Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Using/ in discussion does crash the discussion

24

Comments

  • I already explained.

    grep is your friend.

  • hgtonighthgtonight ∞ · New Moderator

    This is a server configuration error. Dropping the slug in your 'bad link' shows the vanilla routing with pretty url is working: http://40pkus-reisgenoot.allerbest.nl/discussion/2/

    Something in your PHP or Apache configuration is causing this issue.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • It is not an error it is an Apache security setting.

    grep is your friend.

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP

    If I've understood x00's link, you will need to contact your web host to ask them about changing this Apache setting:

    http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes

  • Yep and to use the NoDecode setting for better security.

    grep is your friend.

  • @whu606
    I see that is is working well in the WHU606 Wayback forum
    You wrote
    "so this issue has to do specifically with your setup"
    I only installed it. Does that mean that there is something wrong with the Vanilla installation files?

    In an other reply you refer to an attached file. But I can not get an attached file there.

    ==================
    My humble opinion.
    I think is is very strange that I have to be a PHP programmer to get a basic installation of Vanilla working.

    I installed it with Installatron delivered with my hosting provider. I do install other CMS programs. And till this moment it was normal that the basic functions works well with installed CMSses . I do sometimes more things, And I know that plugins and extensions can make trouble. But these are not the basic functions of a CMS.

    I have more knowledge Than most people without technical skills that only want a website. And I think that basic installation should work for people with no knowledge. I think that you must not try to make people that just want a website to have programmer skills.

    My skills are of that to make a basic php program that echo´s some text. And that is much more knowledge than a lot of people have that just want a website.

    And I do understand a little when you say Apache settings. I understand that you are talking about the computer that is hosting my website. Do "normal" people that use installatron to have a website know what Apche is? For sure all of my friends really do not know.
    And At least I think I cannot change settings. Or I do not have the knowledge how. (at this moment).

    @x00
    You redirected me to
    http://codex.wordpress.org/Using_Permalinks
    So I changed the wordpress to work with Permalinks. And the worpress posts works fine.
    I made an other post with / and % in it. And there is not anly problem. But what I see is that WordPress changes the / and % in - in the URL. So I think that this is the solution Worpress uses.

    You are talking about :
    Sure then can change the slug function Gdn_Format::Url(). As far as I understand that other people have to build that in the forum.

    Or I think that means that I have to do programming. I do not think that Ik could do that without a PHP education. And for that I do not have the time, And maybe not the capacity.

    http://stackoverflow.com/questions/9206835/2f-in-url-breaks-and-does-not-reference-to-the-php-file-required
    Sorry, but I do not understand what I is written or what I can do with that. I´am not a PHP programmer.

    You write:
    you are not using any url scheme just post numbers,
    I do not know what a url scheme is. I just installed Vanlla an Wordpress. And did nothing else.

    You write that I have to substitute the slash myself. Why does not do the program that? WordPress is doing that. It substitute it to -.(is this called a dash?)

  • @whu606
    I did find a file called config.php
    I did open this file and did fine a line with
    $Configuration['Garden']['RewriteUrls'] = TRUE;

    I did not totally understand what you meant in your reply, but I changed TRUE in FALSE.
    I did this in http://testen.allerbest.nl
    And now I do not have the problem any more with discussions with / and %.

    But this solution is not as nice as at the forum
    http://barspetsa.org/whu606wayback/discussion/7183/this-discussion-has-a-two-a-single-and-a-followed-by-a

    But at least I can live with that, When all is is working well.

    The only question I have is if changing this setting can give trouble elsewhere.

  • hgtonighthgtonight ∞ · New Moderator

    @elja said:
    I installed it with Installatron delivered with my hosting provider.

    If software is installed via some type of automated script, it is up to that script to ensure the server configurations are compatible with the software.

    Please file a ticket with your host/Installatron.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • I was looking at my domain settings.

    As far as I can see I can only change one thing. At this moment there is a PHP "safe_mode" on.
    Has that something to do with this?

  • When my hosting provider changes a setting for the total domain. (I even think that they would not want that, but I could try).
    I think that this change could give the possibility that something else stops working?

    I would like more a solution that only has something to do with the subdomain. And not the whole domain.

    And that could be in the option changing config.php setting
    $Configuration['Garden']['RewriteUrls'] = TRUE;

  • in wordpress slugs are saved in the database, in vanilla they are generated.

    wordpress slug replaces any non apha-numeric character with dash, vanilla urlencodes characters.

    grep is your friend.

  • x00x00 MVP
    edited July 2014

    I think that this change could give the possibility that something else stops working?

    why? this is blocking any chance of reaching a framework so can't break a framework, like i said this is before it goes to any framework or even a static file.

    The problem is the characters %2F in the url are being blocked early on by Apache.

    This is not a complex problem. It really is that simple.

    The NoDecode option will ensure that the security issue this is attempting to address will not be an issue.

    grep is your friend.

  • eljaelja New
    edited July 2014

    @x00
    Oh, I´am sorry, I think I did not explain well. I meant not with Vanilla. But I was talking about the total domain.
    But as far as I understand how things work is:
    -The Apache settings are done by my provider.
    -The only setting I have is a safe_mode on or off option
    -The Apache setting are for the whole domain.

    I have other PHP programs in this domain. So I wonder if changing settings could cause problems in other programs.

    So that was the reason I would like most a solusion that is only for the subdomain.

    Or are you talking about the whole domain too?

  • read my post again.

    grep is your friend.

  • @elja

    Out of interest what is the exact version of 2.1 that you are using?

    becuase in the stable version the / is stripped out in the url

    grep is your friend.

  • eljaelja New
    edited July 2014

    @x00‌ It is version 2.1 It only says 2.1

  • And surprisingly I had two visitors registering on my forum an 1 posting today, and yesterday one.

  • eljaelja New
    edited July 2014

    @x00, As I said, is says 2.1

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP

    @elja‌

    Can you install Vanilla from the 2.1 stable link here, without using your host's app?

    That way we can be sure you have the latest stable version.

Sign In or Register to comment.