wbTeamPro Feature Request & Bug Tracker - wbTeamPro
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0000037wbTeamPro[All Projects] Bugspublic2017-01-30 09:312015-01-25 00:00
Reporterjowwow 
Assigned Towebuddha 
PrioritylowSeveritymajorReproducibilityalways
StatusUnder ReviewResolutionreopened 
PlatformOSOS Version
Product Versionv1.7.6 
Target VersionApplied to Version 
Summary0000037: adding certain texts disables save
Descriptionfound a really interesting bug where certain text disables the save / apply buttons.
-------------
[11/3/2011 8:57:23 PM] Tom Crawford: This is the error message I just got --> The webpage at https://www.jowwow.net:2096/ [^] might be temporarily down or it may have moved permanently to a new web address.
Error 501 (net::ERR_INSECURE_RESPONSE): Unknown error.
---------------
The text in question is between the --------- ( was not included in my attempt to save ) this is a copy of text from a skype message. I don't think we have any bbcode editing so I can't wrap it either.. ( which would be great )
Steps To Reproduce1) attempt to add a sub ticket of parent that has many children and sub children.
2) paste this text.
3) try to save, cancel works.
4) change text to anything else.
it will function..
5) edit created task and try to paste next now..
will fail
Additional Information
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2011-11-04 02:42jowwowNew Issue
2011-11-09 22:26helloworldwebNote Added: 0000022
2012-10-04 09:14webuddhaStatusNew => Implemented
2012-10-04 09:14webuddhaResolutionopen => fixed
2012-10-04 09:14webuddhaAssigned To => webuddha
2014-05-20 13:33webuddhaStatusImplemented => Feedback
2014-05-20 13:33webuddhaResolutionfixed => reopened
2014-05-20 13:33webuddhaNote Added: 0010127
2014-05-20 13:33webuddhaStatusFeedback => Under Review
2015-02-04 16:50webuddhaNote Added: 0010214

Notes
(0000022)
helloworldweb   
2011-11-09 22:26   
I'm finding the same thing, and could be related to and/or caused by wbTeamPro's actions being caught by Mod_Security.

I had the same issue happen (unable to save a note in the time log), checked ModSec's logfile and found:

[Wed Nov 09 19:10:22 2011] [error] [client 127.0.0.1 [my IP]] ModSecurity: Access denied with code 501 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:timelog_note. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "139"] [id "950005"] [msg "Remote File Access Attempt"] [data "httpd.conf"] [severity "CRITICAL"] [tag "WEB_ATTACK/FILE_INJECTION"] [hostname "domain.com"] [uri "/whmcs_directory/admin_directory/wbteampro.php"] [unique_id "TrtAns86sgwAAEYuZBIAAAAB"]

Luckily I have my IP whitelisted :)

I wrote an exception for ModSec's rules (if you use the CSF firewall, that would be modsec2.whitelist.conf):

<LocationMatch "/whmcs_directory/admin_directory/wbteampro.php">
SecRuleRemoveById 950004 950005
</LocationMatch>

YMMV, depending on your ModSec ruleset. And there may be more rules getting hit...I've just started testing out wbTeamPro.
(0010127)
webuddha   
2014-05-20 13:33   
Issue reported again - clearly need to find a better solution.
(0010214)
webuddha   
2015-02-04 16:50   
Review encoding test in (maybe UTF8, or something with better compression) before transmission.