[pmwiki-users] Error encountered with upgrade to 2.2 beta 65

Patrick R. Michaud pmichaud at pobox.com
Wed Mar 26 14:02:57 CDT 2008


On Sun, Mar 23, 2008 at 10:11:49AM -0400, Henrik wrote:
> This security change by my webhost is confirmed. In response to my query 
> they sent me the following response.
> 
> =============================
> 
> The web server security is setup such that it will automatically block system related words while posting data from php based applications, as this may lead to web server exploit. We request you to stop using system related words in your applications.
> 
> =============================
> 
> So suddenly none of my websites can post external links (with the string 
> "http://" anywhere in the page), and hundreds if not thousands of pages 
> that have this protocol embedded are suddenly uneditable.
> 
> Truly horrible. A complete nightmare!
> 
> But nothing to do with PmWiki.


Just to follow up on this -- this particular issue is described
at http://www.pmwiki.org/wiki/PmWiki/Troubleshooting#mod_security .
There is no PmWiki-based workaround to it, as the problem is well
outside of PmWiki (as you've recognized).

I've never heard of someone using mod_security to block "http://" 
before, though, so that's new (and an additional reason to doubt
the sanity of the webhosting provider).  Note that this security
measure affects not only PmWiki, but also any application that
tries to use an input form where someone might want to provide
an http:// link (e.g., comments to blog postings, shopping carts,
etc.).

Pm




More information about the pmwiki-users mailing list