Problem with "cmd" GET parameter on some servers

[franksl]

Hi, I posted this same issue on elfinder project. I have a problem on some apache servers that are configured to refuse urls containing a GET parameter called "cmd", it seems that it's a common safety rule to avoid certain types of exploit. Is it possible to change the name of this parameter? Thanks

[oyejorge]

Unfortunately not. If the server is blocking specific GET parameters, I wonder what else it is set up to block.

I did some searching to see how common this problem is, but didn't really find anything. Can you point me to some articles, documentation or forums discussing this problem?

[franksl]

I don't have documentation regarding this, it was told to me by the server tech that it's a typical security filter that is applied on some servers, basically it blocks requests containing a GET parameter named "cmd". I don't see it as a 'smart' choice but looks like it's being used frequently, at least according to him. I had to modify finder source to rename the parameter and now it works ok.