When trying to submit node content that fails the input data check and error message is given: "Terminated request because of suspicious input data.". It's not themed, appearing in plain text on a blank page, and is a little too terse.

Since these terminated inputs are often about security issues we obviously don't want to be too helpful with the error message...but it would be nicer if the user was redirected to a properly themed page and error message.

(Note: This seems to be generated at line 1929 of includes/common.inc)

Comments

degerrit’s picture

degerrit commented

Slightly off topic : I've had this error message on many occasions, unfortunately. The last one was an innocent-looking copy/paste from part of samba configuration : "read only = no" which seems to match some on+(something)+= regexp.

I don't even see the security problem in disclosing what the problem was exactly, the source code is open for everyone to read anyhow. I'd be in favour of trying to strip out suspicious data rather than this annoying error message. Easier said than done, though :-(

magico’s picture

magico commented
Version: 4.6.0 » x.y.z

I couldn't find this piece of code. Anyway, I saw more topics about this situation.
Is this prolem addressed in the current cvs?

bdragon’s picture

bdragon commented
Version: x.y.z » 6.x-dev
Status: Active » Closed (works as designed)

This is not a Drupal error message. It is an apache mod_security error message IIRC.

Hence, there is no way for Drupal to theme it.