Error or feature? (Commenting)

[jesper]

Hi there. Im setting up GM and have encounter something annoying.
Whenever i try to post a comment thats more then a couple of words long, I get an error message, just after i enter the numbers and letters for the anti-bot step.
Short comments work though.

It says: "We don't take kindly to that sort of activity here. Your attempt to break the script has been logged and the administrators have been notified."

However, there is nothing in the control panel log. And in Apache log, the only thing I find is:

"[error] [client 192.168.0.2] [Fri May 11 22:04:51 2007] gm.cgi: 1.8 at libs/Gm_Utils.pm line 317., referer: gidlund.biz/cgi-bin/gm.cgi

[error] [client 192.168.0.2] [Fri May 11 22:04:51 2007] gm.cgi: 1.8 at libs/Gm_Utils.pm line 319., referer: gidlund.biz/cgi-bin/gm.cgi"

And when looking at those lines I find:

jesper@box:/usr/local/apache2/logs# cat -n /usr/local/apache2/cgi-bin/libs/Gm_Utils.pm|grep 317
317 warn "$digit";
jesper@box:/usr/local/apache2/logs# cat -n /usr/local/apache2/cgi-bin/libs/Gm_Utils.pm|grep 319
319 warn "$digitTwo";

I cant figure out what s wrong though. I would assume that has to do with the enter-the-numbers-and-letters check, but why would it only appear when posting longer comments?

Im running GM 1.7.2.3 with Apache on slackware, and using Perl v5.8.7

Any ideas?

Edit: I confirmed it to be a problem with the comment verification by turning it off, without it i can enter long comments.

Oh, and by the way, the diagnistics and repair function doesnt report any errors.

[coldstone]

Hmm, that is funky. Can you post a sample of a 'longer' comment?

That message is supposed to be reacting to suspicious characters in the comment (attempts to break the script), such as the '|' character and the null '\0' character.

[jesper]

Hmm, now im getting confused.. It seems to be a little random.

For example:

hej janne luktar gurka men inte mer nu mest och sen test hej hej

The above was allowed by the script and:

hej janne luktar gurka men inte mer nu mest och sen test hej hej test test gurka

The above was not allowed, but soon after, the same message was allowed!

The only thing i noticed was that the script re-used the same verification frase as the first message that was allowed, when it was blocked. And had a new verification frase when it was allowed. Could that has something to do with it?

[jesper]

This was blocked even though it had a new verification code, and i seem to remember having seen the script block me when having a blank/emty line between text before:

hej janne luktar gurka men inte mer nu mest och sen test hej hejhej janne luktar gurka men inte mer nu mest och sen test hej

hejhej janne luktar gurka men inte mer nu mest och sen test hej hejhej janne luktar gurka men inte mer

[coldstone]

I'll try testing a see if I can spot anything. Thanks for the samples.

BTW, there is a three minute window for typing in the pass-phrase, but you shouldn't get the error you did even if you take too long. So, nevermind. I was just thinking outloud.

Unless, do you remember what the passphrase was when it wasn't allowed? I wonder if that is has a bad character or something, so its tripping the alert.

[jesper]

This is the code it gave me this time: zkhwuiy

And the message blocked was:

hej janne luktar gurka men inte mer nu mest och sen test hej hejhej janne luktar gurka men inte mer nu mest och sen test hej hej

hej janne luktar gurka men inte mer nu mest och sen test hej hejhej janne luktar gurka men inte mer nu mest och sen test hej hej

EDIT:
Ive tried with both random and static frases, didnt make a difference.

EDIT2:
i tried again with the same message and not using copy&paste on the validation, thinking it might have a check for that. And also noticed it had both letters and numbers this time. Using this frase: 71fezxc .. Still no go.

[coldstone]

I will try to replicate this in my local development, but would you mind if I tried on your setup? If not, post your url.

[jesper]

Sure.

blogg.gidlund.biz

Edit:
I'm also having another problem. It seems my monthly archives are randomly deleted when i rebuild the site. I fix this by rebuilding again, and sometimes it works, sometimes it doesnt. Not a very big deal, since its easily fixed by rebuilding, but i was wondering if others have had this problem?

And also, since you seem to know alot about the comment verification system.

How would i go about to place it in the comment form? I would like to have visitors enter their name, message etc, and the comment verification code on the same page, and pass it to the verification script when they hit submit. Is it possible?

[coldstone]

I'll take a look. I think the way the random phrase is being generated may put invisible wonky characters.

The monthy archive issue could be related to how many entries you have in that month. Is it the first entry for your site? And is it the only entry in that month?

I should know about the system, I wrote it However, I have bad news, maybe. As you might have noticed, each entry is a static page. This means that we can't do dynamic content that would expire, in other words, if you put a random phrase on a page, it would only update after each rebuild/comment. This means that the phrase couldn't 'expire' after three minutes.

However, if you are content with a static phrase, then you can add this to your form to make it work:

Verify "phrase you choose":<input name="userverify" size="30" type="text" class="text" />

Then in your configs you can set the verification to be static and set the "phrase".

[jesper]

Ah, that would explain why the blogs i've seen having the phrase on the same page have had it static. Well no biggie, one extra page doesnt hurt anyone.

And for the monthly issue, i have 3 open and 1 closed entry, i might have had 2 open plus 1 closed the last time it happend, im not sure about that.

[coldstone]

I believe I have found the issue, or rather, I think the issue is the newline thing you pointed out above.

If there is a newline in a comment that is preview'ed or verified then Gm encodes it in a certain way on the form that triggers the audit alert. The details are here:

greymatterforum.proboards82.com/index.cgi?board=gmbugreport&action=display&thread=1180022969

Thanks for catching this.