Apache Forbidden Error on Update

[JKG]

Hello,

 

I have a site that i built about 2 years ago, and has worked fine with often usage since.

 

Today, I get the Forbidden error on the executed document when going to edit a record.

 

Funny thing is, i can insert into the textarea anything except the code that i am using, which is an iframe.

 

Perms are 755 and as i have said, this has worked fine up until today... any thoughts?

 

thanks for you help

Joe.

[zer0day]

Can you post the code that you're trying to insert?

[JKG]

its just manky dreamweaver code from when i started, here is the page header:

 

<?php include "/home/langley/www/includes/php_header.php"; ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
  $updateSQL = sprintf("UPDATE photoview SET username=%s, password=%s, photos=%s WHERE id=%s",
                       GetSQLValueString($_POST['username'], "text"),
                       GetSQLValueString($_POST['password'], "text"),
                       GetSQLValueString($_POST['photos'], "text"),
                       GetSQLValueString($_POST['id'], "int"));

  mysql_select_db($database_stevelangley, $stevelangley);
  $Result1 = mysql_query($updateSQL, $stevelangley) or die(mysql_error());

  $updateGoTo = "index_admin.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
    $updateGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $updateGoTo));
}

$colname_Recordset1 = "1";
if (isset($_GET['recordID'])) {
  $colname_Recordset1 = (get_magic_quotes_gpc()) ? $_GET['recordID'] : addslashes($_GET['recordID']);
}
$query_Recordset1 = sprintf("SELECT * FROM photoview WHERE id = %s", $colname_Recordset1);
$Recordset1 = mysql_query($query_Recordset1, $stevelangley) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);?><? while ($row = mysql_fetch_array($result, MYSQL_ASSOC)){
$id = $row['id'];
$page_name = $row['page_name'];
$meta_tags = $row['meta_tags'];
$page_title = $row['page_title'];
$page_body = $row['page_body'];
$title_image = $row['title_image'];
$title_image_alt = $row['title_image_alt'];
$page_description = $row['page_description'];
$page_specific_header = $row['page_specific_header'];
?>

 

thanks for taking a look at it.

[pornophobic]

Did you update Apache or PHP? Both?

 

If you updated PHP and you did it from source, I believe that magic quotes is disabled by default.

You also have a short open tag (<?) and that has been disabled by default as well in newer versions of PHP.

I don't think those would cause a 403 error, but they are somewhat relevant.

 

Have you checked the access_log or error_log for Apache to see if you can find information there?

 

[JKG]

turns out the script was triggering one of my hosts modsecurity rules they just installed, flippin dreamweaver!