PHP MySQL issue.

[m4trix.v2]

My website is hosted in webhosting.uk.com , I write a script to post news .I have user tag : <textarea> </textarea> . i types html in tag <textarea> then i post , a problem is exist . the page where i post my news is transfer to homepage , the posted is not successful .! please take me a solution ?
Note: ii'm use php & mysql
Thanks for reading !

[Pumazooma]

Same problem I suspect
Serve Dislikes < and > brackets

[Administrator]

It seems that mod_security rules on our server don't like what you are trying to post. You can contact one of our senior system administrators from our helpdesk support.webhosting.uk.com and get this rectified or you can put following code in your .htaccess to disable mod_security :-


<IfModule mod_security.c>

SecFilterEngine Off

SecFilterScanPOST Off

</IfModule>

[Pumazooma]

Is it safe to add that to htaccess?
I want to be able to add a custom BBcode to my phpBB3 forum and applying that code above is the only way to do it. I just want to make sure I'm not compromising anything by doing it.

[Administrator]

Quote:

Originally Posted by Pumazooma

Is it safe to add that to htaccess?
I want to be able to add a custom BBcode to my phpBB3 forum and applying that code above is the only way to do it. I just want to make sure I'm not compromising anything by doing it.

You will need to ensure that you keep on upgrading your PHPBB forum as and when new patches are released. If you fail to do so then you may face problems and we wont be taking any sort of responsibility for any sort of intrusion if we find the mod_security disabling code in your .htaccess

[Pumazooma]

Fair enough.
I do always keep up with the updates so that wouldn't be an issue if I choose to do it.
Is there no alternative to allow < and > in the forum that doesn't disable mod_security altogether?

[Pumazooma]

S'ok found a simple way around it and kept mod_security on.

[Prince of Cats]

Quote:

Originally Posted by Pumazooma

S'ok found a simple way around it and kept mod_security on.

Do you fancy telling us what it was? I have spent the last two hours searching the web on the assumption that it was a PHP thing (html forms sent to perl do it too) and 12:20am is too late for me to be messing with things...

[Pumazooma]

Yep, easy really.

mod_security doesn't let you do posts with <> in them. In my case I was wanting to add some custom BBcode.
So, I edited the htaccess file to turn off mod_security, as explained in post #3 above, then entered my BBcode, then edited it back out of the htaccess file.

mod_security only freaks out at the time that code is initially posted. So, turn it off, post it, turn it back on. Now it's actually IN the forum it doesn't worry about it any more.

[Prince of Cats]

Ah, thanks...

That wouldn't really help in my case, but it is not a bad idea.