Nabble Support

Error 500 on reply

classic Classic list List threaded Threaded
7 messages Options
LordOfBikes
Reply | Threaded
Open this post in threaded view
|

Error 500 on reply

LordOfBikes
Hi,

we got a message from a forum user, that he can't reply to a post in our forum.
It's not the first post of the user and my test as administrator resulted in an error 500 too.

The post in question is https://forum.librecad.org/Little-house-tutorial-this-is-the-old-one-just-moved-here-td5708464.html

Reading though the error messages, my assumption is, that it is caused by an apostrophe in the link text for the ZIP file link. Because the error message says that the error is near the text following the apostrophe.

Is there anything we can do?
Or is there possibly something wrong with database query escaping?

Greetings

Armin
Israel <Nabble>
Reply | Threaded
Open this post in threaded view
|

Re: Error 500 on reply

Israel <Nabble>
Administrator
Can you please ask him to take a print from the screen so that we can check the error?
LordOfBikes
Reply | Threaded
Open this post in threaded view
|

Re: Error 500 on reply

LordOfBikes
Sorry for my late reply, I just realized, that I'm not automatically subscribed to my threads.

To reproduce the error simply go to the above link in the LibreCAD forum.
Click Reply, enter some text and click Post Message.

This should create following output:

Israel <Nabble>
Reply | Threaded
Open this post in threaded view
|

Re: Error 500 on reply

Israel <Nabble>
Administrator
https://www.postgresql-archive.org does not exist anymore most likely it's causing the error.
LordOfBikes
Reply | Threaded
Open this post in threaded view
|

Re: Error 500 on reply

LordOfBikes
Israel <Nabble> wrote
https://www.postgresql-archive.org does not exist anymore most likely it's causing the error.
How is this related? Where do you see www.postgresql-archive.org? 

NAML exception in customized site: org.postgresql.util.PSQLException: ERROR: syntax error at or near "s_draw_a_little_house_project"
  Position: 76

For me that looks like a typical SQL issue with not escaped queries. At position 76 is an apostrophe from the file link.
My impression is, that the ' in NAML database access function cause this error.
This could probably be a serious security issue too.

I also see the message about modified NAML code. But this is only for a people list and search site and has not disturbed on any other forum reply form yet.
Israel <Nabble>
Reply | Threaded
Open this post in threaded view
|

Re: Error 500 on reply

Israel <Nabble>
Administrator
Yes, it has nothing to do with "www.postgresql-archive.org" I made a mistake because this archive was deleted a few days ago. We're going to look into this issue for you. It may take a few days.
LordOfBikes
Reply | Threaded
Open this post in threaded view
|

Re: Error 500 on reply

LordOfBikes
Don't worry, take your time.
It's not that urgent for our forum, but I think it can possibly improve Nabble code base.
Free forum by Nabble Edit this page