Icy Phoenix

Hi everyone. I have Icy Phoenix 1.2.0.27c running on my server.

Las month I added one custom user record, a text field where users can write what car they have.

The problem is that the year's car usually is written with an ' previous of the 2 last numbers of year. i.e: 1991 -> '91.

When a user writes this character, the Ctracker blocks its register and the user get's the hacking warning. I do not know how to disable it, because I have disable all Ctracker at Cpanel, but the problem persist.

Thank you for your answers.

Since you are already trying to upgrade ... please wait and see if the problem is solved after the upgrade :wink:

this accent looks like some code for the crTracker, thats why you´re getting an hacking attempt.

try to not use this and better write the full year

jefazo666 wrote: [View Post]

I do not know how to disable it, because I have disable all Ctracker at Cpanel, but the problem persist.

Then 97 etc will always be a problem.

Go to the ACP Ctracker and find the log and the name of the file that it is blocking.

Then something can be done about telling Ctracker to ignore it or kill Ctracker for the whole file.

spydie wrote: 

Try to not use this and better write the full year

That's not really the way to fix it, because no doubt the users add it manually :mryellow:

I have an Issue with ACP right now. But when I fix it, I will try. Thank's mort.

Could you explain me where should I look for the info you requested? I never understood Ctracker and how I use it, so I do not know what are you asking me. I am sorry, but I would be thankful if you help me with this.

jefazo666 wrote: [View Post]

I never understood Ctracker and how I use it, so I do not know what are you asking me.

Do a search, I'm sure there is something in the documentation that would point you in the right direction. Or just go through Ctracker looking for the logs. - As it's one way of learning what's there and what's not.

mort wrote: [View Post]

Then 97 etc will always be a problem.

Go to the ACP Ctracker and find the log and the name of the file that it is blocking.

Then something can be done about telling Ctracker to ignore it or kill Ctracker for the whole file.

spydie wrote: 

Try to not use this and better write the full year

That's not really the way to fix it, because no doubt the users add it manually :mryellow:

correct mort.

but you´re right ablout crTracker log, finding the file it blocks.

I had that issue earlier with .27 and 53 but it was about check-boxes in profilfields

should be somewhere in the old support topic´s here.

Found it

fix was HERE

On older versions of HTTP, you could include a ' character on a text field on Login. This then should be passed to the SQL query and you could cause a syntax problem. Because of this Ctracker blocks this character on text fields.

The people wrotes at username something like :

" username' or 1==1 "

This changed the sql query and the OR with the 1==1 expresion, made that someone could login as anyone he wanted.

This is the reason why Ctracker blocks this character on text fields. The question is: if I have disabled the CTRacker, why this keeps working?

This issue with character was solved long time ago, so now Ctracker is checking for something useless.

Quote:

Ctracker is checking for something useless.

It;s not checking for something useless - It's acting on something it doesn't know about.

So why not open up ct_security.php and add the input field to the ignore array.

From what I can see it should then ignore it. :?: