I check my database and is ok, nothing strange.
I check the php files in formalms, and found where is the verificacion input.
/lib/lib.filterinput.php
And this function...
/**
* This is a helper function. To prevent malicious users
* from trying to exploit keys we make sure that keys are
* only named with alpha-numeric text and a few other items.
*
* @param string string to clean
* @return string
*/
protected function clean_input_keys($str) {
if ( ! preg_match('#^[&a-zA-Z0-9\.:_/-\s]+$#uD', $str)) {
exit('Disallowed key characters in global data.');
}
return $str;
}
I comment the line say Disallowed key chararacters and now I can enter my site. (line 230)
I know this is an important security function to prevent strange keys, I also found that other applications like gallery3, bulletin boards have the same problem since 2009. What is going on then?
Nobody knows why is happening, only to comment that line. Even is I pass the variable str like:
exit('Disallowed key characters in global data.',$str);
to see what is the character disturbing, only show me a blank page. When reloading, even the login page of FormaLMS is blank. I have to delete the session cookie to see the login page.
Maybe some php.ini is the problem? I saw that are some of this variables used in the application like:
ini_set('arg_separator.output', '&');
ini_set('magic_quotes_runtime', 0);
ini_set('magic_quotes_sybase', 0);
ini_set('session.cache_expire', (int)$cfg['session_lenght']);
ini_set('session.cache_limiter', 'none');
ini_set('session.cookie_lifetime', (int)$cfg['session_lenght']);
// ini_set('session.save_handler', 'files');
ini_set('session.use_only_cookies', 1);
ini_set('session.use_trans_sid', 0);
ini_set('url_rewriter.tags', '');
I'll upload a phpinfo file to test....
Disallowed Key Characters in global data
Re: Disallowed Key Characters in global data
he seriel
the function "clean_input_keys() " is a filter to check input data and disallow malicious characters.
to see the string that offending clean_input_keys , the exact code is
Please post the result and the output of phpinfo()
the function "clean_input_keys() " is a filter to check input data and disallow malicious characters.
to see the string that offending clean_input_keys , the exact code is
Code: Select all
exit('Disallowed key characters in global data. ' . $str);
Cercate nel forum le riposte prima di chiedere. Check the forum before posting
---------------
Claudio Anelli
Joint Technologies - Sistemi avanzati per l'information technology
http://www.joint-tech.com
---------------
---------------
Claudio Anelli
Joint Technologies - Sistemi avanzati per l'information technology
http://www.joint-tech.com
---------------
Re: Disallowed Key Characters in global data
Hi again...
Well, I as mentioned before, I disabled that line and my site is running again.
I also did what you said and the result is just a blank page... nothing more, no characters, no line of code, nothing.
I can't post a phpinfo() result because my hosting provider don't let me do.I asked to my support team that they do it for me. Until then I don't know what php modules have my server.
Meanwhile, disable that line works for me (It's an ugly patch but work...
)
If I have the info I'll post it...
Very thank you
Well, I as mentioned before, I disabled that line and my site is running again.
I also did what you said and the result is just a blank page... nothing more, no characters, no line of code, nothing.
I can't post a phpinfo() result because my hosting provider don't let me do.I asked to my support team that they do it for me. Until then I don't know what php modules have my server.
Meanwhile, disable that line works for me (It's an ugly patch but work...
)If I have the info I'll post it...
Very thank you