Support forums : You can see the bug

[RESOLVED] Error when using action icons in File Manager

A red message that stops the whole page from loading; a full page, but a message that looks like it came from the server; a red box with red text that we made: All of these are bugs you can see, so report them here. kthxbai :)

Moderator: Dracones

Forum rules
Can you copy/paste the error message, or do a screenshot that shows what is wrong? If not maybe you've got a "you can sense it" bug.

[RESOLVED] Error when using action icons in File Manager

Postby Kimberly » Sun Mar 04, 2012 6:52 pm

I am seeing the following error when I try to use the action icons in the File Manager:

Error 403 - Forbidden
You tried to access a document for which you don't have privileges

I am wondering if this is from the migration. My guess is it is due to an improper session cookie perhaps? I can go down to the drop down menu and delete a file that way or rename a file; however, I can not perform any action on a file using the action icons.
Kimberly
Dracone
User avatar
 
Posts: 842
Joined: Mon Jul 19, 2010 4:44 pm

Re: Error when using action icons in File Manager

Postby Kimberly » Mon Mar 05, 2012 3:00 am

This is not a file permission problem. That this is telling me is that I don't have permission for the document. For example, I don't have permission to access the edit form that would allow me to edit properties of a file.

Help me here to discover why.

I was thinking of moving a client off of b2evo; however, I now need to rethink that if these kinds of problems will occur. It is one thing for me to have to deal with them and entirely different for a client, even if he is a non-paying client outside of hosting his site.
Kimberly
Dracone
User avatar
 
Posts: 842
Joined: Mon Jul 19, 2010 4:44 pm

Re: Error when using action icons in File Manager

Postby Kimberly » Tue Mar 06, 2012 5:35 am

I had no problems with the file manager in b2evo, the problems started with the conversion from b2evo to QP. I had a duplicate file problem that was solved by deleting the files and then uploading again. I also have one file that does not load in the thumbnail and when clicking on the link displays a 403 error, no permission. Yet, all the other files in the same directly load in. I deleted the file and checked the site to make sure it was gone, it was. I then uploaded the file again and again it has the 403 error.

At this time, the file manager is broken with my installation of QP and I don't understand it. Please help.
Kimberly
Dracone
User avatar
 
Posts: 842
Joined: Mon Jul 19, 2010 4:44 pm

Re: Error when using action icons in File Manager

Postby Kimberly » Tue Mar 06, 2012 8:08 pm

The incident of removing a file that was reporting 403 permission error only to upload the file again; with the same name of course since it is used in a post to see the 403 permission error reappear leads me to believe this is a database error. When migrating to QP from b2evo, one creates a new QP site independent of the b2evo site and the evo converter then copies the database from the b2evo installation over to the new QP installation. In order to maintain the files one had, they must be uploaded (or moved) into the new QP installation. Evidently, something about transferring the files tables did not go correctly. I need to examine the database tables to see if I can understand why my new QP installation will not allow me to access the properties, and make changes, of files. If anyone has any insight into why this problem exists, please let me know. Until I can resolved this problem, I am reluctant in migrating my other b2evo blogs to QP.
Kimberly
Dracone
User avatar
 
Posts: 842
Joined: Mon Jul 19, 2010 4:44 pm

Re: Error when using action icons in File Manager

Postby Kimberly » Tue Mar 06, 2012 11:00 pm

I know it seems I am doing a lot of posting but as I think about what is happening and what I am trying in order to resolve this problem I think it would help to post it here.

OK, I am convince this is not a bug in the code but a bug that was somehow introduced into my database. I have a file that will not open in the file manager. File manager does not create a thumbnail. When clicking on the link to see the file, file manager reports a 403 permissions error. I had deleted the file and then uploaded it again with the same name and the 403 error persisted. Today I decided to see if the file itself was a problem. I uploaded it with the name a_file.png and it loaded into the file manager without any problem. So it appeared to be a naming problem that is causing a 403 permission error. That is strange. So I uploaded the file twice again with changes to the original file name. At first I was convinced it was the "2009" part of the file name causing a 403 permission error but that was not the case. Finally when I just used the first part of the original name the 403 permission error disappeared. This is very strange to me. Hopefully someone here could help to point me in the right direction to solve this. Is it a case of code, or a case of the database?

The attachment illustrates the name causing the problem. By the way, it is not the underscore. I have uploaded a lot of files with the underscore including this same file with the name a_file.png. All three files are of the same image file and all three are in the same folder on the server. Yet, two, creme_drops.png and creme_drops_2009.png will not display in the file manager and report a 403 permission error.
Attachments
file_manager_problem.jpg
file_manager_problem.jpg (81.41 KiB) Viewed 10209 times
Kimberly
Dracone
User avatar
 
Posts: 842
Joined: Mon Jul 19, 2010 4:44 pm

Re: Error when using action icons in File Manager

Postby Kimberly » Tue Mar 06, 2012 11:06 pm

Here is a strange development. I just went to my blog front page to search for the blog post that the image creme_drops_2009.png is part of to see if the blog could access the image for the blog post. I searched on creme drops and got a 403 permission error. So performed a search on creme and the search completes. The blog post was found and yes, the image is displayed. Searching on the term drops causes the 403 permission error. This is strange indeed. So it appears the word "drops" in the file name and in the search engine is causing 403 permission errors. Could this strange occurrence cause the 403 permission errors with the action icons because the word "drops" is contained in the name of one of the files? Could this be something to do with the anti-spam? This version of QP is from the trunk and contains Ed's updates to the anti-spam thingy.
Kimberly
Dracone
User avatar
 
Posts: 842
Joined: Mon Jul 19, 2010 4:44 pm

Re: Error when using action icons in File Manager

Postby EdB » Tue Mar 06, 2012 11:13 pm

Probably due to "drops" being really close to a command type of thing. Drop Table for example. I can't remember the specifics, but a long time ago I got an error in that other app because of a similar word in a post title. There was a solution for that, so there must be a solution for this :)
EdB
Dracone
User avatar
 
Posts: 2072
Joined: Sun Nov 22, 2009 7:20 am
Location: Maricopa Arizona

Re: Error when using action icons in File Manager

Postby Kimberly » Wed Mar 07, 2012 5:02 am

EdB wrote:Probably due to "drops" being really close to a command type of thing. Drop Table for example. I can't remember the specifics, but a long time ago I got an error in that other app because of a similar word in a post title. There was a solution for that, so there must be a solution for this :)


So this may be part of the SQL input scrubber that helps to prevent an SQL injection attack. Any idea where to look? While I could just rename the file as it is only used in one location, drops should not be scrubbed out completely for use; I should be able to use it in a file name. However, that may be the best solution until a better answer is obtained. Thanks for your help Ed.
Kimberly
Dracone
User avatar
 
Posts: 842
Joined: Mon Jul 19, 2010 4:44 pm

Re: Error when using action icons in File Manager

Postby Kimberly » Wed Mar 07, 2012 9:36 am

I should retitle this post "Kimberly with egg on her face".

I was in bed and could not sleep; not feeling well. Since I could not sleep I was thinking about my problem here. It dawn on me that my firewall could be the problem and not anything to do with the QP files or database. So, I got out of bed and came in to my little office and logged into the server and disabled my firewall (.htaccess firewall). The problem disappeared, the file manager is back to normal, I can see the images with drops in the name and I can access the action icons. I need to examine the settings in the firewall and see where drops keeps me from being able to use the action icons in the file manager.

I feel so foolish.


Edit The strange thing is this does not affect the other app, only QP, and the firewall is at the root level
Kimberly
Dracone
User avatar
 
Posts: 842
Joined: Mon Jul 19, 2010 4:44 pm

Re: [RESOLVED] Error when using action icons in File Manager

Postby Kimberly » Thu Mar 08, 2012 3:23 am

This is the part of the firewall that was causing me problems accessing the file manager icons. The idea is to catch someone trying to do an SQL injection attack. For some reason this also prevented me from accessing the action icons in the file manager. I first started to just put an exception for my URL but the problem is that some SQL keywords are perfectly valid for someone searching on content, such as "rain drops", and I don't want them getting a 403 permission error when trying to find the blog I wrote about rain drops. The interesting part is that this firewall is at the root level and protects the blogs using that other app as well as my client who has blogs on that other app and it does not prevent access there. So this is still connected to QP code and needs to be examine at some future date.

Code: Select all
    # QUERY STRING EXPLOITS
<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} \.\.\/    [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\=     [NC,OR]
RewriteCond %{QUERY_STRING} ftp\:     [NC,OR]
RewriteCond %{QUERY_STRING} http\:    [NC,OR]
RewriteCond %{QUERY_STRING} https\:   [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|'|"|;|\?|\*).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%22|%27|%3C|%3E|%5C|%7B|%7C).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|config|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|drop).* [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>
Kimberly
Dracone
User avatar
 
Posts: 842
Joined: Mon Jul 19, 2010 4:44 pm


Return to You can see the bug

Who is online

Users browsing this forum: No registered users and 1 guest

cron