Jump to content


Photo

400 Bad Reuqest


  • Please log in to reply
3 replies to this topic

#1 webhead

webhead

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 22 April 2012 - 11:11 AM

So I'm getting this on the forums when people use a % in the topic title. It has just occurred to me that the portal does not use the same safe URLs that the rest of the board does. Anyone have any idea how to fix this? I'm looking around right now but I'd be happy on any advice you can offer. This seems like somewhat of a security risk. For reference, I'm using .htaccess and friendly URLs on my board.

Example: /forum/topic/320-test%20%%20test/

As you can see it just has another % character rather than URL encoding it.
Posted Image

#2 webhead

webhead

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 22 April 2012 - 12:57 PM

Well I did some digging around in the board files and I think I've found the solution.  I'm going to post it here because I hate when people say they've found a solution and then don't share.  If anyone wants to check my work and make sure this all looks legit (it appears to be working), I would more than welcome the input.

You will need to change some of the code in the Unreal Portal skin.
  • Go to your Admin CP => Look & Feel => Manage Skin Sets & Templates and then choose the skin you wish to edit
  • Make sure that "Template" is selected and scroll down to "skin_uportal"
  • Choose skin_uportal => latest_posts_big_row and skin_uportal => latest_posts_row
  • Replace the code as noted below:  


      
    skin_uportal => latest_posts_big_row
      
    Replace:
    	<a href='{parse url="showtopic={$fetch['tid']}" template="showtopic" seotitle="{$fetch['title']}" base="public"}'            		title="{$this->lang->words['topic_started']}{$fetch['start_date']}">{$fetch['title']}</a><br/>
      
    With:
    	<a href='{$this->registry->output->buildSEOUrl( 'showtopic=' . $fetch['tid'], 'public', $fetch['title_seo'], 'showtopic' )}">{$fetch['title']}</a><br/>
      
    skin_uportal => latest_posts_row
      
    Replace:
    	<a href='{parse url="showtopic={$fetch['tid']}&amp;view=getnewpost" template="showtopic" seotitle="{$fetch['title']}" base="public"}'>{$fetch['title']}</a><br/>
      
    With:
    	<a href='{$this->registry->output->buildSEOUrl( 'showtopic=' . $fetch['tid'] . '&amp;view=getnewpost', 'public', $fetch['title_seo'], 'showtopicunread' )}'>{$fetch['title']}</a><br/>
  • Save both of these template bits and then go check your site to make sure you didn't paste anything wrong.  I myself have pasted the code incorrectly a couple times.  It is imperative that you keep the { and } in there or an error will be thrown up when you try to save.
What exactly is the purpose of this?  IPB has a built in SEO URL conversion function (as you can see in the replaced code).  Far as I can tell, this simply takes out some of the nasty crap that makes it into URL titles and gives you something nice and clean.  Percent signs (%) in particular give the bad header error sometimes because of the weird combinations they work their way into...a % sign and then a space, for instance.  This should also stop any other goofy stuff that people might try and stick into topic titles and URLs.
Posted Image

#3 cricket

cricket

    Administrator

  • Root Admin[Root Admin]
  • PipPipPip
  • 308 posts

Posted 24 December 2012 - 09:26 PM

Should be fixed in 3.0.3


Posted Image


#4 webhead

webhead

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 20 January 2013 - 12:52 PM

Thanks cricket.  Glad to see you're back. :)


Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users