dcb1101
  •  dcb1101
  • 55% (Neutral)
  • YAF Camper Topic Starter
2012-10-31T13:29:53Z
I'm getting the following error when ever I try to save changes in the Admin or Host settings....


Server Error in '/rs' Application.
A potentially dangerous Request.Form value was detected from the client (ctl00$cphBody$forum$ctl03$IPLocatorUrlPath="...city/?key=<your_api_key>&ip={0...").
http://go.microsoft.com/fwlink/?LinkId=153133 .

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$cphBody$forum$ctl03$IPLocatorUrlPath="...city/?key=<your_api_key>&ip={0...").

Source Error:


[No relevant source lines]


Source File: c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\rs\c41bcf8e\7b89ffc0\App_Web_spypj23u.4.cs Line: 0

Stack Trace:


[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$cphBody$forum$ctl03$IPLocatorUrlPath="...city/?key=<your_api_key>&ip={0...").]
System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +8862660
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) +122
System.Web.HttpRequest.get_Form() +150
System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +114
System.Web.UI.Page.DeterminePostBackMode() +69
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +8431
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +253
System.Web.UI.Page.ProcessRequest() +78
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.forum_default_aspx.ProcessRequest(HttpContext context) in c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\rs\c41bcf8e\7b89ffc0\App_Web_spypj23u.4.cs:0
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +100
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75


Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.272
Sponsor
tha_watcha
2012-10-31T16:04:45Z
Did you read the error description?

Set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0", in the web.config. Example: <httpRuntime requestValidationMode="2.0" />.
UserPostedImage
dcb1101
  •  dcb1101
  • 55% (Neutral)
  • YAF Camper Topic Starter
2012-10-31T16:09:09Z
Yes I did and my <httpRuntime is set to 2.0, however I also read the error where it says "However, it is strongly recommended that your application explicitly check all inputs in this case."

I know I can turn off page validation to get around this error, however I don't want to open up the security vulnerability. I would much rather find out why it is throwing this error and fix the actual problem.

Thank you

tha_watcha
2012-10-31T16:48:14Z
The host settings contains several settings which contains input like the yaf tags on the user box avatar template settings.

You can safely turn off the page validation because the input on all pages is checked everywhere and encoded whith a better protection then the page valdidation provides.
UserPostedImage
bbobb
  •  bbobb
  • 100% (Exalted)
  • YAF Developer
2012-10-31T17:22:43Z
Originally Posted by: dcb1101 


I know I can turn off page validation to get around this error, however I don't want to open up the security vulnerability. I would much rather find out why it is throwing this error and fix the actual problem.



By default, .Net 4.0 rejects all requests with <>*%&:\? characters.
And this is all. YAF stores data "as-is" and protects them while displaying as was written above.




About Us

The YAF.NET is an open source .NET forum project. YAF.NET is supported by an team of international developers who are build community by building community software.

Powered by Resharper Donate with PayPal button

Project Twitter Updates

Copyright © YetAnotherForum.NET & Ingo Herbote. All rights reserved