How to handle apostrophe's
- wallyhowe
- Topic Author
- Offline
- New Member
-
We use chronoforms for a number of purposes and find that whenever an apostrophe is submitted in a text field it is flagged up with the component being listed as com_content.
In many cases we have discovered in the log that someone has tried to contact us but the message has not got through.
We have the mode set to strict but are nervous about setting it to alert.
Thank you
Wallyhowe
Please Log in or Create an account to join the conversation.
- Jose
-
- Offline
- Administrator
-
- Posts: 4857
- Thank you received: 366
The problem with apostrophes is that are also used to launch sql injection attacks. As we know the "com_content" option does it works filtering params you can safely add it as exception.
Regards,
Jose
Please Log in or Create an account to join the conversation.
- wallyhowe
- Topic Author
- Offline
- New Member
-
We are still getting these so I think Ihave not added the correct exception.
Can you advise which of the options within the SQL injection filters I should add the exception and should the exception be com_content or com_chronoforms7 ?
Thanks
Wally
Please Log in or Create an account to join the conversation.
- Jose
-
- Offline
- Administrator
-
- Posts: 4857
- Thank you received: 366
The easiest way to solve this is selecting the log entry and then click on the "add exception" button on top of the page. This will add the component involved as exception into the right filter.
Anyway, please export and send me the logs (there is a button to do that on top of the page). I will check if this is caused by the apostrophe or some other content.
Regards,
Jose
Please Log in or Create an account to join the conversation.
- wallyhowe
- Topic Author
- Offline
- New Member
-
I will do this on the next instance.
Wally
Please Log in or Create an account to join the conversation.
- Jose
-
- Offline
- Administrator
-
- Posts: 4857
- Thank you received: 366
Regards,
Jose
Please Log in or Create an account to join the conversation.
This site is not affiliated with or endorsed by the Joomla! Project. It is not supported or warranted by the Joomla! Project or Open Source Matters. The Joomla! logo is used under a limited license granted by Open Source Matters, the trademark holder in the United States and other countries.
We may collect your IP address and your browser's User Agent string while using our site for security reasons. This information is retained only until we check you're not trying to hack our website.