Testing Journal: Got banned

Worker Joined: Jan 17, 2007 Posts: 170

I created a journal entry with a few different types of formatting no problem.

Once I submitted it I went back to edit my entry and further applied many different formatting options from the editor interface. Once I was done and clicked the submit button I got banned by sentinel:

Code:

Be SURE to include the following information in any email!


User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1


Query String: name=Journal&file=edit


GET String: name=Journal&file=edit





Referer: on site


Request Method: POST


Remote Address: 124.168.82.181

The above isn't the complete sentinel message as I can't post it without getting banned. It submitted many formatting changes once I clicked submit in the profile I'm guessing some kind of overload protection kicked in?

Site Admin Joined: Jun 04, 2004 Posts: 6432

What was the reason? What does it show when you visit the site now?

Posted: Thu Feb 22, 2007 8:05 pm

It said I was banned permanently but it must not have applied the ban as I can still access the site.

I tried to paste in the response in a code form but I got banned from here. Would you like me to try and replicate problem?

I simple made many formatting changes (underline, strike out, colour changes, size changes etc) and clicked submit at the end which caused the problem.

Posted: Thu Feb 22, 2007 8:29 pm

Okay did some more playing around. I figured it might be the tables so I created a table, inserted a image and some text and tried to post. I got banned again. Here is the screen shot since I can't post the whole message:

Posted: Thu Feb 22, 2007 8:41 pm

I'd bet that it doesn't like words with scrlpt in them (replace the l with an i). Try removing those words (or changing them) to see if you still get blocked.

Posted: Thu Feb 22, 2007 9:09 pm

I dont think thats it.

My initial post included everything above including the subscript stuff without any problems.

When I edited it just before all I did was create a table and moved the image (thumbs_up.gif and the text "Tops!" into the table. Thats went sentinel went off.

Posted: Thu Feb 22, 2007 10:46 pm

Looks like its doing some bad filtering to, passing the variables as addslashes() when it shouldn't
Don't have time to look at the code at the moment, but hope it helps our RavenNuke team check this out

Posted: Fri Feb 23, 2007 5:53 am

Thanks, evaders. We all LOVE the journal module...