HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS. ocPortal 9 is superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Bug or bad setup? Upload from server reports Suspected hacking attempt if not preceded with http://

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#111906 (In Topic #22500)
TQ
Avatar

Honoured member

If a member tries to upload a file stored on a remote server and ticks the 'Upload To Server' check box but does not precede the URL with http:// the site reports

"Suspected hacking attempt by xxx.xxx.xxx.xxx"

"Tried to add a downloaded file that points to a script".

A fully formatted URL works as expected.

Is this a config error on my part?

TQ
Back to the top
 
Posted
Rating:
#111928
Avatar

My guess is your system is not returning 404 status codes on broken URLs. Possibly because we have that disabled on IIS as IIS has traditionally not liked PHP scripts setting status codes.

We can workaround this by tweaking the code a bit so that we check a reference to a local file is valid before checking it isn't trying to download the contents of a script.

https://github.com/chrisgraham/ocPortal/commit/c62f7239933cd8470544b70ab4c16ba809aaf93f


Become a fan of Composr on Facebook or add me as a friend. Add me on on Twitter. Support me on Patreon
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about Composr whenever you see the opportunity or support me on Patreon.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying Composr on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#111929
TQ
Avatar

Honoured member

Hi Chris,

Worked like a charm (as usual).

With a minor addition to the language file, that'll be another problem solved.

Thank You.

TQ
Back to the top
 
There are too many online users to list.
Control functions:

Quick reply   Contract

Your name:
Your message: