Hi everyone. I have Icy Phoenix 1.2.0.27c running on my server.
Las month I added one custom user record, a text field where users can write what car they have.
The problem is that the year's car usually is written with an ' previous of the 2 last numbers of year. i.e: 1991 -> '91.
When a user writes this character, the Ctracker blocks its register and the user get's the hacking warning. I do not know how to disable it, because I have disable all Ctracker at Cpanel, but the problem persist.
Thank you for your answers.
Custom Profile Record Error.
Subject: Re: Custom Profile Record Error.
Since you are already trying to upgrade ... please wait and see if the problem is solved after the upgrade :wink:
Subject: Re: Custom Profile Record Error.
this accent looks like some code for the crTracker, thats why you´re getting an hacking attempt.
try to not use this and better write the full year
try to not use this and better write the full year
Subject: Re: Custom Profile Record Error.
Then 97 etc will always be a problem.
Go to the ACP Ctracker and find the log and the name of the file that it is blocking.
Then something can be done about telling Ctracker to ignore it or kill Ctracker for the whole file.
That's not really the way to fix it, because no doubt the users add it manually :mryellow:
jefazo666 wrote: [View Post]
Then 97 etc will always be a problem.
Go to the ACP Ctracker and find the log and the name of the file that it is blocking.
Then something can be done about telling Ctracker to ignore it or kill Ctracker for the whole file.
spydie wrote:
That's not really the way to fix it, because no doubt the users add it manually :mryellow:
Subject: Re: Custom Profile Record Error.
I have an Issue with ACP right now. But when I fix it, I will try. Thank's mort.
Could you explain me where should I look for the info you requested? I never understood Ctracker and how I use it, so I do not know what are you asking me. I am sorry, but I would be thankful if you help me with this.
Could you explain me where should I look for the info you requested? I never understood Ctracker and how I use it, so I do not know what are you asking me. I am sorry, but I would be thankful if you help me with this.
Subject: Re: Custom Profile Record Error.
Do a search, I'm sure there is something in the documentation that would point you in the right direction. Or just go through Ctracker looking for the logs. - As it's one way of learning what's there and what's not.
jefazo666 wrote: [View Post]
Do a search, I'm sure there is something in the documentation that would point you in the right direction. Or just go through Ctracker looking for the logs. - As it's one way of learning what's there and what's not.
Subject: Re: Custom Profile Record Error.
correct mort.
but you´re right ablout crTracker log, finding the file it blocks.
I had that issue earlier with .27 and 53 but it was about check-boxes in profilfields
should be somewhere in the old support topic´s here.
Found it
fix was HERE
mort wrote: [View Post]
correct mort.
but you´re right ablout crTracker log, finding the file it blocks.
I had that issue earlier with .27 and 53 but it was about check-boxes in profilfields
should be somewhere in the old support topic´s here.
Found it
fix was HERE
Subject: Re: Custom Profile Record Error.
On older versions of HTTP, you could include a ' character on a text field on Login. This then should be passed to the SQL query and you could cause a syntax problem. Because of this Ctracker blocks this character on text fields.
The people wrotes at username something like :
" username' or 1==1 "
This changed the sql query and the OR with the 1==1 expresion, made that someone could login as anyone he wanted.
This is the reason why Ctracker blocks this character on text fields. The question is: if I have disabled the CTRacker, why this keeps working?
This issue with character was solved long time ago, so now Ctracker is checking for something useless.
The people wrotes at username something like :
" username' or 1==1 "
This changed the sql query and the OR with the 1==1 expresion, made that someone could login as anyone he wanted.
This is the reason why Ctracker blocks this character on text fields. The question is: if I have disabled the CTRacker, why this keeps working?
This issue with character was solved long time ago, so now Ctracker is checking for something useless.
Subject: Re: Custom Profile Record Error.
It;s not checking for something useless - It's acting on something it doesn't know about.
So why not open up ct_security.php and add the input field to the ignore array.
From what I can see it should then ignore it. :?:
Quote:
It;s not checking for something useless - It's acting on something it doesn't know about.
So why not open up ct_security.php and add the input field to the ignore array.
From what I can see it should then ignore it. :?:
Page 1 of 1
You cannot post new topicsYou cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls
You cannot attach files
You can download files
You cannot post calendar events
This is a "Lo-Fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Powered by Icy Phoenix based on phpBB
Generation Time: 0.3657s (PHP: 6% SQL: 94%)
SQL queries: 15 - Debug Off - GZIP Enabled