|
Post by cenobyte on Oct 5, 2007 7:20:40 GMT -5
I am running 1.7.3
When I attempt to delete multiple comments, and/or sometimes when I attempt to modify or edit comments, I receive the following error: "We don't take kindly to that sort of activity here. Your attempt to break the script has been logged and the administrators have been notified."
I have tried using different browsers, but the result is the same.
I also receive this message sometimes when attempting to edit an entry itself. I can sometimes resolve that issue by unchecking the 'rebuild all files' box, then going in and manually rebuilding the files afterward.
However, when I receive this message after trying to delete or edit a comment, unchecking that box makes no difference.
There is no mention of the 'hack attempt' made in the CP, and the administrator (me) is never actually notified of anything.
|
|
|
Post by petefinnigan on Oct 5, 2007 9:35:04 GMT -5
Hi,
This sounds like the same issue I had trying to edit an email address in a comment. No fix yet, but thought I should highlight that it looks to be the same issue.
cheers
pete
|
|
|
Post by coldstone on Oct 5, 2007 17:19:20 GMT -5
Greymatter is trying to detect whether someone malicious is working against it. You are correct, the script doesn't notify anyone (yet).
Its more than likely the data. Some screens will let the data through, then others will barf on it. Cenobyte, can you point me to some of your log entries (the html pages) that you have trouble with? I will look into this further (your issue too Pete).
|
|
|
Post by petefinnigan on Oct 8, 2007 6:46:01 GMT -5
Thanks very much Coldstone, as you suggested on the other thread this is likely to be the @ symbol in the case of the email?
cheers
Pete
|
|
|
Post by coldstone on Oct 10, 2007 13:58:04 GMT -5
I was off base on the @ symbol. Currently GM is particular about &, ', ", <, and > chars and does its own translation on them. For everything but the ampersand it changes them into the actual html entity code. However, those codes all have ampersands with get turned into '|AMP|' (still puzzles me). Its in the Gm_Utils::toWebSafe and toStoreSafe methods (used to be called 'delouse' in gm-library).
|
|