Project

General

Profile

Bug #7035

403 error page with link tool and mod_security

Added by Joachim Lucas over 5 years ago. Updated over 5 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Links
Target version:
Start date:
27/03/2014
Due date:
% Done:

0%

Estimated time:
Complexity:
Normal
SCRUM pts - complexity:
?

Description

In some hosting providers the Apache (or other, nginx) "mod_security" detect when a GET pass an url in the query parameters and in this case a 403 error page is sended to the user.

When you create a new link to google.com and want to click it in the list, the "real" link is :

http://www.monserveur.com/test/main/link/link_goto.php?cidReq=AAA&id_session=0&gidReq=0&link_id=1&link_url=http%3A%2F%2Fwww.google.com

The content of "link_url" is the issue. To avoid this, we can encode the url in base64 for example (base64_encode()) in main/inc/lib/link.lib.php and decode (base64_decode()) in /main/link/link_goto.php_ but should perhaps rethink the logic ... ?

History

#1

Updated by Yannick Warnier over 5 years ago

  • Category set to Links
  • Target version set to 2.0

Your suggestion seems fine to me.
Scheduling for 1.10 but maybe it can be done before that...

Also available in: Atom PDF