Wierd 406 error when saving record
I've received a very weird error with CMSB 3.50 and PHP 7.0.3
I went to update a recipe in the cmsbcookbook, and when I tried to save the record, I got the following error:
“406 Not Acceptable
<head><title>Not Acceptable!</title></head><body><h1>Not Acceptable!</h1><p>An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.</p></body></html>”
I tracked down the offending code in a text box in the record to ‘mysql_query(’ on the $result line below:
$query = "SELECT DATE_FORMAT(date, '%M %Y') as dateAndYear, YEAR(date) as year, MONTH(date) as month FROM cmsb_blog WHERE `hidden` = 0 GROUP BY dateAndYear ORDER BY date";
$result = mysql_query($query) or die("MySQL Error: ". htmlspecialchars(mysql_error()) . "\n");
while ($record = mysql_fetch_assoc($result)):
Only if I removed one of the letters in mysql_query, the (, or added //* between line 1 and 2 (just a // didn’t work) could I save the record.
Other records save normally, just any record with this code.
I also tried creating a new record and typing in the code in question and it failed to save as well.
Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php
It looks like that string of content is being caught by a security application on your server (Mod Security), as it likely resembles some sort of MySQL injection attack. One option - as you've noted - is to modify the string so that it no longer matches the pattern, however, that can be difficult to do without changing the meaning of the content. Another option is to follow up with your web host to see if they can tune the settings for you.
Hope that helps!