News 8.7 User-Agent isn't loved

[koehn]

IMPORTANT

Read and tick the following checkbox after you have created the issue or place an x inside the brackets ;)

• [x] I have read the CONTRIBUTING.md and followed the provided tips

  Explain the Problem

What problem did you encounter? Upgraded to 8.7 and got a nastygram from my hosting provider, who in turn got it from a blog:

Category: abuse Report-Type: login-attack Service: mod_security User-Agent: csf v8.21 Date: 2016-04-18T22:16:26+0200 Source: [meh] Source-Type: ipv4 Attachment: text/plain Schema-URL: https://download.configserver.com/abuse_login-attack_0.2.json

[Mon Apr 18 22:16:12 2016] [error] [client 74.91.25.210] ModSecurity: Access denied with code 403 (phase 2). Match of "rx (Qualidator.com|ExaleadCloudView|^Mozilla/4.0 (compatible;)$|UTVDriveBot|Add Catalog|^Appcelerator)" against "REQUEST_HEADERS:User-Agent" required. [file "/usr/local/apache/conf/modsec/20_asl_useragents.conf"] [line "348"] [id "309925"] [rev "6"] [msg "Atomicorp.com WAF Rules: Suspicious User-Agent, parenthesis closed with a semicolon ownCloud News/8.7.0 (+https://owncloud.org/; 1 subscriber;)"] [severity "CRITICAL"] [hostname "algorithmsforthekitchen.com"] [uri "/blog/"] [unique_id "VxVAjF6NFQwADntZVFIAAAMJ"]

It appears the User-Agent isn't loved.

Steps to Reproduce

Explain what you did to encounter the issue

1. Had the following news feed: http://feeds.feedburner.com/smittenkitchen

3. System Information

   • News app version: 8.7
   • ownCloud version: 9.0
   • PHP version: 5.6
   • Database and version: Postgres 9.3
   • Browser and version: N/A
   • Distribution and version: Ubuntu 14.04

     Contents of owncloud/data/owncloud.log

Paste output here

Contents of Browser Error Console

Read http://ggnome.com/wiki/Using_The_Browser_Error_Console if you are unsure what to put here

Paste output here

[BernhardPosselt]

See https://github.com/owncloud/news#im-getting-a-feed-not-found-error-when-adding-a-feed-but-it-works-in-picofeedminiflux

[BernhardPosselt]

Quoting https://www.atomicorp.com/wiki/index.php/WAF_309925

This rules detects suspicious user agent strings. Specifically, it will detect if a user-agent strings ends with ";)". This is not a pattern used by any browser (Safari, IE, Mozilla, Opera, etc.) or web library. Known browsers and web libraries, when they use the ";" character will use it outside the parentheses, for example using the pattern ");".

Oh comon, what year is this, 1995 :D? Seriously what in the fucking fucks

[BernhardPosselt]

Ok, as of today we officially are Chrome 50

[BernhardPosselt]

You can update to 8.7.1, which contains the fix ;)

[koehn]

Thanks for the fast fix!