Hi,

My server is running mod_security and cpanel with the default mod_security configuration that cpanel uses.

Unfortunately when editing any settings on the email section of the module it brings up a 406 error (which drupal reports as 404 since there is not 406.shtml in drupal) and a log is placed in mod_security advising of "System Command Injection".

Luckily this is very easy to fix.

In the print_mail.module on line 52

 $items['admin/settings/print/mail'] = array(
    'title' => 'e-mail',
    'page callback' => 'drupal_get_form',
    'page arguments' => array('print_mail_settings'),
    'access arguments'  => array('administer print'),
    'weight' => 2,
    'type' => MENU_LOCAL_TASK,
    'file' => 'print_mail.admin.inc',
  );

Simply change it to this

 $items['admin/settings/print/email'] = array(
    'title' => 'e-mail',
    'page callback' => 'drupal_get_form',
    'page arguments' => array('print_mail_settings'),
    'access arguments'  => array('administer print'),
    'weight' => 2,
    'type' => MENU_LOCAL_TASK,
    'file' => 'print_mail.admin.inc',
  );

mod_security doesn't like the mail part in the url so I changed it to email and it works fine.

Hopefully this will be useful since I imagine quite a few web hosts out there have cpanel with the default mod_security settings.

Regards

Rowan

Comments

jcnventura’s picture

Status: Active » Fixed

Hi,

Thanks for the patch! I have committed to CVS.

João

Anonymous’s picture

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.