Check that you don't have http:// in your antispam blacklist ;)

¥

Heh, thanks but it's not that.

The auto-links plugin still works - if I type "www.b2evolution.net" it gets converted to a clickable link just fine. Similarly, links created via the youtube plugin are ok.

I wish I knew something about php.

Try this, crack open inc/model/sessions/_hit.class.php and change this section of code ( approx line 319 ) :-

			if( $Settings->get('antispam_block_spam_referers') )
			{ // In order to preserve server resources, we're going to stop processing immediatly (no logging)!!
				require $view_path.'errors/_referer_spam.page.php';	// error & exit
				exit(); // just in case.
				// THIS IS THE END!!
			}
		}

to :

			if( ! $this->detect_admin_page() && $Settings->get('antispam_block_spam_referers') )
			{ // In order to preserve server resources, we're going to stop processing immediatly (no logging)!!
				require $view_path.'errors/_referer_spam.page.php';	// error & exit
				exit(); // just in case.
				// THIS IS THE END!!
			}
		}

and see if that cures it.

¥

Nope :)

Comments are OK as well, by the way. I can link away to my heart's content in a comment. It's only the write/edit post section of the admin area that's a problem.

Thanks for your help so far. Looking back at some test posts I made last month, it used to work. I haven't upgraded since then so this makes me think that I've broken it myself with a tweak somewhere. Time to do some file comparisons, I think.

Edit:
File comparison shows nothing untoward. On further investigation, I can successfully post "<a href="http:%#47;%#47;www.b2evolution.net">b2evo</a>" (with "&" instead of "%") so at least I can carry on for the moment. It would be nice to get to the bottom of this though.

Another update:

[url=http://forums.b2evolution.net/viewtopic.php?t=10996&postdays=0&postorder=asc&&start=0]This thread[/url] sounds like the same problem I'm having. If I follow Yabba's suggested debug process from that one, putting "hello world" right at the start of edit_actions.php makes no difference - I still get the 403. If I put it in admin.php, right after

require $control_path.$ctrl_mappings[$ctrl];

I get the backoffice screen with "hello world" printed at the bottom.

Presumably something must get executed when you click the Save button but, not knowing much about php, I'm struggling to find it.

As I said above, I can type "http:ampersand#47;" and it works - it's displayed in the post as "http:/". I don't know what the significance of that is.

Finally, if I hit Preview instead of Save, I get a 403 for index.php instead of admin. If I try to click Update after unticking the "block referrers" checkbox in the App Settings/Antispam tab I get a 403 there as well.

Bizarre.

It's now choking on the sentence "In a nutshell, you create the content separately from the presentation". Specifically, it's the word "create" in that sentence - 403. If I replace it with "write" or take it out altogether, it saves fine.

I know "create" is a SQL keyword but I can't imagine why that would be a problem.

Edit: OK, further testing reveals that that's exactly what it is. If I replace "create" with "select", "update", "drop", "alter", etc, I get the 403. If I replace it with a non-SQL word, it's fine.

I remember a problem like that a long time ago, where "like that" means you couldn't use MySQL terms in your title. I forget the fix, but it was so long ago that the version I was running back then is obsolete now. Seems you are using a reasonably new version, but it'll be nice to know which one exactly anyway.

Either way, have you tried grabbing a fresh copy of the zip file, unzipping it on your computer, deleting everything in the /inc/ folder from your server, and uploading the /inc/ folder from your fresh unzip?

It's a shotgun approach to a maybe: if you have a borked file and it's in the inc folder you'll fix it by replacing it. IF!

I'm on v1.9.3. My site hasn't gone "live" yet so I re-downloaded the zip file last night and did a full re-install - cleared down the database, deleted the whole b2evo folder and re-uploaded everything. I discovered the problem this morning so whatever it is is still broken. It doesn't happen all the time - a post with "create" in the first sentence is fine. Maybe it's just when the word comes after a <a href> or something.

The only files I kept from my previous install were the contents of the skin folder. I don't know if that could be the cause - I'd have thought that since it's all happening in the backoffice the skin wouldn't be involved.

It would seem odd to suspect your skin, but you should see if you have the problem using the standard 'custom' skin - just in case.

Also is there anything that might be non-standard about your installation? For example I would define "standard" as nobody actually wrote:

an installation running on a hosted server that is not a Windows box and has reasonably current versions of php and mysql. The blog is not installed in a path that requires .htaccess to access either the front or back end, and you actually don't need to do anything with .htaccess to get the blog to run

I know that's not much of a definition, but if you're running outside the mainstream you probably know it and can suspect *whatever* as possibly being related to this issue.

No, it still fails on one of the standard skins.

As far as I know, I'm on a standard Apache installation (1.3.37?). It's something I'll be asking my host (jodohost.com) because this definitely used to work - before I wiped the previous install, I had working links for some older posts.

I did a quick check just now and posting:

<a href="http:/www.x.com">link</a>

gives me the 403 rather than the html checker error, which may narrow down where it's happening.

You might like to ask them if they've recently installed mod_security or something else like that ;)

¥