2
Well...I have exactly the same errors since I upgraded to XOOPS 2.3.3b.
And it is really frustrating, as I can't see anymore my custom block (nor edit them) in the blocks admin menu, while they are displaying correctly on the site.
Quote:
And it is really frustrating, as I can't see anymore my custom block (nor edit them) in the blocks admin menu, while they are displaying correctly on the site.
Quote:
System Overview «
XOOPS Version - XOOPS 2.3.3b
PHP Version - 5.2.5
MySQL Version - 5.0.81-community-log
Server API Version - apache
OS Version - Linux
safe_mode - Off
register_globals - Off
magic_quotes_gpc - On
allow_url_fopen - On
fsockopen - On
allow_call_time_pass_reference - On
post_max_size - 8M
max_input_time - 60
output_buffering -
max_execution_time - 60
memory_limit - 48M
file_uploads - On
upload_max_filesize - 16M
3
It did not save my life, but at least it saved my week. 
I was struggling for a few days with this blank page problem, and then I discovered your great hack.
Nice job.
Thanks a lot.
I was struggling for a few days with this blank page problem, and then I discovered your great hack.
Nice job.
Thanks a lot.
4
I had a different problem with the mod_security.
After moving my website to a new hosting company, I was no more able to change templates or to modify my footer.
I did not get any error message, even after having turned on the debug mode.
I contacted the tech support and got the server log:
Quote:
These were the errors generated when trying to edit the tplsource table from PhpMyAdmin.
Looks like the \\\n in the tplsource were considered as an XSS attack
I included the following lines (found on this topic)
and everything is back to normal
Thank you Martyboy
After moving my website to a new hosting company, I was no more able to change templates or to modify my footer.
I did not get any error message, even after having turned on the debug mode.
I contacted the tech support and got the server log:
Quote:
[Wed Jun 6 05:22:29 2007] [error] [client 195.93.102.4] mod_security: Warning. Pattern match "phpsessid" at ARGS_VALUES("xoops_redirect") [msg "XSS attack"] [severity "EMERGENCY"] [hostname "www.destination-casino.com"] [uri "/user.php"]
[Wed Jun 6 09:56:09 2007] [error] [client 195.93.102.4] mod_security: Warning. Pattern match "phpsessid" at ARGS_VALUES("xoops_redirect") [msg "XSS attack"] [severity "EMERGENCY"] [hostname "www.destination-casino.com "] [uri "/user.php"]
[Wed Jun 6 11:30:10 2007] [error] [client 206.53.62.20] mod_security: Access denied with redirect to [/]. Pattern match "<(.|\\\\n)+>" at POST_PAYLOAD [severity "EMERGENCY"] [hostname "destination-casino.com"] [uri "/index.php"]
[Wed Jun 6 11:30:20 2007] [error] [client 206.53.62.20] mod_security: Access denied with redirect to [/]. Pattern match "<(.|\\\\n)+>" at POST_PAYLOAD [severity "EMERGENCY"] [hostname "destination-casino.com"] [uri "/modules/index.php"]
[Wed Jun 6 11:30:31 2007] [error] [client 206.53.62.20] mod_security: Access denied with redirect to [/]. Pattern match "<(.|\\\\n)+>" at POST_PAYLOAD [severity "EMERGENCY"] [hostname "destination-casino.com"] [uri "/modules/news/index.php"]
[Wed Jun 6 12:36:23 2007] [error] [client 195.93.102.4] mod_security: Warning. Pattern match "phpsessid" at ARGS_VALUES("xoops_redirect") [msg "XSS attack"] [severity "EMERGENCY"] [hostname "www.destination-casino.com "] [uri "/user.php"]
----------------
These were the errors generated when trying to edit the tplsource table from PhpMyAdmin.
Looks like the \\\n in the tplsource were considered as an XSS attack
I included the following lines (found on this topic)
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
and everything is back to normal
Thank you Martyboy
Login
Search
Recent Posts
Who's Online
Donat-O-Meter
| Stats | |
| Goal: | $100.00 |
| Due Date: | Apr 30 |
| Gross Amount: | $0.00 |
| Net Balance: | $0.00 |
| Left to go: | $100.00 |
 |
|