Download
2011-09-14, 23:40:30
My host has anti-xss attack security, which is fairly typical these days.
Which is causing me this problem when editing theme files.
mod_security: Access denied with code 403. Pattern match "<( |\\\\n)*script" at POST_PAYLOAD
[uri "/getsimple/admin/theme-edit.php?t=title&f=sidebar.php"] [unique_id "TnClK6wUChQAABaEgdA"]
I am still waiting on my work ticket, but I beleive this is caused by using actual script filenames as post or get variables. Typically this should always be avoided to prevent xss attacks and WILL cause false positives in detection software.
You should NEVER use real filenames as user variables in an querystring.
Does anyone have any suggestions to modify this to unique ids instead ?
Also can I suggest this be considered for change in future versions ?
Which is causing me this problem when editing theme files.
mod_security: Access denied with code 403. Pattern match "<( |\\\\n)*script" at POST_PAYLOAD
[uri "/getsimple/admin/theme-edit.php?t=title&f=sidebar.php"] [unique_id "TnClK6wUChQAABaEgdA"]
I am still waiting on my work ticket, but I beleive this is caused by using actual script filenames as post or get variables. Typically this should always be avoided to prevent xss attacks and WILL cause false positives in detection software.
You should NEVER use real filenames as user variables in an querystring.
Does anyone have any suggestions to modify this to unique ids instead ?
Also can I suggest this be considered for change in future versions ?
