WSOD on forum

Code:
Params:
do	updatepost
postid	109060

Request headers:
GET /editpost.php?do=updatepost&postid=109060 HTTP/1.1
Host: forums.freebsd.org
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.2.12) Gecko/20101104 Firefox/3.6.12
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: bblastvisit=1287758907; bblastactivity=0; bbuserid=16231; bbpassword=(removed); bbsessionhash=(removed)
Cache-Control: max-age=0

Response headers:
HTTP/1.1 200 OK
Server: Apache/2.2.13 (FreeBSD)
Cache-Control: private
Pragma: private
x-ua-compatible: IE=7
Content-Type: text/html; charset=utf-8
Content-Length: 0
Date: Mon, 08 Nov 2010 16:40:28 GMT
X-Varnish: 449794310
Age: 0
Via: 1.1 varnish
Connection: keep-alive
Content-Length: 0?

Similar problem: http://forum.tcgplayer.com/archive/index.php/t-236225.html
 
Reproducible steps:
1. Edit your own post.
2. Click on 'Go Advanced'.
3.
On Firefox/Chrome: Press F6 and Enter.
On Opera: Press F8 and Enter.

You should see WSOD.
It shouldn't do redirect, or something?
 
So all you really do is select the URL in the address bar, and then execute it again? The URL in the address bar is the command that got you to that page in the first place, based on parameters in the page that was present/loaded before that command was executed. You're now executing the same command with different, page-dependent, therefore probably non-valid parameters. The only valid commands in that specific page are those offered by the buttons on that page. In the context of that specific page, repeating the command that produced it is probably a no-op, and it looks like it's being met with an empty/zero-sized reply.
 
WSOD is not expected behavior here. By default if user doesn't have permission to the content, or POST variables are wrong, page should be redirected, or give at least error 500, or any other specific for this purpose, for sure not 200! I was not looking for this bug specially, but it happened to me using the forum in standard way and then I started to analyzing how this could happen.
Example of similar behavior:
http://forums.freebsd.org/editpost.php?do=updatepost&postid=1090601
Message: Invalid Post specified. If you followed a valid link, please notify the administrator
 
I tested on the other forum with vBulletin® Version 3.6.12, and I can't reproduce it, it does work properly. Page is loading normally without POST data.
This forum basically doesn't work properly.
It's very annoying when you refresh the page and you lost all you text which you typed in the post, and you see the blank screen.
 
Back
Top