Jump to content

Recommended Posts

Quick question,

 

I have some forms within my website, as always I test for validity of input, when testing certain stuff if I put in html tags, i.e.

 

<h1>Heading Here</h1>

 

and then post it, for some reason the post doesn't go to the script that should receive it, it just goes straight to my root index page, is this some sort of configuration setting, or does anyone know why this happens,

 

Thanks

 

Gaz

Link to comment
https://forums.phpfreaks.com/topic/74890-solved-html-tags/
Share on other sites

Heres the form

 

<div class="enquiry_form">

<h3>Send us an enquiry</h3>

<form action="../enquiry_sender.php" method="post"/>

<p>Please fill out your enquiry below</p>

<textarea name="enquiry" rows="6" style='width:680px;'></textarea>

<p><input type="Submit" value="Send Enquiry"/></p>

</form>

</div>

 

 

<> post fine

 

but </> refer me back to root index

 

is there some sort of tags posting configuration somewhere?

Link to comment
https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378633
Share on other sites

the script is running from

 

root/account-area

 

the enquiry_sender is in the root, hence the ../

and the form resides in account-area

 

I have also installed php list on my website too, however when trying to use this to make html emails, it does exactly the same thing when the html is posted, so I am guessing it is some sort of configuration issue,

 

is there an configuration setting somewhere that says when tags are posted, break,  goto root index?

 

I am using a shared hosting account, and don't really know anything about configuration setup etc.

Link to comment
https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378649
Share on other sites

Can the general public access the root. That seems to be the problem, is that normal people can only hit account-area.

 

Usually stuff above that level is locked to general public and only available for internal viewing/processing. Moving that file up a level will work.

Link to comment
https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378673
Share on other sites

I have everything within a test folder at the moment, which I have set a password protect on to stop bots etc crawling my pages before it is ready to go live, I shall try moving the enquiry sender to the top level domain outside the protected area,

 

thanks,

 

this may be the issue

Link to comment
https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378685
Share on other sites

No Joy,

 

Ok I've split the elements up and put them you you can have a look at them,

 

the form is at

http://www.debbiesvillas.co.uk/form.php

 

the enquiry sender is at

http://www.debbiesvillas.co.uk/enquiry_sender.php

 

enquiry sender code is

 

<?php 
echo "<pre>";
echo "<hr />";
print_r($_POST);
echo "</pre>";

?>

 

Link to comment
https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378697
Share on other sites

Tested and works on Firefox...

 

As a side note this may be screwing you up:

 

<form action="enquiry_sender.php" method="post"/>

should be

<form action="enquiry_sender.php" method="post">

 

The ending slash may be killing the form prematurely as that is not proper HTML and IE may interpret that where as firefox does not.

Link to comment
https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378702
Share on other sites

Ah so the problem is that when a user INPUTS </ > it redirects them to a page they should not goto.

 

That is very weird, I am not sure what or why that would be doing that...

 

 

Try adding die(); at the end of the enquiry file...see if that helps?

Link to comment
https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378717
Share on other sites

magic quotes are on, the following enquiry

 

dsfsdf'dsfsdf

 

outputs

 

 

Array
(
    [enquiry] => dsfsdf\'dsfsdf
)

 

Is this the issue do you think?

 

I dunno, I have never seen this error, and I cannot reproduce it on any of my servers. I would look at your php.ini config (phpinfo())  and look for anything that might cause issues. Other than that, contact your hosting company and ask what the heck.

Link to comment
https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378724
Share on other sites

spoke to hosting account, there reply

 

Victor: Yes,  that is due to security rules implemented on server. Here are the logs for the same.

 

mod_security: Access denied with redirect to [/]. Pattern match "<(.|\\\\n)+>" at POST_PAYLOAD [id "XSS_Check"] [severity "EMERGENCY"] [hostname "www.debbiesvillas.co.uk "] [uri "/enquiry_sender.php"],

 

thanks all for the input

Link to comment
https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378728
Share on other sites

A suggestion to avoid that happening, is do a check with Javascript for < > or </ >  and unlimited spaces. If that is present throw an alert and halt the page from processing.

 

Kinda sucks that the host did that, but it is understandable due to xss reasons. You could even use javascript to convert <  to its html counter part < and >  which would allow that to be processed without the user knowing what happened.

Link to comment
https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378730
Share on other sites

Yeah,

 

But I guess not everyone of there users check input before doing stuff with it, so guess its a failsafe,

I may see if I can get them to remove this restriction, was just so baffled by the behaviour, glad I now have an answer.

 

Thanks Again

Link to comment
https://forums.phpfreaks.com/topic/74890-solved-html-tags/#findComment-378735
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.