Announcement

Collapse
No announcement yet.

Thread and Post Title change

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Thread and Post Title change

    Maintaining a Forum like ours requires vigilance. Not just keeping an eye on things, but being aware of what could happen; of possible threats.

    We have been protected by ZB Block for just over four years now, and it does an outstanding job of preventing spam and spammers from getting in. But running it also presented an issue a while ago, due to content the of Thread/Post Titles. Basically, there are times when ZB Block 'sees' the content of certain Thread Titles and/or the action being performed on these threads (a search query, either external or internal; Moderator/Administrator actions on multiple posts/threads) as a possible SQL Injection attack and prevents the action. The normal fix was to temporarily disable ZB Block and perform the required action. Not a deal breaker, but still a minor PITA.

    So, to address this, I had a vBulletin Plugin written for us and installed today. It does nothing more than restrict Titles in Threads or Posts to alphanumeric characters, i.e., a through z (upper and lower case) and 0 through 9. This simple modification should almost completely eliminate this problem. Use of non-alphanumeric characters in the body of posts is unaffected.

    Am I being over protective? It could be said I am. But, I have had to deal with this issue here more than once, so it was a problem looking for a solution.

    Added 01-01-2017:

    Well, best of intentions you know. I've temporarily disabled this modification. I discovered, and reported to the author of the MOD, that it was being triggered in our Help the New Guy forum due to requiring Thread Prefixes, a feature of vBulletin that I had enabled for that forum (which I also have temporarily disabled).
    Last edited by Snowhog; Jan 02, 2017, 05:26 PM.
    Using Kubuntu Linux since March 23, 2007
    "It is a capital mistake to theorize before one has data." - Sherlock Holmes

    #2
    Update 01-02-2017:
    Issue resolved. The problem had nothing to do with the MOD and everything to do with the operator using it (moi). From the MOD:


    Allowed Characters
    Enter the allowed characters including the square bracket delimiters. An understanding of regex is required.

    PCRE regex syntax
    "An understanding of regex is required." Doh! Actually, it's mandatory.

    I had added the following characters to the list: , - / but didn't escape them. That's been remedied, and added ' to the list as well.

    So, the list of approved characters for use in Thread/Post Titles now consists of:

    a-z (lower case alphabet)
    A-Z (upper case alphabet)
    0-9 (numbers)
    , (comma)
    ' (apostrophe)
    - (hyphen)
    / (forward slash)
    Using Kubuntu Linux since March 23, 2007
    "It is a capital mistake to theorize before one has data." - Sherlock Holmes

    Comment


      #3
      Updated 01-09-2017:
      Have included ? to the list of allowable characters.
      Using Kubuntu Linux since March 23, 2007
      "It is a capital mistake to theorize before one has data." - Sherlock Holmes

      Comment

      Working...
      X