AP and clikchic are going to get the shits with me soon... but I've found another problem with the new site. The fancy URL system is not escaping the full-stop ("period") character, and as such any threads with dots in the title cannot progress to page two. Exhibit A:

http://www.ozgolf.net/showthread.php/15878-Need-cash-for-champs-golf-balls....

The problem is that ".../" tells apache to go up two directories, which would take the user outside of the root directory and apache (rightly) blocks that for security reasons. When you try to go to page 2, have a close look at the URL and you'll see the problem.

If there is a setting to escape these characters, I suggest you implement it. Otherwise there might be a bit of code hacking to be done in order to fix it.

There should be no code hacking on our part. Either vbulletin has a setting, should create a patch, or we revert to different URL settings.

The Vbulletin guys should be able to fix this, or at least steer you in the right direction on how to fix it. Personally, I think escaping certain characters from being used in the URL is the answer. Does Vbulletin have a bug reporting tool somewhere?

We raise support tickets, I believe. I'm sure this issue would have been encountered by another forum though.
I'll search the vbulletin forums, when I get the chance.

FYI it's only stuffed when 4 dots or more are used.

http://www.vbulletin.com/forum/project.php?issueid=36537

Those guys aren't the smartest. They're all sitting there saying "dots in the URL work fine for me" but it's not the same issue. Dots in a URI structure are fine, unless they are followed by a forward slash. That's the issue. With friendly URLs enabled, the link for "page 2" has a forward slash rather than a query string which causes apache to assume it's an instruction to navigate up one level (or more). The number of dots it takes for it to break depends how many directories your particular website has until the dots instruct apache to navigate outside of the root directory. If your site was http://somesite.com/somethread only two dots could break it if it meant that going up one directory alone would be outside of the root dir.

On ozgolf, four dots (..../) is telling apache to navigate three directories up, which is outside of the allowed root directory for php so the server (rightly) disallows it.

Regardless of all of that, now that it's logged it should be a trivial fix for the vbulletin devs to implement.

Do you mind if I post that there as well? It might help to get it resolved faster.

Do you mind if I post that there as well? It might help to get it resolved faster.

It probably won't help it get resolved faster. The solution is the same, regardless of the symptom. They just need to escape all sequential dots in friendly URLs and the problem goes away (and they'll probably need a once off "upgrade" that'll trawl though existing thread titles and make the change retrospectively).

I was just making a point that they were seemingly distracted by under which circumstances the problem occurs. That "David Grove" guy talking about mod_security is on the money. "PitchouneN64ngc" or whatever his name is seems to be lost, talking about other installed software and server-side issues; neither of these are the problem. The reason it "works" on the links he is referencing is simply because they are not using friendly URLs and therefor have a query string for page 2, not "/page-2" or whatever it is, so apache doesn't bork at the dots.

In simpler terms, "...." are fine on their own. Throw a slash in the mix after that and it'll break.

and they'll probably need a once off "upgrade" that'll trawl though existing thread titles and make the change retrospectively
There's a Rebuild Thread Information function in the control panel that I've used before that would do that.

I went on a bumping spree at vbulletin.com and got the issue recognised by the support team.

http://tracker.vbulletin.com/browse/VBIV-5456

Yay. It's a bit slack that they have ignored it for so long. As you said the fix should be relatively easy.

I think they had the status of the issue as 'Scrubbed'. :roll:

The issue wasn't very clear before in that bug report, but the explanation of the issue that you gave makes it clear what they have to do.

It's not a major issue, but it annoys me.