Hi,
My server is running mod_security and cpanel with the default mod_security configuration that cpanel uses.
Unfortunately when editing any settings on the email section of the module it brings up a 406 error (which drupal reports as 404 since there is not 406.shtml in drupal) and a log is placed in mod_security advising of "System Command Injection".
Luckily this is very easy to fix.
In the print_mail.module on line 52
$items['admin/settings/print/mail'] = array(
'title' => 'e-mail',
'page callback' => 'drupal_get_form',
'page arguments' => array('print_mail_settings'),
'access arguments' => array('administer print'),
'weight' => 2,
'type' => MENU_LOCAL_TASK,
'file' => 'print_mail.admin.inc',
);
Simply change it to this
$items['admin/settings/print/email'] = array(
'title' => 'e-mail',
'page callback' => 'drupal_get_form',
'page arguments' => array('print_mail_settings'),
'access arguments' => array('administer print'),
'weight' => 2,
'type' => MENU_LOCAL_TASK,
'file' => 'print_mail.admin.inc',
);
mod_security doesn't like the mail part in the url so I changed it to email and it works fine.
Hopefully this will be useful since I imagine quite a few web hosts out there have cpanel with the default mod_security settings.
Regards
Rowan
Comments
Comment #1
jcnventura CreditAttribution: jcnventura commentedHi,
Thanks for the patch! I have committed to CVS.
João
Comment #2
Anonymous (not verified) CreditAttribution: Anonymous commentedAutomatically closed -- issue fixed for two weeks with no activity.