tags:

views:

140

answers:

4
+1  Q: 

Submitting form fails when the form data contains a <script> tag LAMP

We have a hosted site that has a CMS we built running on a LAMP stack. We noticed that when you save HTML that has a tag embedded in the HTML the request immediately dies. This does not occur on the staging or local development instances of the CMS, so I'm assuming its a server configuration issue. Any ideas what might cause this behavior?

I've looked through the PHP.INI and apache confige files but nothing stood out as a possible culprit.

UPDATE I've filed a ticket with the host that runs our VPS, so far they haven't been helpful. As someone suggested I checked the apache logs to see if there were any problems. The only error I'm seeing is "Directory index forbidden by Options directive". That error seems to be happening independent of the form submit timing out.

We built the CMS using CakePHP and the CakePHP logs reveal no other useful information either. The request isn't making it to PHP at all as we put a die() call in the root index.php page and it still times out.

UPDATE2 Thanks for the suggestions. I'm confident that this will be resolved but figured it was worth taking it here first.

UPDATE3 MediaTemple was able to replicate the issue and said it was a Top Level Filtering Rule that was causing the issue, surely something out of my realm of control. All the same I appreciate the responses :)

A: 

Since you have system where this error does not appear it is a configuration error. Find the difference between the failing and the other systems.

If you have too many files to compare. Start reducing the complexity of the system as far as possible.

Eduard Wirch  2009-01-26 21:47:30
Yes, I agree it is a configuration error. Unfortunately our VPS host has not been able to answer us as to why this is happening or how to disable this safety measure. Its a pretty standard system. Mysql5, Apache2, PHP 5.2. I have a feeling this is a 'safety' feature they add by default.
emullet  2009-01-26 22:16:38
+1  A: 

I've had similar problems caused by apaches mod_security. If you have mod_security enabled on the server, you can try something like this (in a .htaccess file):

<IfModule mod_security.c>
     SecFilterEngine Off
</IfModule>
Kristian J.  2009-01-26 22:01:01
Good suggestion. I checked to see if mod_security was installed and it isn't :/ The hunt continues...
emullet  2009-01-26 22:55:38
A: 

Are you using an application-firewall? Sounds like some sort of security-programm just killing the request.

Alphager  2009-01-27 13:39:15
A: 

Does anything appear in your apache log files in relation to the request? If so, is there some sort of error message?

DanSingerman  2009-01-27 13:50:30
I checked on this before posting and there are some 'Directory index forbidden' errors, but they seem to be happening independent of the form time out problem.
emullet  2009-01-27 16:53:41

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases