Hi everyone. I have Icy Phoenix 1.2.0.27c running on my server.
Las month I added one custom user record, a text field where users can write what car they have.
The problem is that the year's car usually is written with an ' previous of the 2 last numbers of year. i.e: 1991 -> '91.
When a user writes this character, the Ctracker blocks its register and the user get's the hacking warning. I do not know how to disable it, because I have disable all Ctracker at Cpanel, but the problem persist.
Thank you for your answers.
Icy Phoenix
Old Support Topics - Custom Profile Record Error.
jefazo666 [ Tue 16 Oct, 2012 01:15 ]
Post subject: Custom Profile Record Error.
Post subject: Custom Profile Record Error.
Joshua203 [ Tue 16 Oct, 2012 10:54 ]
Post subject: Re: Custom Profile Record Error.
Post subject: Re: Custom Profile Record Error.
Since you are already trying to upgrade ... please wait and see if the problem is solved after the upgrade 
spydie [ Tue 16 Oct, 2012 12:14 ]
Post subject: Re: Custom Profile Record Error.
Post subject: Re: Custom Profile Record Error.
this accent looks like some code for the crTracker, thats why you´re getting an hacking attempt.
try to not use this and better write the full year
try to not use this and better write the full year
mort [ Tue 16 Oct, 2012 13:39 ]
Post subject: Re: Custom Profile Record Error.
Then 97 etc will always be a problem.
Go to the ACP Ctracker and find the log and the name of the file that it is blocking.
Then something can be done about telling Ctracker to ignore it or kill Ctracker for the whole file.
That's not really the way to fix it, because no doubt the users add it manually
Post subject: Re: Custom Profile Record Error.
jefazo666 wrote: [View Post]
Then 97 etc will always be a problem.
Go to the ACP Ctracker and find the log and the name of the file that it is blocking.
Then something can be done about telling Ctracker to ignore it or kill Ctracker for the whole file.
spydie wrote:
That's not really the way to fix it, because no doubt the users add it manually
jefazo666 [ Tue 16 Oct, 2012 13:47 ]
Post subject: Re: Custom Profile Record Error.
Post subject: Re: Custom Profile Record Error.
I have an Issue with ACP right now. But when I fix it, I will try. Thank's mort.
Could you explain me where should I look for the info you requested? I never understood Ctracker and how I use it, so I do not know what are you asking me. I am sorry, but I would be thankful if you help me with this.
Could you explain me where should I look for the info you requested? I never understood Ctracker and how I use it, so I do not know what are you asking me. I am sorry, but I would be thankful if you help me with this.
mort [ Tue 16 Oct, 2012 14:59 ]
Post subject: Re: Custom Profile Record Error.
Do a search, I'm sure there is something in the documentation that would point you in the right direction. Or just go through Ctracker looking for the logs. - As it's one way of learning what's there and what's not.
Post subject: Re: Custom Profile Record Error.
jefazo666 wrote: [View Post]
Do a search, I'm sure there is something in the documentation that would point you in the right direction. Or just go through Ctracker looking for the logs. - As it's one way of learning what's there and what's not.
spydie [ Tue 16 Oct, 2012 15:58 ]
Post subject: Re: Custom Profile Record Error.
correct mort.
but you´re right ablout crTracker log, finding the file it blocks.
I had that issue earlier with .27 and 53 but it was about check-boxes in profilfields
should be somewhere in the old support topic´s here.
Found it
fix was HERE
Post subject: Re: Custom Profile Record Error.
mort wrote: [View Post]
correct mort.
but you´re right ablout crTracker log, finding the file it blocks.
I had that issue earlier with .27 and 53 but it was about check-boxes in profilfields
should be somewhere in the old support topic´s here.
Found it
fix was HERE
jefazo666 [ Tue 16 Oct, 2012 16:21 ]
Post subject: Re: Custom Profile Record Error.
Post subject: Re: Custom Profile Record Error.
On older versions of HTTP, you could include a ' character on a text field on Login. This then should be passed to the SQL query and you could cause a syntax problem. Because of this Ctracker blocks this character on text fields.
The people wrotes at username something like :
" username' or 1==1 "
This changed the sql query and the OR with the 1==1 expresion, made that someone could login as anyone he wanted.
This is the reason why Ctracker blocks this character on text fields. The question is: if I have disabled the CTRacker, why this keeps working?
This issue with character was solved long time ago, so now Ctracker is checking for something useless.
The people wrotes at username something like :
" username' or 1==1 "
This changed the sql query and the OR with the 1==1 expresion, made that someone could login as anyone he wanted.
This is the reason why Ctracker blocks this character on text fields. The question is: if I have disabled the CTRacker, why this keeps working?
This issue with character was solved long time ago, so now Ctracker is checking for something useless.
mort [ Wed 17 Oct, 2012 02:49 ]
Post subject: Re: Custom Profile Record Error.
It;s not checking for something useless - It's acting on something it doesn't know about.
So why not open up ct_security.php and add the input field to the ignore array.
From what I can see it should then ignore it.
Post subject: Re: Custom Profile Record Error.
Quote:
It;s not checking for something useless - It's acting on something it doesn't know about.
So why not open up ct_security.php and add the input field to the ignore array.
From what I can see it should then ignore it.