I have a snippet of javascript that I'm using for a custom block:
<script type="text/javascript" language="JavaScript"
src="http://www.hebcal.com/shabbat/?geo=zip;zip=72204;m=72;cfg=j">
</script>
<noscript>
<p>
<!-- this link seen by people who have JavaScript turned off -->
<a href="http://www.hebcal.com/shabbat/?geo=zip;zip=72204;m=72">Shabbat
Candle Lighting times for Little Rock, AR 72204</a> courtesy
of hebcal.com. </p>
</noscript>
It works fine on my local install of Drupal, but when I uploaded everything to the server (which was previously working fine), the block that contains the javascript won't let me touch it with a ten foot pole. I only want it to show up on the <front> page, but it's showing up on all pages. When I go to edit it, it shows that it should only be showing up on the <front> page. If I try to save (modified or untouched) the block, I get the following error:
Safari can’t open the page “http://www.emethatorah.com/drupal/?q=admin/build/block/add” because the server unexpectedly dropped the connection, which sometimes occurs when the server is busy. You might be able to open the page later.
I had the same versions of Drupal running in both locations (5.1). I tried upgrading to 5.7 on the server, but still not having any luck. I sure could use some help troubleshooting this. I was sooooooo close to having this thing complete.
thanks in advance,
-Darren
Comments
...
It might be that you fell victim to this:
Mysterious 403, 404, 406 or 500 errors depending on submitted content
My guess is that the '--' string caused this. It's the SQL comment characters and mod_security may think you're trying to hack the system. Try to remove this HTML comment and submit the form.
Thanks for the fast
Thanks for the fast response! However, it didn't work (if I understood you correctly). I removed the commented line:
<!-- this link seen by people who have JavaScript turned off -->and got the same results. Any other ideas?
ps. I even tried modifying my .htaccess file per your recommendation as well with the same results.
...
It might be that my guess was incorrect and that your problem has nothing to do with the issue I linked to. But it's easy to find out:
Move this text into Notepad. Submit the empty form. Does it work? It should.
Now,
move the text, bit by bit, back into the form, submiting the form between the bits. You'll soon arrive at the string that triggers mod_security --if that's indeed the problem.
Ok - Thanks for the
Ok - Thanks for the advice... Sometimes you (or at least I) can't see the forest for the trees! I nailed it down to the very first line that's causing the problems:
So, how do I resolve that? And why does it work on my local box, but not the server?
...
Because you don't have mod_security installed on your local box. (Or, if you have, its configuration is more lenient.)
Use the same method. Remove/restore it bit by bit. Don't worry that in the process it's not a valid code anymore.
I got it down to
I got it down to this:
<script type="text/javascript" language="JavaScript">Is that far enough? Now what?
...
I'm curious. Create a new node and paste this string into its body. Would you encounter an error here too when you try to save the node?
same song, second verse.
same song, second verse.
...
Excellent!
So it is very likely that indeed some 'security' feature of the server is responsible for this.
Contact the server tech-support. Tell them that if your forms contain the '<script ....>' string it triggers a weird server response and ask them if there's a security feature involved here.
Try to remove the 'language="Javascirpt"', it isn't needed. Or remove the type=... instead. Or type some random characters before the tag.
tried both <script
tried both
<script language="JavaScript">and
<script language="JavaScript">with the same results. I even reduced it down to:
<script>and it still crashed. I guess I will have to contact tech-support. That is very, very strange...
The strange thing about it
The strange thing about it is that I don't have any problems using the entire snippet of code in a node. I only have an issue when including it in a block.
...
It's not that strange. We don't know what rule(s) exactly the machanism uses. The block form has different names for its fields, so these two forms look different to the mechanism.
...
Also, visit q=admin/logs/status/php and search for the string 'security', does it appear in Apache's 'Loaded Modules' section? (but it might not, if it's compiled in.)
"security" not found
"security" not found
...
Things to try:
Check your server's error log, and access log. Is there some hint there? (oh, that's the first thing we should have had checked!)
The above page says to wrap the directive in
<IfModule mod_security.c></IfModule>. Try without that tag.If you have SSH access you may want to sniff around /etc/apache to look for "interesting" things.
Same problem
Hi monstordh,
I've go the same problem and I have what seems to be the cause and a solution, but not the solution I need.
The cause is the < script > (as you found), Drupal (or one of the modules) can't get past this and puts up an error passing you to the page not found page.
bit in php so Drupal doesn't get stuck but the script still parses on the client computer. So... Now, I can't tell my client to do this (they are pasting affiliate HTML in), so is there another way?The way to get round it is to print the
I'm having the same problem
I'm having the same problem on a drupal 6.10 install. It works fine on our dev and live servers, but not on our client's live servers. Has anyone found out what server setting causes this?