The 'Magic Words' problem and attachment privileges

Discussion of administrative issues
Post Reply
John
Posts: 11479
Joined: Sat Sep 20, 2008 12:10 pm
Location: Cambridge, MA USA
Contact:

The 'Magic Words' problem and attachment privileges

Post by John »

If you try to post a message and the forum just hangs, then you may be
a victim of the "Magic Words" problem. This is a problem that stumped
me for a long time, but I now know what's going on, though I don't
know what to do about it.

If you post a message containing certain "magic words," including
the following:

e c h o
f u n c t i o n
r o o t
c h o w n
m k d i r

then when you click either the "Preview" or "Submit" button, the forum
just hangs. In many cases, you can't even use the above words
embedded in another word, as in "e-c-h-o-e-s".

These are all Unix command shell words. Apparently what's going on is
the following: Network Solutions has configured the "mod_security"
f-u-n-c-t-i-o-n of Apache (the web server software) to reject posts that
contain any of these words.

This problem does not occur if you're not logged in, but you're posting
messages anonymously (as in the case of a thread for comments to
a web log article).

Apparently the difference is that phpbb posts messages differently if
you're logged in because you have "attachment" privileges.

So apparently I can turn off attachment privileges, but some people
(aedens, Higgenbotham, some others) use attachments to embed graphs
and photos into posts.

Another, more complicated solution, might be to turn off attachment
privileges by default, but enable them for any individual users who
request them. I can't be 100% sure this will work, but I've been
given to understand that it will work.

If this problem happens to you, you can diagnose the problem by saving
your message somewhere (so you won't lose it), and then deleted one
line at a time and click "Preview" until phpbb stops hanging. If it
hangs, then hit the "escape" key on your keyboard, and then delete
another line and try again. Then you can recover your entire message
from wherever you saved it, changing the word that caused the problem
(as I had to do with the world "f-u-n-c-t-i-o-n" five paragraphs
back).

This is really obnoxious, but right now I'm just leaving things as
they are, but if any one has any thoughts about this situation, please
post them here.

Post Reply

Who is online

Users browsing this forum: No registered users and 17 guests