Substr in [code] section bug out? [possibly my own browser]

  • Thread starter Thread starter jbriggs444
  • Start date Start date
AI Thread Summary
The discussion centers around a bug related to the use of the `substr()` function in a forum's code section, causing errors when users attempt to preview or post. Users reported encountering a "403 Forbidden" error from Cloudflare, which blocks access due to certain strings being flagged as potential security threats. Adjustments to Cloudflare rules were made, leading to temporary resolutions, but issues persisted with specific combinations of characters. The consensus suggests that a more permanent fix would involve changing the content type from `multipart/form-data` to `application/json` to prevent ongoing conflicts with the security filters. Overall, the thread highlights the technical challenges faced by users when interacting with the forum's posting features.
jbriggs444
Science Advisor
Homework Helper
2024 Award
Messages
13,307
Reaction score
7,983
Code: 
s u b s t r($a,0,1)
I was attempting to preview before posting.
1656590482182.png
 
  • Like
Likes Wrichik Basu
Physics news on Phys.org
Can confirm. Putting the s back into the below causes the "Oops" dialog when I attempt to preview - Firefox on Android.
Code: 
subtr($a,0,1)
 
  • Like
Likes jbriggs444
Code: 
substr($a,0,1)

works ok for me
 
Greg Bernhardt said:
Code: 
subtr($a,0,1)

works ok for me
When I attempt to preview this I get:
1656598559969.png

If I attempt to post without preview, I get the same until removing the s.
Same if attempting to Save after edit.
 
Same problem here. Firefox on Ubuntu.

It's actually the string substr() that creates the bug. With or without characters within the brackets; within BBcode or not.

(I actually inserted a non-printable character between the s and the u to be able to publish this post)
 
  • Like
Likes Wrichik Basu
It looks like I can preview a post containing the forbidden word once (in CODE tags or not), then get the error on anything I try to post (containing the string or not) on a subsequent try. Refreshing the page resets it. Did you try previewing more than once, @Greg Bernhardt?

I'll try on my laptop this evening and see if the browser console says anything - don't think I've got a console in 'Droid Firefox.
 
I checked the console and it is a Cloudflare problem:

Code: 
XHR POST https://www.physicsforums.com/threads/substr-in-code-section-bug-out-possibly-my-own-browser.1016515/reply-preview
[HTTP/2 403 Forbidden 45ms]

Followed by an HTML page (yes, in the console) that reads (error set at core-compiled.js:3:1515):

Please enable cookies.
Sorry, you have been blocked
You are unable to access physicsforums.com
Why have I been blocked?

This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
What can I do to resolve this?

You can email the site owner to let them know you were blocked. Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Cloudflare Ray ID: 723865b31e5d713f • Your IP:

[my IP adress redacted] • Performance & security by Cloudflare

I was unable to paste the actual HTML code as I was getting another console error:

Uncaught ReferenceError: MathJax is not defined
parsePreview https://www.physicsforums.com/threa...possibly-my-own-browser.1016515/#post-6647241 line 1 > injectedScript:11
<anonymous> https://www.physicsforums.com/threa...possibly-my-own-browser.1016515/#post-6647241 line 2 > injectedScript:2
jQuery 2
h https://www.physicsforums.com/js/xf/core-compiled.js?_v=11663546:4
setupHtmlInsert https://www.physicsforums.com/js/xf/core-compiled.js?_v=11663546:4
c https://www.physicsforums.com/js/xf/core-compiled.js?_v=11663546:5
setupHtmlInsert https://www.physicsforums.com/js/xf/core-compiled.js?_v=11663546:4
g https://www.physicsforums.com/js/xf/editor-compiled.js?_v=11663546:52
m https://www.physicsforums.com/js/xf/core-compiled.js?_v=11663546:2
jQuery 4
substr-in-code-section-bug-out-possibly-my-own-browser.1016515:11:3
 
  • Like
  • Informative
Likes mfb, Greg Bernhardt and Wrichik Basu
I've made an adjustment to a CF rule. Can someone try again?
 
  • Like
Likes Ibix
Code: 
substr
Working for me! Thanks Greg.
 
  • Love
Likes Greg Bernhardt
  • #10
Fails when toggling bbcode.

/index.php?editor/to-bb-code:1 Failed to load resource: the server responded with a status of 403 ()

And apologies for ruining your day.
 
  • #11
jbriggs444 said:
And apologies for ruining your day.
no way, this is all good to know and fix!

ok I added another rule, try again
 
  • #12
I want a substr of a string

Edit: worked after a cache flush (shift-refresh) but not before.
 
  • #14
@Greg Bernhardt same issue here with some combinations of "c h a r ( )".

As above the proper fix is for Zenforo to change from Content-type: multipart/form-data to application/json, otherwise you will be patching CDN filter exceptions for ever (or can you just remove the filter altogether: I can't imagine Zenforo is vulnerable to script injection in 2022)?
 

Similar threads

Unable to display LaTeX
Replies
7
Views
101
Bug Long quotes are not visible completely in the post preview
Replies
3
Views
2K
BB code=rich --- weird behaviour
Replies
4
Views
2K
Bug Solving ITex Trouble with Google Chrome Preview Post
Replies
3
Views
2K
Extra homework templates after using preview post
Replies
3
Views
3K
LaTeX Preview LaTeX: Tips to Check Code Before Posting
Replies
3
Views
2K
Wrapfig leaves text permanently curtailed thereafter
Replies
6
Views
764
Flowrate through an elliptical cross section of an oblique liquid jet
Replies
11
Views
990
Behavior of the browser's Back button.
Replies
3
Views
3K
How can negative integers be used in deriving the Hamiltonian for open strings?
Replies
12
Views
2K

Hot Threads

Recent Insights

Back
Top