Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Module ForumsModule ForumsForumForumForum posts being cut offForum posts being cut off
Previous
 
Next
New Post
2/2/2009 5:49 PM
 
Joshua Beall

Joined: 6/13/2005
Posts: 151

Hi All,

We've got DNN v4.8.4, with forum module v4.4.3.40705.

We have a user who reports that anytime they put the word "alert" in their post, it cuts off everything after and including the word "alert."

I was able to replicate this numerous times, and I tried moving the word "alert" around.  Everytime, wherever I put "alert", everything after and including the word "alert" is stripped from the post.

I checked the bad word filter, and it's completely empty (no words in the filter list).  I tried disabling it anyway, just to see what would happen--no change in behavior.

Anyone else experiencing this behavior?

Just because I'm curious...

Alert

This appears after "alert".
 
New Post
2/2/2009 5:50 PM
 
Joshua Beall

Joined: 6/13/2005
Posts: 151

So obviously that same behavior is not present on these forums.

What could be peculiar about the DNN installation in question that would cause this behavior?
 
New Post
2/3/2009 2:49 AM
 
Tom Wellige


Joined: 3/5/2007
Posts: 89

I do have the exact same problem in my forum (DNN 4.8.3, Forum 4.4.3).

Interersting it doesn't seem to be a problem here. So I hope it is already fixed and the fix will be part of the next release.

 

Regards, Tom.
 
New Post
2/3/2009 2:52 AM
 
David Toohey


Joined: 1/30/2007
Posts: 690

I am surprised you could get the A word in here!

I've had it cut off in these forums myself... and lost long posts I spent preparing as a result.

Not only here, but also seen it get cut off in other websites using the DNN forums.

I am wondering if " made a difference.

With - "alert"

Without - alert

Caps - "Alert"

Caps - Alert
 
New Post
2/5/2009 3:05 PM
 
Joshua Beall

Joined: 6/13/2005
Posts: 151

Here's what I found: on line 1172 of Forum_PostEdit.ascx.vb, we have this:

_Body = objSecurity.InputFilter(_Body, PortalSecurity.FilterFlag.NoScripting)

Before calling this method, _Body has the complete post.  After calling this method and reassigning the value of _Body, _Body has everything after and including "Alert" removed.  So, something in the objSecurity.InputFilter method is causing the issue.  I used Reflector to dig down through the DotNetNuke.dll assembly, and I think the culprit is this method of DotNetNuke.Security.PortalSecurity:

 

private string FilterStrings(string strInput)
{
    string input = strInput;
    List<string> list = new List<string>();
    list.Add("<script[^>]*>.*?</script[^><]*>");
    list.Add("<input[^>]*>.*?</input[^><]*>");
    list.Add("<object[^>]*>.*?</object[^><]*>");
    list.Add("<embed[^>]*>.*?</embed[^><]*>");
    list.Add("<applet[^>]*>.*?</applet[^><]*>");
    list.Add("<form[^>]*>.*?</form[^><]*>");
    list.Add("<option[^>]*>.*?</option[^><]*>");
    list.Add("<select[^>]*>.*?</select[^><]*>");
    list.Add("<iframe[^>]*>.*?</iframe[^><]*>");
    list.Add("<ilayer[^>]*>.*?</ilayer[^><]*>");
    list.Add("<form[^>]*>");
    list.Add("</form[^><]*>");
    list.Add(" ");
    list.Add(" ");
    list.Add("alert.*\\(?'?\"?'?\"?\\)?");
    RegexOptions options = RegexOptions.Singleline | RegexOptions.IgnoreCase;
    string replacement = " ";
    foreach (string str4 in list)
    {
        input = Regex.Replace(input, str4, replacement, options);
    }
    if (input.Contains("&gt;") & input.Contains("&lt;"))
    {
        foreach (string str5 in list)
        {
            input = Regex.Replace(input, HttpContext.Current.Server.HtmlEncode(str5), replacement, options);
        }
    }
    return input;
}

 

 

I believe it's there that we have a regex triggering a false positive on the word "alert."

Any word on when this will be fixed?

  -Josh
 
 Page 1 of 2
12Next 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Module ForumsModule ForumsForumForumForum posts being cut offForum posts being cut off


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out