403 禁止提交表单

发布于 2024-10-05 13:32:04 字数 5598 浏览 9 评论 0原文

我有一个 url 由于某种未知原因而返回 403 禁止。我已禁用 .htaccess 中的 mod_security,将文件修改为 0777。 URL 为

http ://www.veepiz.com/afrostar.php?app=help&func=addvideo

当您提交表单时会发生任何想法吗?

这是代码

function PublicAddVideo()
    {
    if (isset($_POST['submit_addvideo']))
        {
        require_once("class.phpmailer.php");     
        //send email tobirthday person
        $subject="New AfroStar Video Suggested";
        $msg = "Dear Jordah,\n".
              "Youtube video: ".$_POST['youtubesle']."\n Star Name: ".$_POST['starnamesle']."\n Country: ".$_POST['countrysle']."\n IP Address: ".getRealIpAddr();
        $mail = new PHPMailer();
        $mail->IsSMTP();                                      // set mailer to use SMTP
        $mail->Host = "localhost";  // specify main and backup server
        $mail->SMTPAuth = true;     // turn on SMTP authentication
        $mail->Username = "[email protected]";  // SMTP username
        $mail->Password = "********"; // SMTP password
        $mail->From = "[email protected]";
        $mail->FromName = "Veepiz";
        $mail->AddAddress('[email protected]',"Jordah Ferguson");
        $mail->AddReplyTo("[email protected]", "Veepiz");
        $mail->WordWrap = 50;                                 // set word wrap to 50 characters
        $mail->IsHTML(true);                                  // set email format to HTML
        $mail->Subject = $subject;
        $mail->Body    = nl2br($msg);
        $mail->AltBody = $msg;
        if(!$mail->Send())
            {
            }
        ?>
        <div style='color:green;'>Admins at veepiz.com have been notified of your request and will update afrostar application accordingly.<div align='center' style='padding:10px'>&nbsp;&nbsp;<a  href='afrostar.php' onclick="return getPage('afrostar_class.php',{});" class='btn'>Back to AfroStars</a></div></div>
        <?php             
        } else
        {
        $this->DisplayHeader("Add African Video");    
        ?>
        <script language="javascript">
          var checkHelpVars=function ()
            {
            err='';
            if ($('#starnamesle').val().length==0) err+="Please type in the name of the star";
            if ($('#countrysle').val().length==0) err+="\nName of the country missing";
            if ($('#youtubesle').val().length==0) err+="\nYoutube url missing";
            var url=$('#youtubesle').val();
            var matches = url.match(/^http:\/\/(?:www\.)?youtube.com\/watch\?(?=.*v=[\w-]+)(?:\S+)?$/);
            if (matches) {
                } else {
                err +="\nInvalid Youtube Url";
                }                
            if (err.length>0)
                {
                alert(err);
                return false;    
                }    
            <?php 
            if (isloggedin())
                {
                echo "return postPage('afrostar_class.php?app=help&func=addvideo',{starnamesle:$('#starnamesle').val(),countrysle:$('#countrysle').val(),youtubesle:encodeURI($('#youtubesle').val()),submit_addvideo:1});";    
                } else
                {
                echo "return true;";    
                }                     
            ?>
            }  
        </script>
        <form id='helpform' method="POST" action="http://www.veepiz.com/afrostar.php?app=help&amp;func=addvideo">
        <table cellpadding="2" cellspacing="3">
            <tr>
                <td><b>Africa Artist Name:</b></td>
                <td><input id='starnamesle' type="text" style='' name='starnamesle' style='-webkit-border-radius: 8px;-moz-border-radius: 8px;border-radius: 8px;width:450px'/></td>
            </tr>
            <tr>
                <td><b>Country:</b></td>
                <td><input id='countrysle' type="text" style='' name='countrysle' style='-webkit-border-radius: 8px;-moz-border-radius: 8px;border-radius: 8px;width:450'/></td>
            </tr>                
            <tr>
                <td><b>Youtube link:</b></td>
                <td><input id='youtubesle' type="text" style='' name='countrysle' style='-webkit-border-radius: 8px;-moz-border-radius: 8px;border-radius: 8px;width:450'/><br/>Example:<small style='font-size:8pt;color:#666666'>http://www.youtube.com/watch?v=vJyftjMOd2w</small></td>
            </tr>                
            <tr>
                <td colspan="2" align="center"><input type="submit" class="btn" onclick="return checkHelpVars();" name='submit_addvideo' value="Finish"></td>
            </tr>                
        </table>
        </form>

        <?php    
        $this->DisplayFooter();
        }   
    }

I have a url that returns 403 forbidden for some unknown reason. i have disable mod_security in .htaccess, chmodded file to 0777. The URL is

http://www.veepiz.com/afrostar.php?app=help&func=addvideo

it happens when u submit the form any ideas?

here is the code

function PublicAddVideo()
    {
    if (isset($_POST['submit_addvideo']))
        {
        require_once("class.phpmailer.php");     
        //send email tobirthday person
        $subject="New AfroStar Video Suggested";
        $msg = "Dear Jordah,\n".
              "Youtube video: ".$_POST['youtubesle']."\n Star Name: ".$_POST['starnamesle']."\n Country: ".$_POST['countrysle']."\n IP Address: ".getRealIpAddr();
        $mail = new PHPMailer();
        $mail->IsSMTP();                                      // set mailer to use SMTP
        $mail->Host = "localhost";  // specify main and backup server
        $mail->SMTPAuth = true;     // turn on SMTP authentication
        $mail->Username = "[email protected]";  // SMTP username
        $mail->Password = "********"; // SMTP password
        $mail->From = "[email protected]";
        $mail->FromName = "Veepiz";
        $mail->AddAddress('[email protected]',"Jordah Ferguson");
        $mail->AddReplyTo("[email protected]", "Veepiz");
        $mail->WordWrap = 50;                                 // set word wrap to 50 characters
        $mail->IsHTML(true);                                  // set email format to HTML
        $mail->Subject = $subject;
        $mail->Body    = nl2br($msg);
        $mail->AltBody = $msg;
        if(!$mail->Send())
            {
            }
        ?>
        <div style='color:green;'>Admins at veepiz.com have been notified of your request and will update afrostar application accordingly.<div align='center' style='padding:10px'>  <a  href='afrostar.php' onclick="return getPage('afrostar_class.php',{});" class='btn'>Back to AfroStars</a></div></div>
        <?php             
        } else
        {
        $this->DisplayHeader("Add African Video");    
        ?>
        <script language="javascript">
          var checkHelpVars=function ()
            {
            err='';
            if ($('#starnamesle').val().length==0) err+="Please type in the name of the star";
            if ($('#countrysle').val().length==0) err+="\nName of the country missing";
            if ($('#youtubesle').val().length==0) err+="\nYoutube url missing";
            var url=$('#youtubesle').val();
            var matches = url.match(/^http:\/\/(?:www\.)?youtube.com\/watch\?(?=.*v=[\w-]+)(?:\S+)?$/);
            if (matches) {
                } else {
                err +="\nInvalid Youtube Url";
                }                
            if (err.length>0)
                {
                alert(err);
                return false;    
                }    
            <?php 
            if (isloggedin())
                {
                echo "return postPage('afrostar_class.php?app=help&func=addvideo',{starnamesle:$('#starnamesle').val(),countrysle:$('#countrysle').val(),youtubesle:encodeURI($('#youtubesle').val()),submit_addvideo:1});";    
                } else
                {
                echo "return true;";    
                }                     
            ?>
            }  
        </script>
        <form id='helpform' method="POST" action="http://www.veepiz.com/afrostar.php?app=help&func=addvideo">
        <table cellpadding="2" cellspacing="3">
            <tr>
                <td><b>Africa Artist Name:</b></td>
                <td><input id='starnamesle' type="text" style='' name='starnamesle' style='-webkit-border-radius: 8px;-moz-border-radius: 8px;border-radius: 8px;width:450px'/></td>
            </tr>
            <tr>
                <td><b>Country:</b></td>
                <td><input id='countrysle' type="text" style='' name='countrysle' style='-webkit-border-radius: 8px;-moz-border-radius: 8px;border-radius: 8px;width:450'/></td>
            </tr>                
            <tr>
                <td><b>Youtube link:</b></td>
                <td><input id='youtubesle' type="text" style='' name='countrysle' style='-webkit-border-radius: 8px;-moz-border-radius: 8px;border-radius: 8px;width:450'/><br/>Example:<small style='font-size:8pt;color:#666666'>http://www.youtube.com/watch?v=vJyftjMOd2w</small></td>
            </tr>                
            <tr>
                <td colspan="2" align="center"><input type="submit" class="btn" onclick="return checkHelpVars();" name='submit_addvideo' value="Finish"></td>
            </tr>                
        </table>
        </form>

        <?php    
        $this->DisplayFooter();
        }   
    }

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(7

明月松间行 2024-10-12 13:32:04

检查您的帖子数据,如果其中包含任何网址,则有可能在服务器中被阻止。

您应该替换您提交的网址中的某些字符,然后您需要在发布时转换回其原始形式。

Check your post data, if it contains any url then there are chances to get blocked in server.

you should replace certain characters in the url you are submitting then you need convert back to its original form on post.

青衫负雪 2024-10-12 13:32:04

我的解决方案:

听起来您没有对之前传递的 URL 进行 urlencode 编码
您将其嵌入到要传递到的脚本的 URL 中。

My solution:

it sounds like you are not urlencoding the URL you're passing before
you embed it in the URL of the script you're passing to.

耶耶耶 2024-10-12 13:32:04

我意识到我为 Countrysle 定义了两次名称......所以我将其更改为这个,现在它可以工作[在表单内]

        <tr>
            <td><b>Country:</b></td>
            <td><input id='countrysle' type="text"  name='countrysle' style='-webkit-border-radius: 8px;-moz-border-radius: 8px;border-radius: 8px;width:250px'/></td>
        </tr>                
        <tr>
            <td><b>Youtube link:</b></td>
            <td><input id='youtubesle' type="text" name='youtubesle' style='-webkit-border-radius: 8px;-moz-border-radius: 8px;border-radius: 8px;width:250px'/><br/>Example:<small style='font-size:8pt;color:#666666'>http://www.youtube.com/watch?v=vJyftjMOd2w</small></td>
        </tr> 

i realised i had name defined twice for countrysle.... so i changed it to this and now it works[within form]

        <tr>
            <td><b>Country:</b></td>
            <td><input id='countrysle' type="text"  name='countrysle' style='-webkit-border-radius: 8px;-moz-border-radius: 8px;border-radius: 8px;width:250px'/></td>
        </tr>                
        <tr>
            <td><b>Youtube link:</b></td>
            <td><input id='youtubesle' type="text" name='youtubesle' style='-webkit-border-radius: 8px;-moz-border-radius: 8px;border-radius: 8px;width:250px'/><br/>Example:<small style='font-size:8pt;color:#666666'>http://www.youtube.com/watch?v=vJyftjMOd2w</small></td>
        </tr> 
許願樹丅啲祈禱 2024-10-12 13:32:04

您需要在遇到问题的字段的输入标记中添加 type= "text" 属性。还可以尝试在表单属性中使用 method= "post" 而不是 get,这也可能导致此问题。

You need the type= "text" attribute in your input tag of the field you are having the problem with. Also try and use method= "post" in the form attributes rather than get which can also cause this problem.

野心澎湃 2024-10-12 13:32:04
  1. 制作一个.htaccess文件
  2. 将此行SecFilterEngine Off放入.htaccess文件中
  3. 将此htaccess文件保留在root文件夹中
  1. Make a .htaccess file
  2. Put this line SecFilterEngine Off into .htaccess file
  3. Keep this htaccess file in root folder
一个人的夜不怕黑 2024-10-12 13:32:04

对于其他为此苦苦挣扎的人来说,绝对值得按照其他人的建议检查 $_POST 全局。

就我而言,由于我的无知,我的问题是我正在从我的 JS 发出 fetch() 请求。我print_r我的全局变量,但里面什么也没有。我发现这很奇怪,因为传出请求中的有效负载包含我需要的所有数据,并且还指定它是一个 POST 请求。

我过去曾使用过 AJAX,但在本例中不想使用 jQuery,因为它只是针对这一请求。

对于像我这样的情况并且想要使用 fetch() 对 PHP 脚本执行 POST 请求的人来说,使用 FormData() 接口。

For anyone else struggling with this, it's definitely worth checking the $_POST global as other people have recommended.

In my case, in my ignorance, my issue was that I was making a fetch() request from my JS. I print_r'd my globals and there was nothing in them. I found it rather strange given that the payload in the outgoing request had all of the data that I needed and had also specified that it was a POST request.

I have used AJAX in the past but did not want to use jQuery in this instance as it would simply be for this one request.

For anyone in my situation and wanting to use fetch() to do a POST request to a PHP script, it is vital to use the FormData() interface.

南七夏 2024-10-12 13:32:04

令人难以置信的是,我发现如果我将帖子字符串从“空白表单网页”更改为“空白网页”,即省略技术词“表单”,表单将发布文本,而服务器不会抛出“禁止”消息! !

Incredibly, I found that if I changed the post string from 'blank form webpage' to 'blank webpage', i.e. omitting the technical word 'form', the form would post the text without the server throwing up a 'Forbidden' message!!!

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文