Page 2 of 4
Re: Post a message with a standalone or leading slash
Posted: Sat Jan 01, 2011 5:02 pm
by GoManutd
bit scary if you're getting a method not implemented for posting something with a slash...
seems like it's trying to execute some sort of macro.
of course, many web based apps that handle user input will prevent slashes and other evil sql characters, or will require that they be properly escaped to prevent sql injection attacks.
don't see this as an issue, rather a security feature
Re: Post a message with a standalone or leading slash
Posted: Mon Jan 03, 2011 3:38 am
by m_pav
It doesn't accept leading forward slashes when they're wrapped up in code tags either and this forum rejects regular text files too.
Mike P
Re: Post a message with a standalone or leading slash
Posted: Mon Jan 03, 2011 4:41 am
by richb
m_pav wrote:It doesn't accept leading forward slashes when they're wrapped up in code tags either and this forum rejects regular text files too.
Mike P
/etc/boot
It accepts slashes with code tags. Do you mean text files as attachments?
Re: Post a message with a standalone or leading slash
Posted: Mon Jan 03, 2011 2:41 pm
by m_pav
Yes to the text files as attachments, it refuses them and actual code tags as in pasted code, not formatting code tags.
In the above example, the path to xorg.conf is wrapped in code tags, but that brings up the error, so I had to add formatting tags within the code tags for it to work, but the result is sloppy. The issue does not stop with that either. I tried all manner of things like the top left key on a US keyboard, which worked as a carriage return, yet allowed the forward slash
`/etc, so my thoughts are leading towards this forums back end trying to interpret
/ as bbcode outside of the [] square brackets
The following seems to support my theory, as hijack is not bbcode, yet it is accepted.
[hijack]
What would be nice is to see a list of permitted attachments and size limitations when adding an attachment
[/hijack]
Mike P
Re: Post a message with a standalone or leading slash
Posted: Mon Jan 03, 2011 3:09 pm
by richb
m_pav wrote:Yes to the text files as attachments, it refuses them and actual code tags as in pasted code, not formatting code tags.
In the above example, the path to xorg.conf is wrapped in code tags, but that brings up the error, so I had to add formatting tags within the code tags for it to work, but the result is sloppy. The issue does not stop with that either. I tried all manner of things like the top left key on a US keyboard, which worked as a carriage return, yet allowed the forward slash
`/etc, so my thoughts are leading towards this forums back end trying to interpret
/ as bbcode outside of the [] square brackets
The following seems to support my theory, as hijack is not bbcode, yet it is accepted.
[hijack]
What would be nice is to see a list of permitted attachments and size limitations when adding an attachment
[/hijack]
Mike P
I have enabled text file attachments.
I only wrap the slash with code tags, to make it post, not the whole path. It posts every time for me.
And Karen has a ticket in to fix it on the server. Please be patient.
EDIT: We are looking into adding that info real time, but it may be difficult. In the interim, I have posted the information in the How-To forum.
EDIT2:The How-To will have to do. Implementing file attachment information when adding an attachment is is very difficult for technical reasons. Perhaps in a future version of phpBB it will be added by the developers.
Re: Post a message with a standalone or leading slash
Posted: Wed Jan 26, 2011 3:32 pm
by wireman
Problem is this looks really ugly when trying to quote contents of files within a code block. Anyone know how get code blocks to show leading '/' correctly without have to put something around it...?
e.g. this looks very bad:
Re: Post a message with a standalone or leading slash
Posted: Wed Jan 26, 2011 3:35 pm
by richb
wireman wrote:Problem is this looks really ugly when trying to quote contents of files within a code block. Anyone know how get code blocks to show leading '/' correctly without have to put something around it...?
e.g. this looks very bad:
Currently there is no way that I know of. That is what we are trying to fix with the server people.
Re: Post a message with a standalone or leading slash
Posted: Wed Jan 26, 2011 4:08 pm
by wireman
Currently there is no way that I know of. That is what we are trying to fix with the server people.
OK. Here's hoping you get a solution.
Re: Post a message with a standalone or leading slash
Posted: Wed Jan 26, 2011 5:48 pm
by lucky9
/home/user/ should work also. And I think it looks better.
PS: I got another server error when originally posting this post.
Re: Post a message with a standalone or leading slash
Posted: Wed Jan 26, 2011 6:24 pm
by GoManutd
i've found the source of the error. it's a security feature that needs to be tweaked. it is not forum software related.