Thread:Project:Support desk/Are there forbidden character sequences that can cause 404 errors?

Hi! Here's my Special:Version info Product 	Version MediaWiki 	1.15.1 PHP 	5.2.14 (cgi-fcgi) MySQL 	5.1.39-log

On my MediaWiki (http://pj.freefaculty.org/cgi-bin/mw), everything works fine, except, I started to get 404 errors, but only when I entered some magic character string. I was writing about Linux file permissions and I pasted in some text output from a Linux terminal and after submitting that to the wiki, either by preview or save, the error message says:

Not Found

The requested URL /cgi-bin/mw/index.php was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

I went back to the edit window and gradually cut out material until I found the thing causing the problem. This one line in the text of my wiki message causes that 404 error.

drwxr-xr-x 112 root    root          112 Nov 18 17:21 ..

I've come here to test your wiki, and that line does not cause the 404 crash. So I'm quite stumped and have to ask for your help. If I put a blank space anywhere between the first 5 characters, there is no trouble. For example, this is OK

d rwxr-xr-x 112 root    root          112 Nov 18 17:21 ..

I'm baffled. I wish you could help me.

Here's an even worse part. Once a Wiki page is saved with that destructive string, then the page cannot be opened or edited, so it can never be fixed or deleted.

Paul Johnson Center for Research Methods and Data Analysis

I've cut out my password info here, but other than that, this is the LocalSettings.php file.

$ cat LocalSettings.php <?php


 * 1) This file was automatically generated by the MediaWiki installer.
 * 2) If you make manual changes, please keep track in case you need to
 * 3) recreate them later.
 * 4) See includes/DefaultSettings.php for all configurable settings
 * 5) and their default values, but don't forget to make changes in _this_
 * 6) file, not there.
 * 7) Further documentation for configuration settings may be found at:
 * 8) http://www.mediawiki.org/wiki/Manual:Configuration_settings
 * 1) Further documentation for configuration settings may be found at:
 * 2) http://www.mediawiki.org/wiki/Manual:Configuration_settings

if( defined( 'MW_INSTALL_PATH' ) ) { $IP = MW_INSTALL_PATH; } else { $IP = dirname( __FILE__ ); }
 * 1) If you customize your file layout, set $IP to the directory that contains
 * 2) the other MediaWiki files. It will be used as a base to locate files.

$path = array( $IP, "$IP/includes", "$IP/languages" ); set_include_path( implode( PATH_SEPARATOR, $path ) . PATH_SEPARATOR . get_include_path );

require_once( "$IP/includes/DefaultSettings.php" );


 * 1) If PHP's memory limit is very low, some operations may fail.
 * 2) ini_set( 'memory_limit', '20M' );

if ( $wgCommandLineMode ) { if ( isset( $_SERVER ) && array_key_exists( 'REQUEST_METHOD', $_SERVER ) ) { die( "This script must be run from the command line\n" ); } }
 * 1) Uncomment this to disable output compression
 * 2) $wgDisableOutputCompression = true;

$wgSitename        = "PJMediaWiki";

$wgScriptPath      = "/cgi-bin/mw"; $wgScriptExtension = ".php";
 * 1) The URL base path to the directory containing the wiki;
 * 2) defaults for all runtime URL paths are based off of this.
 * 3) For more information on customizing the URLs please see:
 * 4) http://www.mediawiki.org/wiki/Manual:Short_URL

$wgFileExtensions = array( 'png','gif','svg','jpg','pdf' );


 * 1) UPO means: this is also a user preference option

$wgEnableEmail     = true; $wgEnableUserEmail = false; # UPO

$wgEmergencyContact = "pauljohn32@freefaculty.org"; $wgPasswordSender = "pauljohn32@freefaculty.org";

$wgEnotifUserTalk = false; # UPO $wgEnotifWatchlist = false; # UPO $wgEmailAuthentication = true;

$wgDBtype          = "mysql"; $wgDBserver        = "wiki.pj.freefaculty.org";
 * 1) Database settings

$wgDBprefix        = "wiki_";
 * 1) MySQL specific settings

$wgDBTableOptions  = "ENGINE=InnoDB, DEFAULT CHARSET=binary";
 * 1) MySQL table options to use during installation or update

$wgDBmysql5 = true;
 * 1) Experimental charset support for MySQL 4.1/5.0.

$wgMainCacheType = CACHE_NONE; $wgMemCachedServers = array;
 * 1) Shared memory settings

$wgEnableUploads      = true; $wgUseImageMagick = true; $wgImageMagickConvertCommand = "/usr/bin/convert";
 * 1) To enable image uploads, make sure the 'images' directory
 * 2) is writable, then set this to true:

$wgShellLocale = "en_US.utf8";
 * 1) If you use ImageMagick (or any other shell command) on a
 * 2) Linux server, this will need to be set to the name of an
 * 3) available UTF-8 locale


 * 1) If you want to use image uploads under safe mode,
 * 2) create the directories images/archive, images/thumb and
 * 3) images/temp, and make them all writable. Then uncomment
 * 4) this, if it's not already uncommented:
 * 5) $wgHashedUploadDirectory = false;

$wgUseTeX          = false;
 * 1) If you have the appropriate support software installed
 * 2) you can enable inline LaTeX equations:

$wgLocalInterwiki  = strtolower( $wgSitename );

$wgLanguageCode = "en";

$wgSecretKey = "9b5be89ae9788a7d9136b5a829713bc7abb7549e60374bb84a02467177483c10";

$wgDefaultSkin = 'cologneblue';
 * 1) Default skin: you can change the default skin. Use the internal symbolic
 * 2) names, ie 'standard', 'nostalgia', 'cologneblue', 'monobook':

$wgEnableCreativeCommonsRdf = true; $wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright $wgRightsUrl = "http://www.gnu.org/copyleft/fdl.html"; $wgRightsText = "GNU Free Documentation License 1.3"; $wgRightsIcon = "${wgScriptPath}/skins/common/images/gnu-fdl.png";
 * 1) For attaching licensing metadata to pages, and displaying an
 * 2) appropriate copyright notice / icon. GNU Free Documentation
 * 3) License and Creative Commons licenses are supported so far.
 * 1) $wgRightsCode = "gfdl1_3"; # Not yet used

$wgDiff3 = "/usr/bin/diff3";

$wgCacheEpoch = max( $wgCacheEpoch, gmdate( 'YmdHis', @filemtime( __FILE__ ) ) );
 * 1) When you make changes to this configuration file, this will make
 * 2) sure that cached pages are cleared.

$wgGroupPermissions['*']['createaccount'] = false;

$wgGroupPermissions['*']['edit']             = false;
 * 1) Disable for everyone.
 * 1) Disable for users, too: by default 'user' is allowed to edit, even if '*' is not.
 * 2) $wgGroupPermissions['user']['edit']          = false;
 * 3) Make it so users with confirmed e-mail addresses are in the group.
 * 4) $wgAutopromote['emailconfirmed'] = APCOND_EMAILCONFIRMED;
 * 5) Hide group from user list.
 * 6) $wgImplicitGroups = array( 'emailconfirmed' );
 * 7) Finally, set it to true for the desired group.
 * 8) $wgGroupPermissions['emailconfirmed']['edit'] = true;

$wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['user']['edit'] = false; $wgGroupPermissions['sysop']['edit'] = true;

$wgGroupPermissions['Trusted'] = $wgGroupPermissions['user']; $wgGroupPermissions['user'  ]['edit']          = false; $wgGroupPermissions['Trusted']['edit']         = true; $wgGroupPermissions['sysop' ]['edit']          = true;
 * 1) Creates "Trusted" group

$wgUseTwoButtonsSearchForm = false;

$wgAllowCopyUploads = true; $wgGroupPermissions['*']['edit'] = false;
 * 1) $wgUseTex = true;