I get errors similar to this when trying to create UDTs and add templates or update user preferences.
I get this entery in my error log
I can create a simple UDT[Sat Apr 11 22:04:33 2009] [error] [client xxx.xxx.xxx] ModSecurity: Warning. Pattern match "(?:\\\\b(?:(?:s(?:elect\\\\b(?:.{1,100}?\\\\b(?:(?:length|count|top)\\\\b.{1,100}?\\\\bfrom|from\\\\b.{1,100}?\\\\bwhere)|.*?\\\\b(?:d(?:ump\\\\b.*\\\\bfrom|ata_type)|(?:to_(?:numbe|cha)|inst)r))|p_(?:(?:addextendedpro|sqlexe)c|(?:oacreat|prepar)e|execute(?:sql)?|makewebt ..." at ARGS:code. [id "950001"] [msg "SQL Injection Attack. Matched signature "] [severity "CRITICAL"] [hostname "MYSITE.org"] [uri "/admin/edituserplugin.php?_s_=67e6d404&userplugin_id=41"] [unique_id "SeFaQUMPZxEAACQsIxQAAAAQ"]
[Sat Apr 11 22:04:33 2009] [error] [client xxx.xxx.xxx] ModSecurity: Access denied with code 501 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}? ..." at ARGS:code. [id "950006"] [msg "System Command Injection. Matched signature "] [severity "CRITICAL"] [hostname "MYSITE.org"] [uri "/admin/edituserplugin.php?_s_=67e6d404&userplugin_id=41"] [unique_id "SeFaQUMPZxEAACQsIxQAAAAQ"]
Code: Select all
echo 'it works';Apache 2.x
php 5.x
MySql 5.x
http://forum.cmsmadesimple.org/index.php/topic,5775.0.html
westis code
Code: Select all
$html="";
$categories = array(
1 => array(
'catid' => 1,
'categoryname' => "Name of category 1"
),
2 => array(
'catid' => 2,
'categoryname' => "Name of category 2"
),
3 => array(
'catid' => 3,
'categoryname' => "Name of category 3"
),
4 => array(
'catid' => 4,
'categoryname' => "Name of category 4"
)
);
//post handler
$catid = '';
if($_SERVER['REQUEST_METHOD']=='POST') {
if (preg_match("/[0-9]*/" , $_POST['category_id']))
$catid = $_POST['category_id'];
$category=$categories[$catid]['categoryname'];
}
//form
$html .= '<form method="post">'."\n";
$html .= '<select name="category_id">'."\n";
foreach($categories as $one) {
$html .= '<option value="'. $one['catid'] .'" ';
if ($catid == $one['catid'])
$html .= 'selected';
$html .= '>'. $one['categoryname'] .'</option>'."\n";
};
$html .= '</select>'."\n";
$html .= '<input type="submit" value="Select a category" />'."\n";
$html .= '</form>'."\n";
//end form
if($catid) {
echo $html;
//Uploads module tag
global $gCms;
$mid = 'm' . ++$gCms->variables["modulenum"];
$returnid = '';
if (isset($gCms->variables['pageinfo']))
{
$returnid = $gCms->variables['pageinfo']->content_id;
}
print_r( $parms );
$uploads = $gCms->modules['Uploads']['object'];
$parms = array();
$parms['category'] = $category;
$parms['mode'] = summary;
$parms['sortorder'] = date_desc;
$parms['summary_filetemplate'] = 'videos.tpl';
$parms['detail_filetemplate'] = 'showvideo.tpl';
$html .= $uploads->DoAction( 'default', $mid, $parms, $returnid );
//end Uploads module tag
} else {
//help
$html .= '<h4>Select a category</h4>';
echo $html;
}
Is there a Typo.