[pmwiki-users] strange problem when trying to save one particular page - wget in content
Patrick R. Michaud
pmichaud at pobox.com
Tue Aug 15 16:39:36 CDT 2006
On Wed, Aug 16, 2006 at 08:02:37AM +1200, Allister Jenks wrote:
> On 8/16/06, Patrick Ogay <lists at basel-inside.ch> wrote:
> > I was trying to update an existing site, and now I found out that my
> > pmwiki installation doesn't accept "wget" in the content anymore even
> > not in [= =] .
> > Same error when searching for wget:-)
>
> I had a problem with curl - which is actually an English word! I was
> able to get around it in the first instance by making sure it only
> occurred at the end of a line, so it was followed by a line feed and
> NOT a space. As soon as I put a space after it, the server spat the
> dummy.
>
> Personally I don't see why having the text 'curl' (or 'wget') in a
> text file is a security issue. Seems a bit brute force to me.
Yes, mod_security is a sledgehammer approach to the problem
(and a somewhat poor one at that).
I've added a note to the bottom of
http://www.pmwiki.org/wiki/PmWiki/Troubleshooting about
mod_security, hopefully this will help point people to the
right place. (Any comments or improvements welcomed!)
Pm
More information about the pmwiki-users
mailing list