Skip to:
Content
Pages
Categories
Search
Top
Bottom

How to allow SQL sample code in posts?


  • Hansaplastique
    Participant

    @hansaplastique

    I have a section in my bbPress Forums (bbPress 2.3.2 + WordPress 3.5.2) related to SQL.
    So … users will post SQL example code, but it appears bbPress is simply rejecting the entire post, without even a warning.

    Is this a “standard” filtering by bbPress (to avoid injections)?
    Is there a way around this limitation?
    Does it involve only a few keywords/characters?

    (Yes; I did try Google and searching this forum)

    Any help or insight would be very much appreciated 🙂

Viewing 7 replies - 1 through 7 (of 7 total)

  • Hansaplastique
    Participant

    @hansaplastique

    Well after playing with this issue for several hours I have narrowed the problem down to this;

    If I try to post the following trivial example code example:

    update project_management set prj_first_activated = CURRENT_DATE;

    the post will not be posted (I guess trying that here will help get insight – if it behaves the same, then I know that there is a good chance that it’s BBPress related).

    If I leave the “=” out of the code however, it posts just fine.


    Hansaplastique
    Participant

    @hansaplastique

    Since that worked just fine here, I’ll have to blame my own editor 🙂
    (I’m using a rich editor, not TinyMCE)

    If I send “rich” content to BBPress (ie. HTML), what would the proper formatting be for code?


    Hansaplastique
    Participant

    @hansaplastique

    One step further: if I try to submit this code in my test environment (local network), it works just fine.

    Does anyone have an idea how to debug/approach this issue?


    Hansaplastique
    Participant

    @hansaplastique

    FYI: I have looked at Debugging in WordPRess.

    I did install the “debug bar” but the amount of queries and info after a post is not telling me why it did not post.

    Are there other factors that can make it that such a post will not be posted?
    (ie. mod_secure on the webserver, etc – any logs I can snoop through, etc)


    Hansaplastique
    Participant

    @hansaplastique

    Alright found the cause of this issue: mod_secure is catching it 🙁

    Any way to make this work without compromising security?
    (ie. the bbpress.org server seems to be fine with posting this)


    Hansaplastique
    Participant

    @hansaplastique

    Since bbPress sanitizes a post, is it save to disable the mod_security rule (for forum pages only) concerning the SQL injection rules?

    (what do you do on this forum?)


    Hansaplastique
    Participant

    @hansaplastique

    This “topic” was also discussed in an older (2 years old) Post.
    But no clarification how “safe” it is to remove the mod_security rule for particular bbPress links (which ones, anyone?).

Viewing 7 replies - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.
Skip to toolbar