4

I use my website to code (and progress in my programming projects) online, during school, and send the code to my email address to continue working on it at home.

The text can be inside a <textarea> or an <input> field (with name="Code" id="Code").
Either way, I'm unable to submit text that contains the C/C++ function fgets():

TODO: Include a more stable function to get user input,
      such as fgets(input, 20, stdin);

I have no idea why submitting the text: fgets(input, 20, stdin) would be a problem, and why any text inside a <textarea> or <input> would be a problem since it's all just plain text, and not actual code.

When I click submit, while text in my <textarea> contains fgets(), nothing happens (instead of giving me Invalid input message or Email Sent message), and my text isn't being sent.

amiregelz
  • 1,833
  • 7
  • 25
  • 46
  • 3
    *What* happens? Does your browser window close, do you get an error message. Please be specific about "unable to submit". – mario Oct 13 '12 at 20:33
  • 1
    possible duplicate of [Forbidden Error When Submitting Simple PHP Form](http://stackoverflow.com/questions/8824511/forbidden-error-when-submitting-simple-php-form) – mario Oct 13 '12 at 20:37

2 Answers2

6

It may be that something on your server sees this as an attempt to hack the site.

A quick Googling shows that mod_security (a fairly common Apache module that attempts to prevent things like SQL injection and other exploits) may be blocking POST parameters that include fgets() calls. http://forums.modx.com/thread?thread=9677

ceejayoz
  • 176,543
  • 40
  • 303
  • 368
  • Is there anything I can do to make it possible to send text that contains PHP functions? – amiregelz Oct 13 '12 at 21:48
  • Sure, disable mod_security (or ask your web host to do so). – ceejayoz Oct 13 '12 at 22:10
  • 1
    Okay, I think I'll keep it enabled (for security) and go through the text in JavaScript to modify PHP functions in it, such as: `fgets(input, 20, stdin); ==> fg-ets(input, 20, stdin);` – amiregelz Oct 13 '12 at 22:17
0

You shouldn't transform arguments to one string on your own (or if so, use some javascript alternative to phps urlencode()).

jQuery supports [1], [2] data as anonymous object

Data to be sent to the server. It is converted to a query string, if not already a string. It's appended to the url for GET-requests. See processData option to prevent this automatic processing. Object must be Key/Value pairs. If value is an Array, jQuery serializes multiple values with same key based on the value of the traditional setting (described below).

so you can use:

data: {
  'Name': name,
  'Code': code,
  ...
}

and it should work and what's more important it takes care about correct encoding (escaping). If this doesn't help (the problem isn't with malformed "raw data") try ceejayoz's solution.

Community
  • 1
  • 1
Vyktor
  • 20,559
  • 6
  • 64
  • 96