Pixel Post comments?



I’m just trying out pixel post for my photo blog, and it seems it can’t handle getting comments with question marks without a space after them. ex: “what is that?” will return a service temporarily unavailable error, but "That’s cool, but what is it? " will work just fine.

I asked about this over in the Pixel Post forums but the consensus was ‘mod-security is too tight!’ because “mod_security kicks in at the $_POST variables. I can not touch the comment with PHP prior to the $_POST.”

I don’t like the idea of turning off mod-security, but this seems to be something of an issue. Does any one have an idea how this can be fixed? (link in my signature is for the blog in question.)

art.googlies.net - personal website


Hmmmm. Perhaps you can wash your comment submission through a function that converts the question mark to its encoded equivalent?

function fix_question($comment) { $fixed_comment = str_replace('?', '?', $comment); return $fixed_comment; }si-blog
Max discount on any plan with promocode SCJESSEYTOTAL


Hmmm, Indeed. WHile that might work, I’d think that if mod_security is doing it’s job, it would catch that too.

Since we can’t see the “rules”, it’s really hard to tell without trying it,eh?



It shouldn’t, because the numbered entity cannot do any of the “harm” that the question mark can. Ultimately, the OP will have to just give it a try.

Max discount on any plan with promocode SCJESSEYTOTAL


Now that I think through it a little more fully, I believe you are right about that! :slight_smile:



Ok, I know I’m slow. :slight_smile: I located the bit of coding that seems to me should be at fault, and tried out the coding. However it doesn’t seem to effect the issue.

[quote] if ($cmnt_moderate_permission ==‘yes’)
$extra_message = "$lang_message_moderating_comment

function fix_question($message) {
$fixed_message = str_replace(’?’, ‘?’, $message);
return $fixed_message;
$query = "INSERT INTO ".$pixelpost_db_prefix.“comments(id,parent_id,datetime,ip,fixed_message,name,url,email,publish)
$result = mysql_query($query);

// added by GeoS for sure that comment is saved (moved by ramin for bug fixing)
if (!mysql_error())
$email_flag = 1;
} // end if is not in the blacklist
else $extra_message = "$lang_message_banned_comment

If you want, you can see the entire file here. Any more suggestions?

art.googlies.net - personal website


I can’t think of anything else. Sorry.

Max discount on any plan with promocode SCJESSEYTOTAL