Opened 9 years ago

Closed 9 years ago

#1506 closed defect (worksforme)

ExtendedImageManage bug in xinha 0.96beta2

Reported by: guest Owned by: gogo
Priority: normal Milestone: 0.96
Component: Xinha Core Version: trunk
Severity: normal Keywords:
Cc:

Description

Recently I built a cms using xinha as text editor plugin. on my localhost it worked well but when I uploaded it to my web host with mod_security on. it gave me a 406 error whenever I tried to load the extendedimagemanager plugin by clicking the icon on the xinha toolbar.

here is the code from the server logs mod_security


[error] ModSecurity: Access denied with code 406 (phase 2). Pattern match "\\.\\./\\.\\./" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "66"] [id "300004"] [rev "2"] [msg "Generic Path Recursion denied"] [severity "CRITICAL"] [hostname "www.******.org"] [uri "/en//xinha/plugins/ExtendedFileManager/backend.php"] [unique_id "G41rh88tt@oAAGAl0goAAACv"]
[Fri Mar 05 12:33:04 2010] [error] [client 41.205.15.51] File does not exist: /home/******/public_html/406.shtml, referer: http://www.********.org/en/admin_articles/editNews/10

this is the actual rule in mod_rewrite the caught it

SecRule REQUEST_URI "!(alt_mod_frameset\.php)" "chain,id:300004,rev:2,severity:2,msg:'Generic Path Recursion denied'"

Change History (3)

comment:1 Changed 9 years ago by gogo

  • Resolution set to worksforme
  • Status changed from new to closed

This is most likely a configuration issue. Look at your images_dir, images_url, base_dir etc...

comment:2 Changed 9 years ago by guest

  • Resolution worksforme deleted
  • Status changed from closed to reopened

How do you explain the fact that, when mod_security is on it shows 406 and when mod_security is turned off, it works ??

thats what is happening on my server.

comment:3 Changed 9 years ago by gogo

  • Resolution set to worksforme
  • Status changed from reopened to closed

Well that shows it is not a bug in ExtendedFileManager? then. Your configuration triggers mod_security but is otherwise a workable configuration, tip: look at the rule that is being triggered.

I use mod_security myself.

Can not assist further here, post in the forum your configuration for ExtendedFileManager? if you desire further assistance.

Also, ensure you are using the latest trunk.

Note: See TracTickets for help on using tickets.