500 Internal Server Error with a specific page content #4877

New Issue

Closed

opened 2026-02-05 09:23:19 +03:00 by OVERLORD · 4 comments

OVERLORD commented 2026-02-05 09:23:19 +03:00

Owner

Copy Link

Originally created by @RELOC-DEV on GitHub (Jul 16, 2024).

Describe the Bug

Creating a new page with a code block contaning somewhere the string "/../" results in a internal server error when trying to save the page.

Steps to Reproduce

1. Create a new page
2. Assign a random title
3. In the page body create a code block ( click to "..." -> "Insert code block")
4. Fill the code block content with "/../" (without quotes)
5. Save Code
6. Save Page

A "500 Internal Server Error" page will be opened and the page will not be saved.

Expected Behaviour

The page should be saved correctly.

Screenshots or Additional Context

No response

Browser Details

Chrome 126

Exact BookStack Version

v24.02.2

Originally created by @RELOC-DEV on GitHub (Jul 16, 2024). ### Describe the Bug Creating a new page with a code block contaning somewhere the string "/../" results in a internal server error when trying to save the page. ### Steps to Reproduce 1. Create a new page 2. Assign a random title 3. In the page body create a code block ( click to "..." -> "Insert code block") 4. Fill the code block content with "/../" (without quotes) 5. Save Code 6. Save Page A "500 Internal Server Error" page will be opened and the page will not be saved. ### Expected Behaviour The page should be saved correctly. ### Screenshots or Additional Context _No response_ ### Browser Details Chrome 126 ### Exact BookStack Version v24.02.2

OVERLORD added the 🐛 Bug label 2026-02-05 09:23:19 +03:00

OVERLORD closed this issue 2026-02-05 09:23:20 +03:00

OVERLORD commented 2026-02-05 09:23:22 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jul 16, 2024):

Hi @RELOC-DEV,
Please can you detail your BookStack host environment (web-server, hosting service (if any), operating system, PHP version and setup etc....)

@ssddanbrown commented on GitHub (Jul 16, 2024): Hi @RELOC-DEV, Please can you detail your BookStack host environment (web-server, hosting service (if any), operating system, PHP version and setup etc....)

OVERLORD commented 2026-02-05 09:23:23 +03:00

Author

Owner

Copy Link

@RELOC-DEV commented on GitHub (Jul 16, 2024):

Hi @ssddanbrown, thanks for your reply!

The hosting service is Dreamhost.
It runs Ubuntu 20.04.6 LTS with PHP 8.2

@RELOC-DEV commented on GitHub (Jul 16, 2024): Hi @ssddanbrown, thanks for your reply! The hosting service is Dreamhost. It runs Ubuntu 20.04.6 LTS with PHP 8.2

OVERLORD commented 2026-02-05 09:23:24 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jul 17, 2024):

Thanks @RELOC-DEV. Errors on that kind of content are usually down the addition security systems/layers at play, blocking or stopping the request due to thinking there's an attack attempted.

I think dreamhost may have this kind of thing on by default. Often this will be named/due-to "mod_security" or a Web Application Firewall (WAF).
You could try contacting dreamhost regarding this to see if it's something that's active for you, or you could try following the guidance here if it's appropriate for your service, to see if disabling mod_security allows you to save this kind of content.

@ssddanbrown commented on GitHub (Jul 17, 2024): Thanks @RELOC-DEV. Errors on that kind of content are usually down the addition security systems/layers at play, blocking or stopping the request due to thinking there's an attack attempted. I think dreamhost may have this kind of thing on by default. Often this will be named/due-to "mod_security" or a Web Application Firewall (WAF). You could try contacting dreamhost regarding this to see if it's something that's active for you, or you could try following the [guidance here](https://help.dreamhost.com/hc/en-us/articles/215947927-Enabling-the-Web-Application-Firewall) if it's appropriate for your service, to see if disabling mod_security allows you to save this kind of content.

OVERLORD commented 2026-02-05 09:23:25 +03:00

Author

Owner

Copy Link

@RELOC-DEV commented on GitHub (Jul 17, 2024):

Bingo! That was the issue.
Now the page is saved correctly.

We will assess if keeping this option disabled could be a security threat.

We appreciated very much your help.

@RELOC-DEV commented on GitHub (Jul 17, 2024): Bingo! That was the issue. Now the page is saved correctly. We will assess if keeping this option disabled could be a security threat. We appreciated very much your help.

OVERLORD referenced this issue 2026-02-05 10:31:46 +03:00

[PR #4877] [MERGED] Updated translations with latest Crowdin changes #6420

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

further_theme_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🐛 Bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#4877