表单提交时发生错误403 [英] Error 403 on form submit

问题描述

我在我的网站的管理区域中遇到了一个表单问题。我使用它来改变显示的HTML文本，它用PHP编写并连接到MySQL数据库。

I've got a problem with a form in the administration area of my website. I use it for changing the displayed HTML text, it is written in PHP and connects to a MySQL database.

echo "<form action=\"index.php?kat=infos&aktion=upd&kategorie=$kategorie\" method=\"POST\" enctype=\"application/x-www-form-urlencoded\">\n";
echo "<table border=\"0\">\n";
echo "<b>$kategorie</b>\n";
echo "<tr><td><b>Information:</b></td><td><textarea name=\"info\" cols=\"50\" rows=\"7\">$info</textarea></td></tr>\n";
echo "<tr><td><input type=\"submit\" value=\"Editieren\" /></td></tr>\n";
echo "</table>\n";
echo "</form>\n";

如果我输入一些小句子，例如This is a test text only。并单击提交按钮，index.php接受数据并将其插入到数据库中，就像它应该那样。但如果我从 http://www.juraforum.de/disclaimer_muster/我在表单提交时收到错误403。
我不认为这是因为文本较长，因为如果我在那里写一些更长的随机文本，它也可以。

If i enter some small sentences like "This is a test text only." and click the submit-button, the index.php accepts the data and inserts it into the database just as it should. But if I enter a longer text like the disclaimer from http://www.juraforum.de/disclaimer_muster/ I get a Error 403 on form submit. I do not think it is because of the longer text, because if I write some longer random text in there it works, too.

我希望你能帮助我与这一个。

I hope you can help me with this one.

推荐答案

<403> 状态码表示：

The 403 Status Code means:

10.4。 4 403禁止

服务器理解请求，但
拒绝履行请求。
授权无效，
请求不应重复。如果
请求方法不是HEAD并且
服务器希望公开为什么
请求未被满足，那么
应该描述
拒绝的原因在实体中。如果服务器
不希望将这些信息
提供给客户端，那么可以使用
代码404（Not Found）代替
。

The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.

免责声明似乎包含多个HTML标签，并且显然在页面上未转义打印。

The disclaimer seems to contain several HTML tags and they apparently get printed unescaped on the page.

我的猜测是，服务器上安装了一个软件（可能是 mod_security ），因为它会拒绝输入，因为它认为这是一次尝试执行XSS攻击。您可以通过暂时删除<和>符号粘贴到textarea中。

My wild guess is that there's a piece of software installed on the server (possibly mod_security) that rejects the input because it considers it's an attempt to perform a XSS attack. You can confirm (or reject) this hypothesis by temporarily removing the < and > symbols before pasting it into the textarea.

这篇关于表单提交时发生错误403的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！