You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We're having an issue opening transitions for pages that have > character in the page title. Piwik is identifying this as a potential sql injection attack, but it is actually a valid character. Would it be possible to remove this character from the set of characters checked for SQL injection?
<b>Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden. This web site does not allow Urls which might include embedded HTML tags.</b>
Please let me know of possible workarounds @tsteur@mattab
The text was updated successfully, but these errors were encountered:
Are you sure that is caused by Piwik? Imho that sound more like a server tool trying to protect from XSS - like SiteMinder. Are you able to open other urls having < or > somewhere in the querystring?
I believe your suggestion @sgiehl might be just right, that this is some server side tool interfering with Piwik.. On clean install it doesn't happen.. sorry for bothering..
fyi updated the mod_security FAQ to also mention CA SiteMinder tool (which triggered this particular error) + added the error message in FAQ for easily find it in the future: https://piwik.org/faq/troubleshooting/faq_100/
We're having an issue opening transitions for pages that have > character in the page title. Piwik is identifying this as a potential sql injection attack, but it is actually a valid character. Would it be possible to remove this character from the set of characters checked for SQL injection?
Request:
date=2016-04-18&actionType=title&actionName=Reports+%3E+My+Tasks+%3E+reports&expanded=1&format=JSON&module=API&method=Transitions.getTransitionsForAction&idSite=3&period=day
Response from piwik:
Please let me know of possible workarounds @tsteur @mattab
The text was updated successfully, but these errors were encountered: