On Aug 15, 2009, at 17:44, Vineet Bansal wrote:
I have a fresh php 5.2.6 install on Apache 2 under CentOS 5.3.
After receiving complaints from some users that they were unable to
submit their abstracts on our proposal submission website, I was
able to isolate the problem to this minimal and extremely simple
example:
<html>
<head>
</head>
<body>
<form name="submitform" action="phantomurl.php" method="post">
<textarea name="mytextarea"></textarea>
<input type="submit" value="Submit"/>
</form>
</body>
</html>
The phantomurl.php doesn't exist because its irrelevant to the
example. The above code works fine and leads to a 404 error when
anything is entered in the textbox, except when you enter "system("
or "system (". In this case, the browser simply chugs along and
eventually times out on the request (no matter how high the timeout
is set in php.ini). I have confirmed this problem with another
server with php 5.1.6 which Centos 5.3 officially supports. If I
change phantomurl.php to phantomurl.txt, then again it works
(although after a bit of delay) and shows me a 404 again.
Can someone confirm if they're having the same issue? I'm not sure
if apache or php is the culprit here, maybe trying to parse the
input for security reasons? I initially thought SELinux was causing
the issue, but disabling it doesn't solve it either.
I cannot reproduce the issue on my system. I have tested with PHP
5.3.0 running on Mac OS X 10.4.11 on Intel, both as a module in
Apache 2.2.11 and as a FastCGI binary in lighttpd 1.4.22.
Do you have a script in your auto_prepend_file ini directive, or a
global script in your project, which might be processing your $_POST
array in some way and causing this problem?
Do you have any PHP extensions that are loaded that might be doing
this? Try disabling them.
[Index of Archives]
[PHP Users]
[PHP Home]
[PHP on Windows]
[Kernel Newbies]
[PHP Classes]
[Postgresql]
[PHP Books]
[PHP Databases]
[PHP SOAP]
