Secure Contact Form Results in Blank Page

In this website I’m using the Secure and Accessible PHP Contact Form v.2.0 wordpress plugin. After installing and configuring the plugin I tried submitting the form but all I got was a blank page after submitting the form.

I searched google to see if someone was experiencing the same problem but couldn’t find any detailed information, just someone saying that all they got was a HTTP 406 error in their logs. I checked my error logs but didn’t find that error; however, upon inspecting my raw access logs I saw some 406 responses from the server. So the blank page was indeed the 406 response from my server. From the definition of HTTP 406 response I learned that the problem could be that the server didn’t like the values I was passing it.

Now the 406 response could be raised by a couple of things. One of them is mod_security, if this is the source of your problems you could add some lines to your .htaccess to disable mod_security, read this solution on this HTTP 406 post. That being said, the solution didn’t fix my problem so I had to look for another suspect. My next step was to check my php configuration; this is where I found that there was a module installed that was redirecting to 406! The module’s name is suhosin, which is another security measure that is used for php. Now since I’m in a share host I cannot change the configuration of suhosin.

So I contacted my hosting company and asked them if they could change it but they said no. Which I understand, why change the config for just one guy’s code. However they gave me a more detailed log error which pointed out what part of the code was raising the problem. The problem was that some values where too darn long and looked suspicious to suhosin. The solution was to make them shorter.

The form_id, spam trap and send value where the values that where too long for my host’s suhosin configuration. The original code was:

$form_id = ''.$fd.''.$fp.''.$fl.''.$fv.''.$fh.'';
$trap1_value = ''.$fp.''.$fv.''.$fh.''.$fl.''.$fd.'';
$send_value = ''.$fh.''.$fd.''.$fv.''.$fp.''.$fl.'';

The new code:

$form_id = ''.$fd.''.$fp.'';
$trap1_value = ''.$fp.''.$fv.'';
$send_value = ''.$fh.''.$fd.'';

After making this change the form worked, anything larger value would result in a 406 response again. I don’t think this is a widespread issue or I would have found a solution quickly but I guess sh*t happens. If this post helps you or you have a better solution leave a comment.