problem with special characters in generated htaccess

Home Forums BulletProof Security Free problem with special characters in generated htaccess

This topic contains 32 replies, has 2 voices, and was last updated by  AITpro Admin 4 years, 6 months ago.

Viewing 15 posts - 1 through 15 (of 33 total)
  • Author
    Posts
  • #11639

    silas88
    Participant

    Hi,

    I have been struggling with this issue for a while but now I feel I need to resolve it properly. Sometimes (I can not figure out why it’s not everytime) some special characters in my custom code sections are replaced by their ASCI code equivalents
    e.g. Any idea why that is?

    RewriteCond %{QUERY_STRING} (\\|\.\./|`|=\'$|=%27$) [NC,OR]
    becomes 
    RewriteCond %{QUERY_STRING} (\\|\.\./|`|=\'$|=%27$) [NC,OR]
    #11643

    AITpro Admin
    Keymaster

    I don’t understand exactly what you are saying.  Where exactly are the characters being replaced?

    #11646

    silas88
    Participant

    Sorry I am having a problem getting the code to show as is. The characters, for example, are & # 039 ;  instead of ‘ The charachers between & and ; have no speces between them in realiy but I can’t get them to display properly even when using pre.

    #11648

    AITpro Admin
    Keymaster

    Yes, that is because ASCII is automatically converted.  this is normal/standard behaviour with everything that is web based.  You have to force ASCII characters to display as ASCII otherwise the normal / standard conversion will occur with everything.  This may be what is happening with Custom Code as well.  I will force the ASCII characters to display in your Posts above.

    #11650

    AITpro Admin
    Keymaster

    Ok you already did that.  Now I need to know the exact specific details of what you are trying to do.  My hunch is you are trying to do something that is not valid.  ie add invalid code to Custom Code.  So do a step by step of the entire issue.

    #11651

    silas88
    Participant

    What do i need to do to make BPSPro (or my WP setup / seervber) to generate the correct character insead of he ascii code? This doesn’t seem to be consistent in my htaccess and it’s very hard to read (e.g  comments with ASCI codes appearing now and again).

    #11652

    AITpro Admin
    Keymaster

    You need to post what you are trying to do step by step so that I can see what the problem is. Or are you saying that something on your website/server is converting the code characters to ASCII by itself?

    #11657

    silas88
    Participant

    Some of my custom code sections are quite long. I’ll try again with pre. The original code is In the generated code single quotes are replace by their asci equivalent.

    Header set X-Content-Security-Policy "default-src 'self'; img-src 'self' analytics.mydomain.com; \
    script-src 'self' analytics.mydomain.com ajax.googleapis.com; font-src 'self' data:" env=ie
    </>
     Header set X-Content-Security-Policy "default-src 'self'; img-src 'self' analytics.mydomain.com; \
    script-src 'self' analytics.mydomain.come ajax.googleapis.com; font-src 'self' data:" env=ie
    #
    #11659

    AITpro Admin
    Keymaster

    Where is the code being replaced?  In your .htaccess file or in Custom Code?  When does this happen exactly?  If you want to display ASCII then do not wrap the characters in pre tags.  pre or code tags mean output/convert the ASCII characters to code.  Just copy and paste the ASCII characters.

    #11663

    silas88
    Participant

    I am not sure where the problem is originating. Maybe I need to check my php.ini. I don’t see why it’s not happening with all characters. I see now that is only happening with single quotes.

    #11665

    AITpro Admin
    Keymaster

    That sounds like a Magic Quotes problem.  Do you have Magic Quotes enabled in your php.ini file?

    #11666

    silas88
    Participant

    The generated code example above should have been …

    Header set X-Content-Security-Policy "default-src 'self'; img-src 'self' analytics.mydomain.com; \
    script-src 'self' analytics.mydomain.com ajax.googleapis.com; font-src 'self' data:" env=ie
    #11667

    silas88
    Participant

    Ha! That didn’t work either! I’ll check my php file now.

    #11671

    AITpro Admin
    Keymaster

    I still have no idea what you are talking about so at some point post a step by step of what you are doing and what is occurring.  Thanks.

    #11675

    silas88
    Participant

    Ok, in my php.ini I have magic_quotes_gpc = Off And anyway I am using php 5.4.0 and according to http://us3.php.net/manual/en/security.magicquotes.php This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0. Sorry my explanation was very poor. In my Custom Code I have certain lines (like the X-Content-Security-Policy one above) that use single quotes. I have not escaped these, I have not used the ASCI code equivalent, simply a single quote. In the BPS generated htaccess code the single quoteis replace by it’s ASCI equivalent. So does that mean that I need to escape all my single quotes? I guess so unless I have misunderstood what magic quotes does (or did).

Viewing 15 posts - 1 through 15 (of 33 total)

You must be logged in to reply to this topic.