[eluser]shwartz[/eluser]
Hi Guntars,
Thanks for posting this. May I add more information as this happened on my server?
I made simple CMS where you can update website pages. Like Guntars already told there is strange issue after I submit form with changes for DB update.
Strange behaviour starting if I put in CMS content relative path to image then I can not save (submit) anything on server. Let me show example:
THIS WILL NOT WORK!
Code:
<p><img src="../../images/img_system/contact_us.jpg" alt="" /></p>
Under 'not working' I mean, you will not be able to save the changes on server and also you will be kicked out to root of the server as this is testing server.
THIS WILL WORK!
Code:
<p><img src="..& # 4 7 ;../images/img_system/contact_us.jpg" alt="" /></p>
Yes, if I replace [/] with [& # 4 7 ;] then it works but only one time. After you will try to do submit again (without any changes to text) will happened previous scenario.
After that I started to check out what you can submit whatever you like, slash , code samples anything, even [ ../ ] will be ok. Only if there are row with
two dots and slash something is happening.
Not to mention all my inputs I am doing with FCKeditor which already change all in safe way.
I am wrapping all input like you can see here:
Code:
$foo = utf8_encode($_POST['foo']);
Still no results. One more strange thing. I am using same Data Base for local tests and for live tests. So basically from local host I can save everything and all works good. Why this not working on live webserver? Can anyone give some advice?
Just last thoughts. Because I am using same DB for local and live enviroment and I can save updates from local machine then maybe there is some security rules for some characters in some special row like (../../)?
Any help would be appreciate!
