefox-Jitters.html for the details - basically, it happens when a <tr> has an onclick handler and an <a> inside that goes to the same URL...and even if this isn't what your app does, perhaps you can gain some insight from seeing how they went about debugging the problem.
After hours of debugging, my issue was a dynamically set background-image css tag. If there was no image - background-image:url() - a second request would be made back to the controller once the page was loaded.
Just in-case anyone else is doing the same.
My particular version of the problem and fix
submitting this form worked on a production server, but not "localhost"
For Firefox: form worked in both places. For Chrome: only worked on production server
setting breakpoints in my problem controller confirmed it was getting called multiple times (duh) and CSRF protection on that form got gibbered up as a result.
Then I found this thread: http://ellislab.com/forums/viewthread/210318/
My solution involved the favicon. The src attribute wasn't quite right. I did have a favicon in the root directory and it loaded on the hompage but not others (didn't notice that for a while). Anyways, providing an absolute path to the favicon solved it
Don't really know if you MUST have a favicon, but like mentioned above, make sure any resources you pull in (img/js/css) are properly referenced so as to avoid a browser retrying to request a page
On my Code Igniter View, I have a Form. THe form has a Post method calling url of controllerA. On clicking Add button in the form, I was calling a Javascript function that validates email ID. After validating email in .js, I was posting some data using $.post(url...) to the controllerA for database insertion. The insert was happening twice.
It turned out that in the $.post(url) I was calling controllerA url.
When I commented that $.post, database insert worked fine.