Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

"Application Settings" throws a "400 Bad Request" message

edited December 2008 in Vanilla 1.0 Help
Hey guys! Just stumbled on Vanilla when evaluation PHP forums and like it a lot so far. Everythings works really nice but I get an "400 Bad Request" when trying to access Settings -> Application Settings (logged in as admin). All other Settings works perfect. Any tips?


  • check your apache error log.
  • Ok. I did and talked to my host. He said that it was a problem with one of the mod_security rules. He solved the problem for me but said that he thought the "?PostBackAction=Globals" was a pretty poor choice of string since strings like that can be used to break in to the php register global's... might be useful to know. Hope that might make it easier for some of you guys if you run into the same problem.
  • I believe that security hole was filled in 1.0.3. Someone please confirm?
  • your host is full of it. "PostBackAction=Globals" is a standard query string key/value, same as "q=google" or "x=123" or anything else, and provides no kind of access to any inner script workings.
  • IIRC, there was a earlier mod_security issue that blocked the settings page because it was named 'settings.php': Access denied 500 error on settings.php # 4
  • right, but that was not a security hole, it was silly mod_security throwing out the baby with the bathwater in typical fashion.
  • I've got this same issue, Anybody know of a workaround?
  • Installing 'Friendly URL's might work. settings.php effectively gets renamed to /settings/
  • I have the very same problem with a new forum I'm setting up. Thousands of little bugs in the dozen extensions I need are annoying, but this one is the tip of the iceberg. I can't set or unset any settings, that is neither global settings nor users' personal forum settings. I can't use FriendlyUrls since this is not my own server. Any hint or workaround would be very much appreciated since this is basically making Vanilla unusable for me and keeping me from bringing it to the public.
  • edited February 2008
    OK, how about copy the settings.php file to another named config.php then edit your library/Framework/Framework.Functions.php file and add this line to the top of the GetUrl function: if ($PageName == 'settings.php') $PageName = 'config.php';
    It seems that config.php may also be blocked by particularly picky hosts. If that is the case, you can either try a different name, or possibly better yet an .htaccess directive.
  • I have a vanilla board which ran (is still running) for several month fin then all hell broke loose with issues. I have everything fixed except I cant access the Application Settings link, it will throw me into a blank or the home screen. I have the forum iframed (sux but its what I have). all the other links work but the Application Settings wont let me into it. worst case, at the moment I need to change a few things, what is the sql table to change things like the email notifications etc? Might be changing to another board, this one seems to break too much.
This discussion has been closed.