Maurizio Müller (Tinext) wrote:
I have a little problem with Magnolia and the Apache module mod-security.
If a user uploads a binary file with some disallowed characters and two disallowed characters are
consecutively like this file: "my picture (1).jpg" Magnolia will substitute the
disallowed characters with a dash (-) and the file (url) change as follow
"my-picture--1-.jpg".
The problem is that the Apache module mod-security blocks the double dash with
these errors:
1) Comment Evasion Attempt
2) Detects common comment types
3) Anomaly Score Exceeded (score 40): Detects common comment types
4) Transactional Anomaly Score (score 40): Detects common comment types
It is possible in Magnolia change the substitution character from dash (-) to
the underscore (_) character?
I know that a file name like "my picture (1).jpg" is bad for the web but
sometime a content editor uses it.
I think you should be able to modify your mod_security ruleset to not
block on the double dashes.
Nils Breunese.
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
