Up!
And running... Topic 'split'.
Posted: April 6th, 2012, 08:47 PM
And running... Topic 'split'.
« [Bug?] Layout problem with long titles
Split topic appears to trip Bad Behaviour
Nao
- Dadman with a boy
-
-
- Posts: 16,082
Arantor
-
-
- As powerful as possible, as complex as necessary.
- Posts: 14,278
And now I understand why it is broken. Your browser appears to not understand how to process HTTP/1.1.
The log shows that the request includes a Host header:
Host: wedge.org/pub/bugs
This is contrary to the specification in section 14.23 where it is only supposed to be the *host*. This trips the test because the Referer begins with http://wedge.org/do/splittopics as it should - and wedge.org/pub/bugs/ is not a substring of wedge.org/do/splittopics.
I don't yet know *why* this occurs but it does at least explain the problem.
The log shows that the request includes a Host header:
Host: wedge.org/pub/bugs
This is contrary to the specification in section 14.23 where it is only supposed to be the *host*. This trips the test because the Referer begins with http://wedge.org/do/splittopics as it should - and wedge.org/pub/bugs/ is not a substring of wedge.org/do/splittopics.
I don't yet know *why* this occurs but it does at least explain the problem.
When we unite against a common enemy that attacks our ethos, it nurtures group solidarity. Trolls are sensational, yes, but we keep everyone honest. | Game Memorial
Nao
- Dadman with a boy
-
-
- Posts: 16,082
Uh. How strange. I'm using the latest 'official' Opera really...
And why pub/bugs anyway? It should be using the splittopics URL...?
And why pub/bugs anyway? It should be using the splittopics URL...?
Arantor
-
-
- As powerful as possible, as complex as necessary.
- Posts: 14,278
Pretty URLs. The POST URL is constructed to have the board id first - and so it's converted to /pub/bugs/?action=... as the intrusion log shows.
What's happening is:
POST /7249/split-topic-appears-to-trip-bad-behaviour/?action=splittopics;sa=execute
Host: wedge.org/pub/bugs
I don't know why Opera's doing that, but that's what's causing this to happen - and note that if Opera behaved as it should, there wouldn't be a problem because the host would be submitted as just the hostname.
We can still fix the URL being generated so that it ends up as wedge.org/do/splittopics but given how Opera is issuing the wrong Host, I'd honestly rather not for the time being until I can find out what the hell Opera (and other browsers, looking at the log) are playing at.
What's happening is:
POST /7249/split-topic-appears-to-trip-bad-behaviour/?action=splittopics;sa=execute
Host: wedge.org/pub/bugs
I don't know why Opera's doing that, but that's what's causing this to happen - and note that if Opera behaved as it should, there wouldn't be a problem because the host would be submitted as just the hostname.
We can still fix the URL being generated so that it ends up as wedge.org/do/splittopics but given how Opera is issuing the wrong Host, I'd honestly rather not for the time being until I can find out what the hell Opera (and other browsers, looking at the log) are playing at.
Nao
- Dadman with a boy
-
-
- Posts: 16,082
Okay! It's nit that!
Look at querystring.php, I actually change the request var for the host to contain the board name. It's a technique I used to simplify other calculations. Iirc I save the actual host in another variable. You should take that into account or just change the method I used to something that fits you best.
Look at querystring.php, I actually change the request var for the host to contain the board name. It's a technique I used to simplify other calculations. Iirc I save the actual host in another variable. You should take that into account or just change the method I used to something that fits you best.
Arantor
-
-
- As powerful as possible, as complex as necessary.
- Posts: 14,278
Ahhhhhhhh, that makes sense. I did wonder why some browsers were ignoring the spec!
I noticed that the code sets $_SERVER['REAL_HTTP_HOST'] so I'll check for that, and if it's found, I'll reset the headers to use that instead of whatever $_SERVER['HTTP_HOST'] has.
Hopefully r1545 should fix this.
I noticed that the code sets $_SERVER['REAL_HTTP_HOST'] so I'll check for that, and if it's found, I'll reset the headers to use that instead of whatever $_SERVER['HTTP_HOST'] has.
Posted: April 6th, 2012, 10:30 PM
Hopefully r1545 should fix this.
Nao
- Dadman with a boy
-
-
- Posts: 16,082
That's it :)
Not on my pc so I can't upload btw. Sorry.
Posted: April 6th, 2012, 10:37 PM
Not on my pc so I can't upload btw. Sorry.
(Fixed indeed.)
Arantor
-
-
- As powerful as possible, as complex as necessary.
- Posts: 14,278