-
assigned issue to
CALUM POLWART
Prohibited tags problem
Issue #24
open
With the standard prohibited tag <? the SRE extension wont import a file. I get the error message: RHSSveckosegling2016.htm contains the prohibitted phrase ? - processing failed. File moved to quarantine.
However if I change the prohibited tag in the com_sailwaveimporter_configuration to something else, such as aasskfk, the exact file is imported alright it seems.
Examples of imported Sailwave files are in this table: http://www.ifboat.se/kappsegling/resultat
Comments (10)
-
reporter
-
reporter
- changed version to 0.5a
-
Can you provide an example of the file before it is imported?
It should be in: http://www.ifboat.se/SailwaveResults/Quarantine/ but I'd need to know the filename as the folder is not browsable.
The prohibition of <? is intended to ensure embedded PHP can not be uploaded, which may pose a security risk. If you can be 100% certain that is not a risk for you you are safe to remove it from the exclusions.
-
- changed status to on hold
Waiting for further info from reporter
-
reporter
- attached Veckosegling2016.htm
This is the Sailwave export file.
-
reporter
- attached sre_error.txt
When running the import of that file I get this message at the console. So perhaps not everything is as it should.
My versions are these: Joomla 3.8.3 PHP 7.0.23 MySQLi 5.5.52-MariaDB-cll-lve
-
Thanks for uploading the raw html file. There is definitely no <? tag in the file so it is incorrect to be rejecting it. I'll get looking at the code and see if I can find a solution for you. It may take a few weeks with it being Christmas
-
- changed status to open
Need to test reproducability of issue, but certainly not correct behaviour that is reported
-
I am seeing the same behaviour; error message:
filename.htm contains the prohibitted phrase ? - processing failed. File moved to quarantine.
Following the initial post here I changed the file:
/public_htmladministratorcomponentscom_sailwaveimporterconfig.xml
By altering line 103 from
default='{"prohibited":["<?"]}'>
to
default='{"prohibited”:[“aasskfk”]}’>But this had no effect.
Any suggestions?
Steve Vyse
-
Sadly I no longer have a club that is using joomla for sailing. So this code has become abandon where
I think (it's been a while!) That changing the XML won't work unless you were clean installing. But there should be a setting in the extension settings called prohibited.
If you trust your uploaders then you can replace <? In there with <asskfk that should allow the upload if the issue is actually a <? Tag… but if it is… why is it? Or perhaps a PHP version change means that <? Is handled differently now…
- Log in to comment
