Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

">" char in Page Titles causes Transitions to fail #10080

Closed
mgonera opened this issue Apr 20, 2016 · 3 comments
Closed

">" char in Page Titles causes Transitions to fail #10080

mgonera opened this issue Apr 20, 2016 · 3 comments
Labels
worksforme The issue cannot be reproduced and things work as intended.

Comments

@mgonera
Copy link

mgonera commented Apr 20, 2016

We're having an issue opening transitions for pages that have > character in the page title. Piwik is identifying this as a potential sql injection attack, but it is actually a valid character. Would it be possible to remove this character from the set of characters checked for SQL injection?

Request:

date=2016-04-18&actionType=title&actionName=Reports+%3E+My+Tasks+%3E+reports&expanded=1&format=JSON&module=API&method=Transitions.getTransitionsForAction&idSite=3&period=day

Response from piwik:

<b>Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden.  This web site does not allow Urls which might include embedded HTML tags.</b>

Please let me know of possible workarounds @tsteur @mattab

@sgiehl
Copy link
Member

sgiehl commented Apr 20, 2016

Are you sure that is caused by Piwik? Imho that sound more like a server tool trying to protect from XSS - like SiteMinder. Are you able to open other urls having < or > somewhere in the querystring?

@mgonera
Copy link
Author

mgonera commented Apr 20, 2016

I believe your suggestion @sgiehl might be just right, that this is some server side tool interfering with Piwik.. On clean install it doesn't happen.. sorry for bothering..

@mgonera mgonera closed this as completed Apr 20, 2016
@tsteur tsteur added the worksforme The issue cannot be reproduced and things work as intended. label Apr 20, 2016
@mattab
Copy link
Member

mattab commented Apr 21, 2016

fyi updated the mod_security FAQ to also mention CA SiteMinder tool (which triggered this particular error) + added the error message in FAQ for easily find it in the future: https://piwik.org/faq/troubleshooting/faq_100/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
worksforme The issue cannot be reproduced and things work as intended.
Projects
None yet
Development

No branches or pull requests

4 participants