No, nowhere is a "KEYWORDS" parameter. What I did find though, is that if I change the form "method" from "post" to "get" everything works...?!!!
I'll go with the "get" as I have to move on to other things. I'm not concerned about security for that one, as it is [only] for the site admin (who is behind the firewall, the resource is protected with a security constraint and the URL is a SSL URL). Thanks for your interest and reply. Best regards, Markus -----Original Message----- From: Jeremy Wadsack [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 10, 2003 3:57 PM To: [EMAIL PROTECTED] Subject: Re: [analog-help] Unsafe characters in "KEYWORDS" You can set a parameter "QV" to 1 to have anlgform print out all the parameters sent into it. Somewhere in your form or CGI process it's reading a parameter named 'KEYWORDS'. Check your server logs for additional information (including the value) that might help you track down where that's occurring. -- Jeremy Wadsack Wadsack-Allen Digital Group Markus Van Heerden ([EMAIL PROTECTED]; Tuesday, June 10, 2003 2:34 PM): > Thanks for responding Jeremy. > Nowhere in the form do I have a KEYWORDS element?! > Here is the list of "parameters" that is passed to anglform.pl: > DOMSORTBY=BYTES MONTHLY=ON DIRFLOORB=b SEARCHQUERY=OFF DIRFLOORA= > DAILYREP=OFF FILEINCLUDE= ignore4=b ignore3=-50 ignore2=b REFSORTBY=PAGES > FILEEXCLUDE= STATUS=OFF ignore1=10M REQSORTBY=REQUESTS GENERAL=ON > REQINCLUDE=* FILETYPE=OFF ORGFLOORB=r ORGFLOORA= DOMFLOORB=b DOMFLOORA= > BROWSERSUM=OFF SIZE=OFF REQUEST=ON ORGANISATION=ON DIRSORTBY=BYTES OSREP=OFF > REFERRER=OFF REFFLOORB=p FROM= REFFLOORA= REQFLOORB=r REQFLOORA= DAILYSUM=ON > TO= DIRECTORY=ON SEARCHWORD=OFF DOMAIN=ON WEEKLY=OFF ORGSORTBY=REQUESTS > HOURLYSUM=ON > I'm still stumped. > Thanks > Markus > -----Original Message----- > From: Jeremy Wadsack [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 10, 2003 3:16 PM > To: [EMAIL PROTECTED] > Subject: Re: [analog-help] Unsafe characters in "KEYWORDS" > Markus Van Heerden ([EMAIL PROTECTED]; Tuesday, June 10, 2003 > 1:57 PM): >> Hi All, >> Upon clicking the "Produce statistics" button (with all settings at the >> default), I get the output below. >> I'm using analog version 5.32 on Sun Solaris. >> "[Tue Jun 10 14:45:47 2003] >> /apps/tomcat/jakarta-tomcat-4.0.6/webapps/mdc/WEB-INF/cgi/anlgform.pl: >> Unsafe characters in "KEYWORDS " on request from <my ip address> Died at >> /apps/tomcat/jakarta-tomcat-4.0.6/webapps/mdc/WEB-INF/cgi/anlgform.pl line >> 205. >> Illegal Request >> Unsafe characters in KEYWORDS." >> When I run analog from the command line it, produces my output file > fine... >> Please let me know if you have any ideas. > See http://analog.cx/docs/form.html. This is a security feature of the > form interface designed to protect your server from malicious attacks. > Unsafe characters are anything that could constitute a shell attack, > such as &, <, >, |, etc. > However, there is no Analog command 'KEYWORDS' so it shouldn't be a > problem if you remove the input from the form that has that name. +------------------------------------------------------------------------ | TO UNSUBSCRIBE from this list: | http://lists.isite.net/listgate/analog-help/unsubscribe.html | | Digest version: http://lists.isite.net/listgate/analog-help-digest/ | Usenet version: news://news.gmane.org/gmane.comp.web.analog.general | List archives: http://www.analog.cx/docs/mailing.html#listarchives +------------------------------------------------------------------------ +------------------------------------------------------------------------ | TO UNSUBSCRIBE from this list: | http://lists.isite.net/listgate/analog-help/unsubscribe.html | | Digest version: http://lists.isite.net/listgate/analog-help-digest/ | Usenet version: news://news.gmane.org/gmane.comp.web.analog.general | List archives: http://www.analog.cx/docs/mailing.html#listarchives +------------------------------------------------------------------------
