Active Server Pages error 'ASP 0131'

L

L Scal

Thanks in advance. I'm using the following to open an asp page containing a
form in a new window
Below the title:
<script language="JavaScript">
<!-- hide
function openWin(url, name) {
popupWin = window.open(url, name,
"toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,r
esizable=yes,copyhistory=no,width=780,height=540");
}
//-->
</script>

For the hyperlink:
<a href="javascript:blush:penWin('bistro.asp?ARPT=FLL','window');">

It works as a .htm page, but now that it's an asp saving to a database, this
is the error I'm getting

Active Server Pages error 'ASP 0131'
Disallowed Parent Path
/samples/bistro.asp, line 135
The Include file '../_fpclass/fpdbform.inc' cannot contain '..' to indicate
the parent directory.

The page that links to the suspect page bistro.asp is
http://erecognitions.com/samples/samples.htm

Any ideas?
Thanks
 
J

Jack Brewster

It sounds like Parent Paths are disabled on your server. If you've run
IIS Lockdown to secure IIS, I believe this is one of the settings that's
affected.

This is due to old attack methods where users could enter something like
.../../../../winnt/cmd.exe "evil command line parameters"

to execute code. I've seen posts saying that it's no longer neccessary,
but I don't have any hard evidence. To verify the setting is indeed
disabled:
- open your IIS Manager
- right-click on your website, choose "Properties"
- Select the "Home Directory" tab
- Under "Application Settings" click the "Configuration..." button
- Select the "Options" tab
- Check whether or not "Enable parent paths" is checked. If it's not,
then this is definitely what is causing your problem.

There are two ways to get around this. The first option is to enable
the setting. Again, there may still be security risks to doing so, but
I can't confirm that. The second option is to modify your include
statement to avoid using parent paths. Here's an MS kb article that
discusses the problem and gives you a code example (watch for word wrap):
http://support.microsoft.com/default.aspx?scid=kb;226474

Hope that helps
 
L

L Scal

Thanks Jack,
Rather than deal with my host, I simply moved it to the root directory for
now and it worked.

LScal
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Active Server Pages error ASP 0131 1
Database Interface Wiz Errors 3
Disallowed Parent Path 2
Error message on webpage - FP2000 ASP page? 2
Using parent path in a sub web for a db 1
Errors on .asp 2
Disallowed Parent Path error 1
Unable to Save ASP pages to a Web Server 4

Top