Home › Forums › BulletProof Security Free › problem with special characters in generated htaccess
- This topic has 32 replies, 2 voices, and was last updated 10 years, 10 months ago by AITpro Admin.
-
AuthorPosts
-
silas88Participant
Hi,
I have been struggling with this issue for a while but now I feel I need to resolve it properly. Sometimes (I can not figure out why it’s not everytime) some special characters in my custom code sections are replaced by their ASCI code equivalents
e.g. Any idea why that is?RewriteCond %{QUERY_STRING} (\\|\.\./|`|=\'$|=%27$) [NC,OR] becomes RewriteCond %{QUERY_STRING} (\\|\.\./|`|=\'$|=%27$) [NC,OR]
AITpro AdminKeymasterI don’t understand exactly what you are saying. Where exactly are the characters being replaced?
silas88ParticipantSorry I am having a problem getting the code to show as is. The characters, for example, are & # 039 ; instead of ‘ The charachers between & and ; have no speces between them in realiy but I can’t get them to display properly even when using pre.
AITpro AdminKeymasterYes, that is because ASCII is automatically converted. this is normal/standard behaviour with everything that is web based. You have to force ASCII characters to display as ASCII otherwise the normal / standard conversion will occur with everything. This may be what is happening with Custom Code as well. I will force the ASCII characters to display in your Posts above.
AITpro AdminKeymasterOk you already did that. Now I need to know the exact specific details of what you are trying to do. My hunch is you are trying to do something that is not valid. ie add invalid code to Custom Code. So do a step by step of the entire issue.
silas88ParticipantWhat do i need to do to make BPSPro (or my WP setup / seervber) to generate the correct character insead of he ascii code? This doesn’t seem to be consistent in my htaccess and it’s very hard to read (e.g comments with ASCI codes appearing now and again).
AITpro AdminKeymasterYou need to post what you are trying to do step by step so that I can see what the problem is. Or are you saying that something on your website/server is converting the code characters to ASCII by itself?
silas88ParticipantSome of my custom code sections are quite long. I’ll try again with pre. The original code is In the generated code single quotes are replace by their asci equivalent.
Header set X-Content-Security-Policy "default-src 'self'; img-src 'self' analytics.mydomain.com; \ script-src 'self' analytics.mydomain.com ajax.googleapis.com; font-src 'self' data:" env=ie </>
Header set X-Content-Security-Policy "default-src 'self'; img-src 'self' analytics.mydomain.com; \ script-src 'self' analytics.mydomain.come ajax.googleapis.com; font-src 'self' data:" env=ie #
AITpro AdminKeymasterWhere is the code being replaced? In your .htaccess file or in Custom Code? When does this happen exactly? If you want to display ASCII then do not wrap the characters in pre tags. pre or code tags mean output/convert the ASCII characters to code. Just copy and paste the ASCII characters.
silas88ParticipantI am not sure where the problem is originating. Maybe I need to check my php.ini. I don’t see why it’s not happening with all characters. I see now that is only happening with single quotes.
AITpro AdminKeymasterThat sounds like a Magic Quotes problem. Do you have Magic Quotes enabled in your php.ini file?
silas88ParticipantThe generated code example above should have been …
Header set X-Content-Security-Policy "default-src 'self'; img-src 'self' analytics.mydomain.com; \ script-src 'self' analytics.mydomain.com ajax.googleapis.com; font-src 'self' data:" env=ie
silas88ParticipantHa! That didn’t work either! I’ll check my php file now.
AITpro AdminKeymasterI still have no idea what you are talking about so at some point post a step by step of what you are doing and what is occurring. Thanks.
silas88ParticipantOk, in my php.ini I have
magic_quotes_gpc = Off
And anyway I am using php 5.4.0 and according to http://us3.php.net/manual/en/security.magicquotes.phpThis feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.
Sorry my explanation was very poor. In my Custom Code I have certain lines (like the X-Content-Security-Policy one above) that use single quotes. I have not escaped these, I have not used the ASCI code equivalent, simply a single quote. In the BPS generated htaccess code the single quoteis replace by it’s ASCI equivalent. So does that mean that I need to escape all my single quotes? I guess so unless I have misunderstood what magic quotes does (or did). -
AuthorPosts
- You must be logged in to reply to this topic.