MX Linux Forum

Edit: This issue has been resolved. You may now post slashes normally. However wget still requires code tags around the w.

test, part 1

giving up...

richb wrote:/

apparently it has been fixed?

EDIT: No still a problem.

/ etc/grub

no, still rejected if slash is part of a correct directory address

/etc/boot

Seems to be working correctly here

used:

But try it without the tags, which is what I think Rich was talking about

Jerry3904 wrote:But try it without the tags, which is what I think Rich was talking about

Yes.

Trying it here /etc/fstab

Oops. Didn't mean to really post that.

I get this when I try:


Method Not Implemented

GET to /posting.php not supported.

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

Eadwine Rose wrote:I get this when I try:


Method Not Implemented

GET to /posting.php not supported.

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

That is correct. You need the code tags.

bit scary if you're getting a method not implemented for posting something with a slash...

seems like it's trying to execute some sort of macro.

of course, many web based apps that handle user input will prevent slashes and other evil sql characters, or will require that they be properly escaped to prevent sql injection attacks.

don't see this as an issue, rather a security feature

It doesn't accept leading forward slashes when they're wrapped up in code tags either and this forum rejects regular text files too.

Mike P

m_pav wrote:It doesn't accept leading forward slashes when they're wrapped up in code tags either and this forum rejects regular text files too.

Mike P

/etc/boot

It accepts slashes with code tags. Do you mean text files as attachments?

Yes to the text files as attachments, it refuses them and actual code tags as in pasted code, not formatting code tags. In the above example, the path to xorg.conf is wrapped in code tags, but that brings up the error, so I had to add formatting tags within the code tags for it to work, but the result is sloppy. The issue does not stop with that either. I tried all manner of things like the top left key on a US keyboard, which worked as a carriage return, yet allowed the forward slash
`/etc, so my thoughts are leading towards this forums back end trying to interpret / as bbcode outside of the [] square brackets

The following seems to support my theory, as hijack is not bbcode, yet it is accepted.
[hijack]
What would be nice is to see a list of permitted attachments and size limitations when adding an attachment
[/hijack]

Mike P

m_pav wrote:Yes to the text files as attachments, it refuses them and actual code tags as in pasted code, not formatting code tags.

Code: Select all

[b]/[/b]etc/X11/xorg.conf

In the above example, the path to xorg.conf is wrapped in code tags, but that brings up the error, so I had to add formatting tags within the code tags for it to work, but the result is sloppy. The issue does not stop with that either. I tried all manner of things like the top left key on a US keyboard, which worked as a carriage return, yet allowed the forward slash
`/etc, so my thoughts are leading towards this forums back end trying to interpret / as bbcode outside of the [] square brackets

The following seems to support my theory, as hijack is not bbcode, yet it is accepted.
[hijack]
What would be nice is to see a list of permitted attachments and size limitations when adding an attachment
[/hijack]

Mike P

I have enabled text file attachments.
I only wrap the slash with code tags, to make it post, not the whole path. It posts every time for me.

And Karen has a ticket in to fix it on the server. Please be patient.

EDIT: We are looking into adding that info real time, but it may be difficult. In the interim, I have posted the information in the How-To forum.
EDIT2:The How-To will have to do. Implementing file attachment information when adding an attachment is is very difficult for technical reasons. Perhaps in a future version of phpBB it will be added by the developers.

Problem is this looks really ugly when trying to quote contents of files within a code block. Anyone know how get code blocks to show leading '/' correctly without have to put something around it...?

e.g. this looks very bad:

wireman wrote:Problem is this looks really ugly when trying to quote contents of files within a code block. Anyone know how get code blocks to show leading '/' correctly without have to put something around it...?

e.g. this looks very bad:

Code: Select all

[i]/[/i]etc/fstab

Currently there is no way that I know of. That is what we are trying to fix with the server people.

Currently there is no way that I know of. That is what we are trying to fix with the server people.

OK. Here's hoping you get a solution.

/home/user/ should work also. And I think it looks better.

PS: I got another server error when originally posting this post.

i've found the source of the error. it's a security feature that needs to be tweaked. it is not forum software related.

Hmmm...this problem is 'messy'. I've got a reply (that I've saved), and no matter what I try,
I can't see to find any way to NOT get this 'method not implemented' error when I try
to view/post it.

Maybe I'm misunderstanding the 'rules'?

My prospective post has some normal forward-slashed directory and file references, in 2 or 3
places. So, I need the tags around the just the first slash, in each occurrence? And, even
when that occurrence is already within 'quoted-string' tags?

[I'm about ready to just give up, and not make the post.]

Is this 'problem' something that is or will-be worked on and fixed? Or, do we all need to now
learn this new method of posting and replying?

The problem was solved as far as I know, look /etc/apt/sources.list You might have found another security "feature", maybe you have wget in the code?
Try to post (preview) part of what you post and detect where the problem is.

Yes, the slash issue was corrected for this forum and the wiki, and you are able to post normally. If it is a wget we still have that problem. If you put the bold tags around the w only it should post.
wget

wouldn't necessarily call it a problem, rather it's a security check that prevents hacker from downloading stuff from the server and/or using our servers to download stuff from elsewhere on the net.

the slash checking rule was modified, but modifying the rule for wget is a bit trickier because it can pose wider issues when checking for server side application names.

GoManutd wrote:wouldn't necessarily call it a problem, rather it's a security check that prevents hacker from downloading stuff from the server and/or using our servers to download stuff from elsewhere on the net.

the slash checking rule was modified, but modifying the rule for wget is a bit trickier because it can pose wider issues when checking for server side application names.

Thank you for the excellent clarification.

richb wrote:

GoManutd wrote:wouldn't necessarily call it a problem, rather it's a security check that prevents hacker from downloading stuff from the server and/or using our servers to download stuff from elsewhere on the net.

the slash checking rule was modified, but modifying the rule for wget is a bit trickier because it can pose wider issues when checking for server side application names.

Thank you for the excellent clarification.

Not sure I follow why that it's a 'security check'. Did we have such limitation/issue in the other forums? Seems to me,
it's a bug or unnecessary side-effect from sloppy coding somewhere in this new 'phpBB' system!?

No, there's no 'wget' in my prospective failing post.

[That said, once I solve this, the issue should go away (for me, at least). So, I will keep working at figuring
out where the problem is.]

cookdav wrote:

richb wrote:

GoManutd wrote:wouldn't necessarily call it a problem, rather it's a security check that prevents hacker from downloading stuff from the server and/or using our servers to download stuff from elsewhere on the net.

the slash checking rule was modified, but modifying the rule for wget is a bit trickier because it can pose wider issues when checking for server side application names.

Thank you for the excellent clarification.

Not sure I follow why that it's a 'security check'. Did we have such limitation/issue in the other forums? Seems to me,
it's a bug or unnecessary side-effect from sloppy coding somewhere in this new 'phpBB' system!?

No, there's no 'wget' in my prospective failing post.

[That said, once I solve this, the issue should go away (for me, at least). So, I will keep working at figuring
out where the problem is.]

It is not the phpBB software, nor is it any coding sloppiness. It is the server we are on that has the security feature deliberately put in place. It is a different server than ML was on, and it is a shared server. The security features have been implemented by the person we share with. GoManutd has helped with the server questions and can give a far better explanation than I can.

If you like you can send me the post on my private email. If you PM me I will give you my email address.

it's an awesome piece of software called modsecurity. it's essentially a web application firewall - instead of sniffing packets it looks at payloads.

what it helps prevent are things like sql injection attacks, well known attacks, as well as providing a level of protection against unknown/undocumented attacks.

so things like sending a payload to an app that the sql server would execute and, say, turn around and send back /etc/passwd

it really is a required piece of software for any web server, as web applications become increasingly complex and interact with other web services that may, or may not be under the same "roof".

Oops...yes, there IS a w-get, which was the cause of my grief.

[Putting tags around the w wasn't quite the total answer, because then those tags don't dissappear
when you view it, if the w-get is within a larger 'code' tagged sequence, so I had to eliminate the code tags.]

cookdav wrote:Oops...yes, there IS a w-get, which was the cause of my grief.

[Putting tags around the w wasn't quite the right answer, because then those tags don't dissappear
when you view it, if the w-get is within a larger 'code' tagged sequence, so I had to eliminate the code tags.]

Correct. In a regular posting they will make the w appear bold, In code they show as the tags. Which is as expected since code is exactly that, and will show any code tags. Sorry that was a bit redundant, but I could not find another way to express it.

improving the regular expressions that, when a match is found, trigger events is still on the list to research.

ideally, using code tags for something that is, essentially code and not have to use bold on single letters is what is being aimed for. but right now, i have regenerative biology and advanced microbio - doesn't leave much spare brain computation time in my already aged synapses...