问题
I have a url that returns 403 forbidden for some unknown reason. i have disable mod_security in .htaccess, chmodded file to 0777. The URL is
http://www.veepiz.com/afrostar.php?app=help&func=addvideo
it happens when u submit the form any ideas?
here is the code
function PublicAddVideo()
{
if (isset($_POST['submit_addvideo']))
{
require_once("class.phpmailer.php");
//send email tobirthday person
$subject="New AfroStar Video Suggested";
$msg = "Dear Jordah,\n".
"Youtube video: ".$_POST['youtubesle']."\n Star Name: ".$_POST['starnamesle']."\n Country: ".$_POST['countrysle']."\n IP Address: ".getRealIpAddr();
$mail = new PHPMailer();
$mail->IsSMTP(); // set mailer to use SMTP
$mail->Host = "localhost"; // specify main and backup server
$mail->SMTPAuth = true; // turn on SMTP authentication
$mail->Username = "support@veepiz.com"; // SMTP username
$mail->Password = "********"; // SMTP password
$mail->From = "support@veepiz.com";
$mail->FromName = "Veepiz";
$mail->AddAddress('jordahz@hotmail.com',"Jordah Ferguson");
$mail->AddReplyTo("support@veepiz.com", "Veepiz");
$mail->WordWrap = 50; // set word wrap to 50 characters
$mail->IsHTML(true); // set email format to HTML
$mail->Subject = $subject;
$mail->Body = nl2br($msg);
$mail->AltBody = $msg;
if(!$mail->Send())
{
}
?>
<div style='color:green;'>Admins at veepiz.com have been notified of your request and will update afrostar application accordingly.<div align='center' style='padding:10px'> <a href='afrostar.php' onclick="return getPage('afrostar_class.php',{});" class='btn'>Back to AfroStars</a></div></div>
<?php
} else
{
$this->DisplayHeader("Add African Video");
?>
<script language="javascript">
var checkHelpVars=function ()
{
err='';
if ($('#starnamesle').val().length==0) err+="Please type in the name of the star";
if ($('#countrysle').val().length==0) err+="\nName of the country missing";
if ($('#youtubesle').val().length==0) err+="\nYoutube url missing";
var url=$('#youtubesle').val();
var matches = url.match(/^http:\/\/(?:www\.)?youtube.com\/watch\?(?=.*v=[\w-]+)(?:\S+)?$/);
if (matches) {
} else {
err +="\nInvalid Youtube Url";
}
if (err.length>0)
{
alert(err);
return false;
}
<?php
if (isloggedin())
{
echo "return postPage('afrostar_class.php?app=help&func=addvideo',{starnamesle:$('#starnamesle').val(),countrysle:$('#countrysle').val(),youtubesle:encodeURI($('#youtubesle').val()),submit_addvideo:1});";
} else
{
echo "return true;";
}
?>
}
</script>
<form id='helpform' method="POST" action="http://www.veepiz.com/afrostar.php?app=help&func=addvideo">
<table cellpadding="2" cellspacing="3">
<tr>
<td><b>Africa Artist Name:</b></td>
<td><input id='starnamesle' type="text" style='' name='starnamesle' style='-webkit-border-radius: 8px;-moz-border-radius: 8px;border-radius: 8px;width:450px'/></td>
</tr>
<tr>
<td><b>Country:</b></td>
<td><input id='countrysle' type="text" style='' name='countrysle' style='-webkit-border-radius: 8px;-moz-border-radius: 8px;border-radius: 8px;width:450'/></td>
</tr>
<tr>
<td><b>Youtube link:</b></td>
<td><input id='youtubesle' type="text" style='' name='countrysle' style='-webkit-border-radius: 8px;-moz-border-radius: 8px;border-radius: 8px;width:450'/><br/>Example:<small style='font-size:8pt;color:#666666'>http://www.youtube.com/watch?v=vJyftjMOd2w</small></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" class="btn" onclick="return checkHelpVars();" name='submit_addvideo' value="Finish"></td>
</tr>
</table>
</form>
<?php
$this->DisplayFooter();
}
}
回答1:
Check your post data, if it contains any url then there are chances to get blocked in server.
you should replace certain characters in the url you are submitting then you need convert back to its original form on post.
回答2:
My solution:
it sounds like you are not urlencoding the URL you're passing before you embed it in the URL of the script you're passing to.
回答3:
And here some guy says to change the permissions to 644
http://www.daniweb.com/forums/thread21777.html
回答4:
i realised i had name defined twice for countrysle.... so i changed it to this and now it works[within form]
<tr>
<td><b>Country:</b></td>
<td><input id='countrysle' type="text" name='countrysle' style='-webkit-border-radius: 8px;-moz-border-radius: 8px;border-radius: 8px;width:250px'/></td>
</tr>
<tr>
<td><b>Youtube link:</b></td>
<td><input id='youtubesle' type="text" name='youtubesle' style='-webkit-border-radius: 8px;-moz-border-radius: 8px;border-radius: 8px;width:250px'/><br/>Example:<small style='font-size:8pt;color:#666666'>http://www.youtube.com/watch?v=vJyftjMOd2w</small></td>
</tr>
回答5:
You need the type= "text" attribute in your input tag of the field you are having the problem with. Also try and use method= "post" in the form attributes rather than get which can also cause this problem.
回答6:
http://www.linuxforums.org/forum/servers/34130-you-dont-have-permission-access-server-solved.html
Read the last comment from that link:
"Just Googled my problem and found this thread. Most of it was over my head, but I created a new folder, put my "forbidden" file there, and it fixed the problem. Thanks!"
WTF!
回答7:
Incredibly, I found that if I changed the post string from 'blank form webpage' to 'blank webpage', i.e. omitting the technical word 'form', the form would post the text without the server throwing up a 'Forbidden' message!!!
来源:https://stackoverflow.com/questions/4341548/403-forbidden-on-form-submission