toblix Posted February 6, 2009 Hello? If this works, I'll try editing... edit: If this works, I'm sorry. Share this post Link to post Share on other sites
DanJW Posted February 6, 2009 +++++++ error +++REDO FROM START+++ Share this post Link to post Share on other sites
toblix Posted February 6, 2009 I tried to edit another post of mine (to insert a hilarious edition), but no matter what I did, I got an error ("forbidden love"). I was just testing if the whole edit post system was broken, or if it was just my admittedly pedophile post addition that was detected. Share this post Link to post Share on other sites
Thyroid Posted February 6, 2009 There is a minor bug...You have to click on "Edit" twice for it to work, otherwise if you move the mouse around the cursor turns into the "Busy" icon. Share this post Link to post Share on other sites
Spaff Posted February 6, 2009 No I've been getting those forbidden messages too, when psoting new threads or replying... not sure what it is though... Share this post Link to post Share on other sites
DanJW Posted February 8, 2009 that was so weird, it seems it wouldn't let me post the phrase 'bargain / kill' with the spaces either side of the backslash removed. Try it yourself! Share this post Link to post Share on other sites
Nick Posted February 8, 2009 test bargain/kill AHA! Share this post Link to post Share on other sites
James Posted February 8, 2009 Oh crap, I just posted my thoughts on the matter in the Fallout thread. Looks like vBulletin parses some commands preceded by a slash or something. The "bargain" bit is irrelevant. However, observe: /kill? /kill Share this post Link to post Share on other sites
Cigol Posted February 8, 2009 Seems like something is wrong. Tried to write a post with just a smilie and I couldn't. Share this post Link to post Share on other sites
DanJW Posted February 8, 2009 oh the smilie thing is just a minimum character count. Add a couple spaces before and after and it should be fine. Or post two smilies Share this post Link to post Share on other sites
SignorSuperdouche Posted February 8, 2009 So is this a false positive from the input sanitiser? What happens if I put in some html like this <b>Bold text</b> EDIT: Nope, worked fine Share this post Link to post Share on other sites
Cigol Posted February 8, 2009 testing.... testing.... testing... testing...testing.... testing.... testing... testing...testing.... testing.... testing... testing...testing.... testing.... testing... testing...testing.... testing.... testing... testing...testing.... testing.... testing... testing... It's still not working. Share this post Link to post Share on other sites
Cigol Posted February 8, 2009 Seriously, I can't post a smilie. Fucking server is prejudiced or some shit. Share this post Link to post Share on other sites
James Posted February 8, 2009 So is this a false positive from the input sanitiser? What happens if I put in some html like this<b>Bold text</b> EDIT: Nope, worked fine You'd hope that that would return something other than a server error. Besides, the following are all fine: /k /kil /killing I'm pretty sure it's a specific keyword. Share this post Link to post Share on other sites
Noyb Posted February 8, 2009 Seriously, I can't post a smilie. Fucking server is prejudiced or some shit. Did you install ScriptBlock for Firefox recently and forget to whitelist the site? Share this post Link to post Share on other sites
SignorSuperdouche Posted February 8, 2009 You'd hope that that would return something other than a server error. Besides, the following are all fine:/k /kil /killing I'm pretty sure it's a specific keyword. Oh you get a sever error? My guess then is that the input sanitiser isn't working. /kill probably terminates the process on the server. Share this post Link to post Share on other sites
James Posted February 8, 2009 Oh you get a sever error? My guess then is that the input sanitiser isn't working. /kill probably terminates the process on the server. Yeah, that's kind of what I was guessing in the Fallout thread where this came up. It seems weird that not only are the contents of the post not properly sanitized, they're also executed. Then again, I don't know much beyond the basics of web development. Or programming in general. Share this post Link to post Share on other sites
SignorSuperdouche Posted February 8, 2009 Maybe it's being interpreted as a command line argument as the message is being passed between programs? Kill on it's own wouldn't do anything so it's not a command being executed. Share this post Link to post Share on other sites
elmuerte Posted February 8, 2009 I'm assuming idlethumbs is using mod_security This is a quite standard error message created by mod_security when one of it's protections is triggered. There is probably a config entry for mod_security like this: SecFilterSelective THE_REQUEST "/bin/kill" For example, this also breaks stuff: /chsh /gcc /ping Share this post Link to post Share on other sites
Cigol Posted February 8, 2009 Did you install ScriptBlock for Firefox recently and forget to whitelist the site? Nope, no scriptblock... I might try a different browser though. *or not, maybe it's fixed Share this post Link to post Share on other sites
James Posted February 8, 2009 I'm assuming idlethumbs is using mod_securityThis is a quite standard error message created by mod_security when one of it's protections is triggered. There is probably a config entry for mod_security like this: SecFilterSelective THE_REQUEST "/bin/kill" For example, this also breaks stuff: /chsh /gcc /ping Cool. Now I'm going to look up mod_security. Oh, an Apache thing. Yeah, I don't know too much about that sort of thing at all. Maybe one day I'll properly learn some stuff. Share this post Link to post Share on other sites
SignorSuperdouche Posted February 9, 2009 That makes a lot more sense. Share this post Link to post Share on other sites