The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Help with post sanitation causing 500 error
I'm trying to understand how input sanitation is supposed to work with vBulletin 4.2.4. What I am seeing is that currently whenever someone posts a message to my forum that contains specific reserved SQL keywords (ex select, drop etc) when they preview the post or attempt to actually post it, they will get an internal error 500 error. This happens with innocuous strings like "I selected the apple from the tree" or "I dropped the table on my foot". Remove the 'select', 'from', 'drop' or 'table' and the message posts fine.
|
#2
|
|||
|
|||
By default, vBulletin does not have such kind of firewall in place. It's probably something like ModSecurity in Apache or another kind of WAF that's doing this.
|
#3
|
|||
|
|||
See the answer on vbulletin.com.
Cross posting across both sites isnt helpful. |
#4
|
|||
|
|||
Quote:
Sorry. Didn't mean to be unhelpful. To be honest, I didn't expect vbulletin.com to be very responsive since there were several threads on there with no replies and the traffic seemed low. My mistake. Won't do it again. Steve --------------- Added [DATE]1503025935[/DATE] at [TIME]1503025935[/TIME] --------------- The problem was indeed ModSecurity. In particular SecRule 300015. Adding an entry to /usr/local/apache/conf/modsec2/whitelist.conf to disable that rule for certain php scripts fixed the problem. See: https://www.mkyong.com/blog/mod_secu...-in-wordpress/ |
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|