403 forbidden error when using Greek letters #2772

New Issue

OVERLORD · 2026-02-05T05:08:27+03:00

OVERLORD commented

2026-02-05 05:08:27 +03:00

Originally created by @jwtay1 on GitHub (May 3, 2022).

Describe the Bug

I encountered an odd bug that I'm not sure how to troubleshoot. When editing a page, I noticed that I was occasionally encountering "403 forbidden" errors. After much trial-and-error, I narrowed it down to a very specific pattern seemingly involving parentheses and Greek letters: (text) (κ). Note: The "text" can be anything. I've only tested using Greek letters in the second parentheses and they all return the 403 error.

I suspect that this might have to do with some kind of escaping, but I don't know how to test further.

Steps to Reproduce

Create a new page (or edit a page)
Anywhere on the page enter in text that has the following pattern: (test) (µ)
Save the page

Expected Behaviour

The page saves correctly with the text "(test) (µ)".

Screenshots or Additional Context

No response

Browser Details

No response

Exact BookStack Version

v22.04

PHP Version

7.4

Hosting Environment

cPanel shared hosting installed following the manual installation instructions. There are no custom headers or footers and I am currently using the WYSIWYG editor.

Originally created by @jwtay1 on GitHub (May 3, 2022). ### Describe the Bug I encountered an odd bug that I'm not sure how to troubleshoot. When editing a page, I noticed that I was occasionally encountering "403 forbidden" errors. After much trial-and-error, I narrowed it down to a very specific pattern seemingly involving parentheses and Greek letters: (text) (κ). Note: The "text" can be anything. I've only tested using Greek letters in the second parentheses and they all return the 403 error. I suspect that this might have to do with some kind of escaping, but I don't know how to test further. ### Steps to Reproduce 1. Create a new page (or edit a page) 2. Anywhere on the page enter in text that has the following pattern: (test) (µ) 3. Save the page ### Expected Behaviour The page saves correctly with the text "(test) (µ)". ### Screenshots or Additional Context _No response_ ### Browser Details _No response_ ### Exact BookStack Version v22.04 ### PHP Version 7.4 ### Hosting Environment cPanel shared hosting installed following the manual installation instructions. There are no custom headers or footers and I am currently using the WYSIWYG editor.

OVERLORD added the 🐛 Bug label 2026-02-05 05:08:27 +03:00

OVERLORD closed this issue

2026-02-05 05:08:28 +03:00

OVERLORD commented

2026-02-05 05:08:32 +03:00

@ssddanbrown commented on GitHub (May 3, 2022):

Hi @jwtay1,
Thanks for the report. I just tested this on our demo instance where I could not reproduce this issue.

Do you know if there are any security additions active in your environment, such as the Apache mod-security module?
Otherwise, do you have logs PHP or webserver you can check when these errors occur in your environment?

@ssddanbrown commented on GitHub (May 3, 2022): Hi @jwtay1, Thanks for the report. I just tested this on our [demo instance](https://demo.bookstackapp.com/books/bookstack-demo-site/page/logging-in-to-the-demo-site) where I could not reproduce this issue. Do you know if there are any security additions active in your environment, such as the Apache mod-security module? Otherwise, do you have logs PHP or webserver you can check when these errors occur in your environment?

OVERLORD commented

2026-02-05 05:08:37 +03:00

@jwtay1 commented on GitHub (May 3, 2022):

Thanks for getting back to me so quickly @ssddanbrown. As far as I can tell, the only security module enabled is ModSecurity. However, I did try disabling it but nothing changed.

I did wonder if this was somehow specific to my instance since it was a HTTP error. I should have thought to check on the demo website! I guess we can close this issue for now unless I find something else.

@jwtay1 commented on GitHub (May 3, 2022): Thanks for getting back to me so quickly @ssddanbrown. As far as I can tell, the only security module enabled is ModSecurity. However, I did try disabling it but nothing changed. I did wonder if this was somehow specific to my instance since it was a HTTP error. I should have thought to check on the demo website! I guess we can close this issue for now unless I find something else.

OVERLORD commented

2026-02-05 05:08:42 +03:00

@jwtay1 commented on GitHub (May 3, 2022):

Ok so it seems like it might have been a ModSecurity issue. The hosting service has modified the rules and now everything works. Thanks!

@jwtay1 commented on GitHub (May 3, 2022): Ok so it seems like it might have been a ModSecurity issue. The hosting service has modified the rules and now everything works. Thanks!

OVERLORD commented

2026-02-05 05:08:49 +03:00

@ssddanbrown commented on GitHub (May 4, 2022):

Happy to hear things are now working!

@ssddanbrown commented on GitHub (May 4, 2022): Happy to hear things are now working!

OVERLORD referenced this issue

2026-02-05 10:23:43 +03:00

[PR #2784] [MERGED] Adding Croatian language #6064

Sign in to join this conversation.