wbTeamPro Feature Request & Bug Tracker
wbTeamPro and wbTimeLog are actively being developed and supported.

We are working to update our tracker, changelogs, and documentation to convey this appropriately.
Thank you for your patience as we manage this period of growth.

View Issue Details Jump to Notes ]
0 Votes
 ]
Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000037wbTeamPro[All Projects] Bugspublic2017-01-30 09:312015-01-25 00:00
Reporterjowwow 
Assigned Towebuddha 
PrioritylowSeveritymajorReproducibilityalways
StatusUnder ReviewResolutionreopened 
PlatformOSOS Version
Product Versionv1.7.6 
Target VersionApplied to Version 
Summary0000037: adding certain texts disables save
Descriptionfound a really interesting bug where certain text disables the save / apply buttons.
-------------
[11/3/2011 8:57:23 PM] Tom Crawford: This is the error message I just got --> The webpage at https://www.jowwow.net:2096/ [^] might be temporarily down or it may have moved permanently to a new web address.
Error 501 (net::ERR_INSECURE_RESPONSE): Unknown error.
---------------
The text in question is between the --------- ( was not included in my attempt to save ) this is a copy of text from a skype message. I don't think we have any bbcode editing so I can't wrap it either.. ( which would be great )
Steps To Reproduce1) attempt to add a sub ticket of parent that has many children and sub children.
2) paste this text.
3) try to save, cancel works.
4) change text to anything else.
it will function..
5) edit created task and try to paste next now..
will fail
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0000022)
helloworldweb (reporter)
2011-11-09 22:26

I'm finding the same thing, and could be related to and/or caused by wbTeamPro's actions being caught by Mod_Security.

I had the same issue happen (unable to save a note in the time log), checked ModSec's logfile and found:

[Wed Nov 09 19:10:22 2011] [error] [client 127.0.0.1 [my IP]] ModSecurity: Access denied with code 501 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:timelog_note. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "139"] [id "950005"] [msg "Remote File Access Attempt"] [data "httpd.conf"] [severity "CRITICAL"] [tag "WEB_ATTACK/FILE_INJECTION"] [hostname "domain.com"] [uri "/whmcs_directory/admin_directory/wbteampro.php"] [unique_id "TrtAns86sgwAAEYuZBIAAAAB"]

Luckily I have my IP whitelisted :)

I wrote an exception for ModSec's rules (if you use the CSF firewall, that would be modsec2.whitelist.conf):

<LocationMatch "/whmcs_directory/admin_directory/wbteampro.php">
SecRuleRemoveById 950004 950005
</LocationMatch>

YMMV, depending on your ModSec ruleset. And there may be more rules getting hit...I've just started testing out wbTeamPro.
(0010127)
webuddha (administrator)
2014-05-20 13:33

Issue reported again - clearly need to find a better solution.
(0010214)
webuddha (administrator)
2015-02-04 16:50

Review encoding test in (maybe UTF8, or something with better compression) before transmission.

- Issue History
Date Modified Username Field Change
2011-11-04 02:42 jowwow New Issue
2011-11-09 22:26 helloworldweb Note Added: 0000022
2012-10-04 09:14 webuddha Status New => Implemented
2012-10-04 09:14 webuddha Resolution open => fixed
2012-10-04 09:14 webuddha Assigned To => webuddha
2014-05-20 13:33 webuddha Status Implemented => Feedback
2014-05-20 13:33 webuddha Resolution fixed => reopened
2014-05-20 13:33 webuddha Note Added: 0010127
2014-05-20 13:33 webuddha Status Feedback => Under Review
2015-02-04 16:50 webuddha Note Added: 0010214



Copyright © 2000 - 2024 MantisBT Team
Powered by Mantis Bugtracker