[pmwiki-users] strange problem when trying to save one particular page - wget in content

Patrick R. Michaud pmichaud at pobox.com
Tue Aug 15 16:39:36 CDT 2006


On Wed, Aug 16, 2006 at 08:02:37AM +1200, Allister Jenks wrote:
> On 8/16/06, Patrick Ogay <lists at basel-inside.ch> wrote:
> > I was  trying to update an existing site, and now I found out that my
> > pmwiki installation doesn't accept "wget" in the content anymore even
> > not in [= =] .
> > Same error when searching for wget:-)
> 
> I had a problem with curl - which is actually an English word!  I was
> able to get around it in the first instance by making sure it only
> occurred at the end of a line, so it was followed by a line feed and
> NOT a space.  As soon as I put a space after it, the server spat the
> dummy.
> 
> Personally I don't see why having the text 'curl' (or 'wget') in a
> text file is a security issue.  Seems a bit brute force to me.

Yes, mod_security is a sledgehammer approach to the problem
(and a somewhat poor one at that).

I've added a note to the bottom of 
http://www.pmwiki.org/wiki/PmWiki/Troubleshooting about 
mod_security, hopefully this will help point people to the
right place.  (Any comments or improvements welcomed!)

Pm




More information about the pmwiki-users mailing list