在测试我的 html5、js、php 项目表单时,我发现如果我在文本输入字段或文本区域字段中输入 .htaccess,则会在提交表单时导致 403 禁止页面。
我知道 .htaccess 文件是一个文本文件,但我确实对其进行了安全保护,拒绝公开所有内容。 我还注意到 403 发生在 js 可以过滤内容之前或 php 可以回显表单的 $_POST 值之前。 提交表单后直接进入403。
这是安全问题还是预期行为。
要重复该问题,我必须输入点 htaccess example .htaccess,只需像普通文本一样输入 htaccess 进程一词。
我尝试了其他网页,看看是否有相同的行为,并且测试结果大多是否定的。 我期望通过 js 或 php 过滤器从文本中删除任何类型的代码。
任何人都可以解释为什么会发生这种情况。谢谢你
这实际上是一个错误报告表哈哈
html/php
<form id="bugform" method="POST" action="process_data/ddws_process_newbug.php">
<fieldset>
<label for="firstname">First Name (preloaded read only)</label>
<div class="inline">
<input type="text" name="firstname" id="firstname" autocomplete="off" value="<?= htmlspecialchars($_SESSION['firstname'] ?? 'data not available', ENT_QUOTES, 'UTF-8');?>" required readonly>
<span class="today">Reporting Date/Time: <?= date("Y-m-d H:i:s"); ?></span>
</div>
<br>
<label for="username">Username (preloaded read only)</label>
<div class="inline">
<input type="text" autocomplete="off" name="username" id="username" value="<?= htmlspecialchars($_SESSION['username'] ?? 'data not available', ENT_QUOTES, 'UTF-8');?>" required readonly>
<span class="bugcat"> * Bug Catagory: </span>
<select name="bug_category" id="bug_category">
<option value="0" selected disabled>Select Bug Type</option>
<option value="1">CSS Bug</option>
<option value="2">Database Bug</option>
<option value="3">HTML Bug</option>
<option value="4">JS Bug</option>
<option value="5">Other Bug</option>
<option value="6">PHP Fatal Error</option>
<option value="7">PHP Other Bug</option>
<option value="8">PHP Warning Bug</option>
<option value="9">Server 500 Error Bug</option>
<option value="10">Server Config Bug</option>
<option value="11">Visual Bug</option>
</select>
</div>
<br>
<label for="email">Your Email Address (preloaded read only)</label>
<div class="inline">
<input type="email" name="email" id="email" value="<?= htmlspecialchars($_SESSION['email'] ?? 'data not available', ENT_QUOTES, 'UTF-8');?>" required readonly>
<span class="bug_prior"> * Bug Priority: </span>
<select name="bug_priority" id="bug_priority" autocomplete="off">
<option value="0" selected disabled>Select A Priority</option>
<option value="1">Critical</option>
<option value="2">High</option>
<option value="3">Normal</option>
<option value="4">Low</option>
<option value="5">To Do List</option>
</select>
<br>
<span class="priority_note item_importance">We reserve the right to change prioity on a per case basis.</span>
</div>
<br>
</fieldset>
<fieldset>
<label for="bug_title"> * Bug Title: (min 10 - max 60 chars)</label>
<div class="inline">
<input type="text" autocomplete="off" name="bug_title" id="bug_title" minlength="10" maxlength="60" placeholder="Enter A Short Bug Title" value="" required>
<span class="bug_image">Bug Image:</span> <!-- would not move using + label so we had to use span -->
<input type="url" name="bug_image" id="bug_image" onChange="return form_validate('bugform','bug_image','bug_image',this.value);"> <i class="fa-solid fa-circle-info" title=".png or .jpg images only"></i>
<br>
<br>
</div>
<label for="bug_desc">* About Bug: (min 20 - Max 4000 chars) <i class="fa-solid fa-circle-info" title="Drag Bottom Corner To Expand (NO HTML or OTHER CODE - it will be removed)"></i></label>
<div class="inline">
<textarea name="bug_desc" id="bug_desc" minlength="20" maxlength="4000" autocomplete="off" placeholder="Tell Us What Happened And How To Reproduce Bug" onKeydown="return noEditor_charsLeft('bug_desc')" onBlur="this.value = text_clean(this.value);" required></textarea>
</div>
<div id="bug_desc_counter"></div>
<br>
<label for="bug_content">* Error Message(s) (min 20 - Max 5000 chars) <i class="fa-solid fa-circle-info" title="Drag Bottom Corner To Expand (NO HTML or OTHER CODE - it will be removed)"></i> </label>
<br>
<span class="item_importance"> Important - Remove server username and other security data from error messages before posting.</span>
<div class="inline">
<textarea name="bug_content" id="bug_content" minlength="20" maxlength="5000" autocomplete="off" placeholder="Paste Your Error Code" onKeydown="return noEditor_charsLeft('bug_content')" onBlur="this.value = text_clean(this.value);" required></textarea>
</div>
<div id="bug_content_counter"></div>
<br>
</fieldset>
<fieldset>
<label for="weburl">https://Your Website (preloaded read only)</label>
<div class="inline">
<input type="url" name="weburl" id="weburl" value="https://<?= htmlspecialchars($_SESSION['user_weburl'] ?? 'data not available', ENT_QUOTES, 'UTF-8');?>" required readonly>
</div>
<br>
<label for="bug_weburl">* https://Bug Website (site bug is on)</label>
<div class="inline">
<input type="url" name="bugurl" id="bugurl" value="" minlength="8" maxlength="60" placeholder="Domain where bug was found" required>
</div>
<br>
<div class="inline">
<span class="bug_soft"> * Software Name: </span>
<br>
<select name="softname" id="softname">
<option value="0" selected disabled>Select Software Name</option>
<?php
foreach($software_titles as $tkey => $tval)
{
echo "<option value='".$tkey."'>".$tval."</option>";
}//close foreach
?>
</select>
<i class="fa-solid fa-circle-info" title="Which software title has the bug you are reporting"></i>
</div>
<br>
</fieldset>
<fieldset>
<div id="lineup">
<label for="bug_agree"> <span class="heavy">By submitting this form, checking this box, and using this website, you fully acknowledge and accept this websites <a href="bt_terms_and_policies.php">Terms and Policies</a></span></label>
<br>
<span>*</span>
<input name="bug_agree" id="bug_agree" type="checkbox" value="1" onChange="confirm_checkboxChecked('bug_agree', 'bugsubmit')"; required unchecked>
<span class="item_importance"> <i class="fa-solid fa-circle-left"></i> Checking Box Also Enables Button </span>
</div>
<br>
<p>* = Required Fields</p>
<p><i class="fa-solid fa-circle-info" title="Important information - hover icon to view"></i> Important imformation - hover to view.</p>
<p>For security and site operations purposes your IP and other information may be recorded.</p>
<input type="hidden" name="hpot" id="hpot" value="">
<input type="hidden" name="token" id="token_register" value="<?= $_SESSION['piece']; ?>">
<input type="hidden" name="userid" id="userid" value="<?= (int) $uid; ?>">
</fieldset>
<fieldset>
<?php
echo '<br>';
echo '<div class="g-recaptcha" data-sitekey="'.RECAPTCHA.'" data-theme="'.GTHEME.'"></div> <br>';
?>
</fieldset>
<br>
<input type="reset" id="reset_button" onClick="return confirm('Are you sure you want to clear this form');" value="Reset Form">
<input type="submit" id="bugsubmit" name="bugsubmit" value="Add Bug" disabled>
</form>
js
function form_validate(doc,id,name,value)
{
/* be careful with making it lower case */
/* it can effect passwords and usernames */
/* be sure you compare and send back the right value */
var checkvalue = value.toLowerCase();
var field = document.getElementById(id);
if(name == "bug_image")
{
var n = "bug image"; //friendly display name
if(checkvalue.search(".jpg") < 0 && checkvalue.search(".png") < 0 )
{
//fail
//they did not link to a jpg or png file url
alert("only .jpg and .png files can be linked - Invalid
data in "+n+" field!");
field.value='';
field.focus();
return false;
}
}//close if name bug image
if(checkvalue.indexOf("SELECT") > -1)
{
if(name == 'upw' || name == 'userpass')
{
name = "password";
}
if(name == 'confuserpass')
{
name = "confirm password";
}
if(name == 'weburl')
{
name = "Website URL";
}
alert("Invalid data in "+name+" field!");
field.value='';
field.focus();
return false;
}
if(checkvalue.indexOf("select") > -1)
{
if(name == 'upw' || name == 'userpass')
{
name = "password";
}
if(name == 'confuserpass')
{
name = "confirm password";
}
if(name == 'weburl')
{
name = "Website URL";
}
alert("Invalid data in "+name+" field!");
field.value='';
field.focus();
return false;
}
if(checkvalue.indexOf("<script>") > -1)
{
if(name == 'upw' || name == 'userpass')
{
name = "password";
}
if(name == 'confuserpass')
{
name = "confirm password";
}
if(name == 'weburl')
{
name = "Website URL";
}
alert("Invalid data in "+name+" field!");
field.value='';
field.focus();
return false;
}
if(checkvalue.indexOf("html") > -1)
{
if(name == 'upw' || name == 'userpass')
{
name = "password";
}
if(name == 'confuserpass')
{
name = "confirm password";
}
if(name == 'weburl')
{
name = "Website URL";
}
alert("Invalid data in "+name+" field!");
field.value='';
field.focus();
return false;
}
if(doc == 'email_form')
{
document.getElementById('email_nomatch').textContent = '';
}
/* if no errors then return true */
/* if you ever need to return a value */
/* do not return checkvalue it is in lowercase */
/* return the original value if it passes */
return true;
}//close form_validate
/*
=====================================
text clean - ALSO REMOVES SCRIPT TAG
=====================================
*/
/* remove tags from message content */
/* first remove common stuff */
/* then clean up the leftovers */
/* THIS REMOVES SCRIPT TAG */
function text_clean(value)
{
var newvalue = value.replace(/href|=|"|'|<img|src=|<ul>|<li>|
<p>|<strong>|<script>|script|<u>|<b>|
<i>|Module|mod_version|htaccess|allow
|deny|files|ifversion|ifmodule|<h|<|>/gi,'');
var cleantxt = newvalue.replace(/\/a|\/p|\/strong/gi,'');
return cleantxt;
}//close text_clean
最有可能的 mod 安全规则,这很棒。有人告诉我并保证模组安全性已关闭,这就是为什么我没有考虑这一点。但它实际上是针对这个域的。