Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.4.x
Author Message
escopazzo
New Member
New Member



Joined: Oct 22, 2004
Posts: 6

PostPosted: Thu Jul 06, 2006 12:43 pm Reply with quote

Hi Raven, excuse for my bad english....i have a problem after the upgrade NukeSentinel 2.4.2pl9 with Enhanced Downloads Module v.1.7. If i sumbit a new download, when i click the submit botton i'm redirect to a error 406 page...Not acceptable error from the server. The serveur has received one demanded not permissible or contrary to the policy. This error can be caused from one situated attempt of hacking of or from one demanded HTTP containing of the errors. Why this? I must configure anything?
Tnx for response
 
View user's profile Send private message
Tao_Man
Involved
Involved



Joined: Jul 15, 2004
Posts: 252
Location: OKC, OK

PostPosted: Thu Jul 06, 2006 2:00 pm Reply with quote

what is the name of the file? A lot of upload errors are caused by special characters like () "" '' , !*% and other things like that, if it has any characters other a-z and 1-9 in it you may try to rename the file.

Otherwise I am sure one of the admins here will come by and have some other ideas

_________________
------------------------------------------
To strive, to seek, to find, but not to yield!
I don't know Kara-te but I do know cra-zy, and I WILL use it! 
View user's profile Send private message Visit poster's website
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam

PostPosted: Thu Jul 06, 2006 2:12 pm Reply with quote

Is the link to the download to a file which is on the same server as your site?
 
View user's profile Send private message Send e-mail
gregexp
The Mouse Is Extension Of Arm



Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Thu Jul 06, 2006 5:11 pm Reply with quote

I believe this is the same problem with just about the same scenario:
[ Only registered users can see links on this board! Get registered or login! ]

no real workaround as raven states but nsn downloads do not do this in the same manner.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
Guardian2003







PostPosted: Thu Jul 06, 2006 5:57 pm Reply with quote

Yes, thats why I asked if the url was to another site.
Sentinel see's 'http' appearing twice as a cross site scripting attack which is one of the most common forms of attack and certainly has been the case recently on a large number of sites, in particular the recent spate of phpbb_root_path attacks.

For the record, the reason why it isn't a problem for me with NSN GR Downloads is because it is tweaked so that all my links use the server root path to link to the file instead of a url and I only link to d/l's that are on my server.
 
gregexp







PostPosted: Thu Jul 06, 2006 7:13 pm Reply with quote

I use nsn downloads and under no circumstances do I ever see mysite.com/something?=http.....

Thus the reason I offered.
 
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona

PostPosted: Thu Jul 06, 2006 10:51 pm Reply with quote

darklord, have you tried the scenario of a "normal user" submitting a new download and the download is an external link. Then, the admin reviews the submitted download and tries to "test the link" function? I wonder if you would see the [ Only registered users can see links on this board! Get registered or login! ] then?

_________________
Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... 
View user's profile Send private message Visit poster's website
gregexp







PostPosted: Thu Jul 06, 2006 11:01 pm Reply with quote

I just tried it and nope.

Also if I'm not mistakin, it uses a variable to call on the download through the database, no GET in it at all, and perhaps I'm mistakin but doesnt it need the GET function to call on a variable defined in the url? Just a thought.
 
montego







PostPosted: Thu Jul 06, 2006 11:04 pm Reply with quote

Ok, good to know. Was wondering if that scenario was also present in NSN Downloads. Thanks for checking.

:clap:
 
escopazzo







PostPosted: Fri Jul 07, 2006 2:44 am Reply with quote

montego, yes of course with the scenario of a normal user when i submitted the download and tries to test the link the response is "url is invalid" but in the ftp server there is the file and the andress is right!
 
escopazzo







PostPosted: Fri Jul 07, 2006 2:47 am Reply with quote

for my problem write up i use two server for my download but the problem there isn't with another version of NSN for expample my site is in php platinum 7.6b4 and the sentinel version base is 2.4.2pl3 and i don't have these problem, after the upgrade i have this and when i submitted the download i'm redirect to the page error 406.... [ Only registered users can see links on this board! Get registered or login! ]
 
escopazzo







PostPosted: Fri Jul 07, 2006 3:24 am Reply with quote

i'm resolve this problem When i access in my admin download panel and configure the name of file, size, version, etc. in homepage, if i put in the url [ Only registered users can see links on this board! Get registered or login! ] there is the error 406 if i don't put [ Only registered users can see links on this board! Get registered or login! ] but only [ Only registered users can see links on this board! Get registered or login! ] i can submit the download
 
Guardian2003







PostPosted: Fri Jul 07, 2006 4:58 am Reply with quote

Excellent news!
Did you check that when you are only logged in as a normal user, clicking the link in the downloads section does not produce any errors?
 
escopazzo







PostPosted: Mon Jul 10, 2006 12:18 pm Reply with quote

Guardian2003, yes of course it's the same for the normal user
 
Guardian2003







PostPosted: Mon Jul 10, 2006 12:26 pm Reply with quote

Excelent news then. I just wanted to check there was not something else that might happen if you were not logged in as an admin. It's great you found a work around.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.4.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©