gazever Posted October 26, 2007 Share Posted October 26, 2007 Quick question, I have some forms within my website, as always I test for validity of input, when testing certain stuff if I put in html tags, i.e. <h1>Heading Here</h1> and then post it, for some reason the post doesn't go to the script that should receive it, it just goes straight to my root index page, is this some sort of configuration setting, or does anyone know why this happens, Thanks Gaz Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/ Share on other sites More sharing options...
rajivgonsalves Posted October 26, 2007 Share Posted October 26, 2007 some code with your <form> tag would help Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378630 Share on other sites More sharing options...
gazever Posted October 26, 2007 Author Share Posted October 26, 2007 Heres the form <div class="enquiry_form"> <h3>Send us an enquiry</h3> <form action="../enquiry_sender.php" method="post"/> <p>Please fill out your enquiry below</p> <textarea name="enquiry" rows="6" style='width:680px;'></textarea> <p><input type="Submit" value="Send Enquiry"/></p> </form> </div> <> post fine but </> refer me back to root index is there some sort of tags posting configuration somewhere? Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378633 Share on other sites More sharing options...
premiso Posted October 26, 2007 Share Posted October 26, 2007 <form action="enquiry_sender.php" method="post"> Try that the ../ goes up one directory. Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378638 Share on other sites More sharing options...
rajivgonsalves Posted October 26, 2007 Share Posted October 26, 2007 where is enquiry_sender.php located and are you running the script from your Apache Root directory ? Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378639 Share on other sites More sharing options...
gazever Posted October 26, 2007 Author Share Posted October 26, 2007 the script is running from root/account-area the enquiry_sender is in the root, hence the ../ and the form resides in account-area I have also installed php list on my website too, however when trying to use this to make html emails, it does exactly the same thing when the html is posted, so I am guessing it is some sort of configuration issue, is there an configuration setting somewhere that says when tags are posted, break, goto root index? I am using a shared hosting account, and don't really know anything about configuration setup etc. Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378649 Share on other sites More sharing options...
rajivgonsalves Posted October 26, 2007 Share Posted October 26, 2007 so your form tag should be as follows <form action="/enquiry_sender.php" method="post"> hope its helpfull Cheer! Wizzkid Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378655 Share on other sites More sharing options...
gazever Posted October 26, 2007 Author Share Posted October 26, 2007 Yeah that still posts to the correct page, up one level, If I try posting </> it still sends straight back to the main index page Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378660 Share on other sites More sharing options...
gazever Posted October 26, 2007 Author Share Posted October 26, 2007 No sorry I need the ../ Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378664 Share on other sites More sharing options...
rajivgonsalves Posted October 26, 2007 Share Posted October 26, 2007 can you give me the url of your site so I can studie the behaviour Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378670 Share on other sites More sharing options...
premiso Posted October 26, 2007 Share Posted October 26, 2007 Can the general public access the root. That seems to be the problem, is that normal people can only hit account-area. Usually stuff above that level is locked to general public and only available for internal viewing/processing. Moving that file up a level will work. Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378673 Share on other sites More sharing options...
gazever Posted October 26, 2007 Author Share Posted October 26, 2007 I have everything within a test folder at the moment, which I have set a password protect on to stop bots etc crawling my pages before it is ready to go live, I shall try moving the enquiry sender to the top level domain outside the protected area, thanks, this may be the issue Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378685 Share on other sites More sharing options...
gazever Posted October 26, 2007 Author Share Posted October 26, 2007 No Joy, Ok I've split the elements up and put them you you can have a look at them, the form is at http://www.debbiesvillas.co.uk/form.php the enquiry sender is at http://www.debbiesvillas.co.uk/enquiry_sender.php enquiry sender code is <?php echo "<pre>"; echo "<hr />"; print_r($_POST); echo "</pre>"; ?> Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378697 Share on other sites More sharing options...
premiso Posted October 26, 2007 Share Posted October 26, 2007 Tested and works on Firefox... As a side note this may be screwing you up: <form action="enquiry_sender.php" method="post"/> should be <form action="enquiry_sender.php" method="post"> The ending slash may be killing the form prematurely as that is not proper HTML and IE may interpret that where as firefox does not. Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378702 Share on other sites More sharing options...
gazever Posted October 26, 2007 Author Share Posted October 26, 2007 I use firefox to test everything, did you try posting the following </> this here screws it up and send it to the index, other stuff seems to post fine Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378714 Share on other sites More sharing options...
gazever Posted October 26, 2007 Author Share Posted October 26, 2007 changed the end /> to > Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378715 Share on other sites More sharing options...
premiso Posted October 26, 2007 Share Posted October 26, 2007 Ah so the problem is that when a user INPUTS </ > it redirects them to a page they should not goto. That is very weird, I am not sure what or why that would be doing that... Try adding die(); at the end of the enquiry file...see if that helps? Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378717 Share on other sites More sharing options...
gazever Posted October 26, 2007 Author Share Posted October 26, 2007 Yeah that is the problem, very weird behaviour, I have tested it without print_r($_post) thinking this may be the problem, but no, it still doesn't just stick to this page without that, Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378720 Share on other sites More sharing options...
premiso Posted October 26, 2007 Share Posted October 26, 2007 Something to try, is see if magic quote are on. I would also contact your webserver and see what they say. It seems like it is a core issue in the php.ini or maybe even in the webserver (apache or IIS). Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378721 Share on other sites More sharing options...
gazever Posted October 26, 2007 Author Share Posted October 26, 2007 code is now, <?php echo "<pre>"; echo "<hr />"; print_r($_POST); echo "</pre>"; die(); ?> Still same problem, it's as if its never even going to the enquiry_sender when there are tags input Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378722 Share on other sites More sharing options...
gazever Posted October 26, 2007 Author Share Posted October 26, 2007 magic quotes are on, the following enquiry dsfsdf'dsfsdf outputs Array ( [enquiry] => dsfsdf\'dsfsdf ) Is this the issue do you think? Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378723 Share on other sites More sharing options...
premiso Posted October 26, 2007 Share Posted October 26, 2007 magic quotes are on, the following enquiry dsfsdf'dsfsdf outputs Array ( [enquiry] => dsfsdf\'dsfsdf ) Is this the issue do you think? I dunno, I have never seen this error, and I cannot reproduce it on any of my servers. I would look at your php.ini config (phpinfo()) and look for anything that might cause issues. Other than that, contact your hosting company and ask what the heck. Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378724 Share on other sites More sharing options...
gazever Posted October 26, 2007 Author Share Posted October 26, 2007 spoke to hosting account, there reply Victor: Yes, that is due to security rules implemented on server. Here are the logs for the same. mod_security: Access denied with redirect to [/]. Pattern match "<(.|\\\\n)+>" at POST_PAYLOAD [id "XSS_Check"] [severity "EMERGENCY"] [hostname "www.debbiesvillas.co.uk "] [uri "/enquiry_sender.php"], thanks all for the input Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378728 Share on other sites More sharing options...
premiso Posted October 26, 2007 Share Posted October 26, 2007 A suggestion to avoid that happening, is do a check with Javascript for < > or </ > and unlimited spaces. If that is present throw an alert and halt the page from processing. Kinda sucks that the host did that, but it is understandable due to xss reasons. You could even use javascript to convert < to its html counter part < and > which would allow that to be processed without the user knowing what happened. Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378730 Share on other sites More sharing options...
gazever Posted October 26, 2007 Author Share Posted October 26, 2007 Yeah, But I guess not everyone of there users check input before doing stuff with it, so guess its a failsafe, I may see if I can get them to remove this restriction, was just so baffled by the behaviour, glad I now have an answer. Thanks Again Quote Link to comment https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378735 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.