All Projects | wbTeamPro | wbTimeLog |
Anonymous | Login | Signup for a new account | 2024-03-29 09:11 EST |
Dashboard | Features | Bugs | Report Issue | My View | View Issues | Change Log | Roadmap | My Account |
View Issue Details [ Jump to Notes ] [ 0 Votes
] | [ Issue History ] [ Print ] | ||||||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||||||
0000037 | wbTeamPro | [All Projects] Bugs | public | 2017-01-30 09:31 | 2015-01-25 00:00 | ||||||||
Reporter | jowwow | ||||||||||||
Assigned To | webuddha | ||||||||||||
Priority | low | Severity | major | Reproducibility | always | ||||||||
Status | Under Review | Resolution | reopened | ||||||||||
Platform | OS | OS Version | |||||||||||
Product Version | v1.7.6 | ||||||||||||
Target Version | Applied to Version | ||||||||||||
Summary | 0000037: adding certain texts disables save | ||||||||||||
Description | found a really interesting bug where certain text disables the save / apply buttons. ------------- [11/3/2011 8:57:23 PM] Tom Crawford: This is the error message I just got --> The webpage at https://www.jowwow.net:2096/ [^] might be temporarily down or it may have moved permanently to a new web address. Error 501 (net::ERR_INSECURE_RESPONSE): Unknown error. --------------- The text in question is between the --------- ( was not included in my attempt to save ) this is a copy of text from a skype message. I don't think we have any bbcode editing so I can't wrap it either.. ( which would be great ) | ||||||||||||
Steps To Reproduce | 1) attempt to add a sub ticket of parent that has many children and sub children. 2) paste this text. 3) try to save, cancel works. 4) change text to anything else. it will function.. 5) edit created task and try to paste next now.. will fail | ||||||||||||
Tags | No tags attached. | ||||||||||||
Attached Files |
Notes | |
(0000022) helloworldweb (reporter) 2011-11-09 22:26 |
I'm finding the same thing, and could be related to and/or caused by wbTeamPro's actions being caught by Mod_Security. I had the same issue happen (unable to save a note in the time log), checked ModSec's logfile and found: [Wed Nov 09 19:10:22 2011] [error] [client 127.0.0.1 [my IP]] ModSecurity: Access denied with code 501 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:timelog_note. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "139"] [id "950005"] [msg "Remote File Access Attempt"] [data "httpd.conf"] [severity "CRITICAL"] [tag "WEB_ATTACK/FILE_INJECTION"] [hostname "domain.com"] [uri "/whmcs_directory/admin_directory/wbteampro.php"] [unique_id "TrtAns86sgwAAEYuZBIAAAAB"] Luckily I have my IP whitelisted :) I wrote an exception for ModSec's rules (if you use the CSF firewall, that would be modsec2.whitelist.conf): <LocationMatch "/whmcs_directory/admin_directory/wbteampro.php"> SecRuleRemoveById 950004 950005 </LocationMatch> YMMV, depending on your ModSec ruleset. And there may be more rules getting hit...I've just started testing out wbTeamPro. |
(0010127) webuddha (administrator) 2014-05-20 13:33 |
Issue reported again - clearly need to find a better solution. |
(0010214) webuddha (administrator) 2015-02-04 16:50 |
Review encoding test in (maybe UTF8, or something with better compression) before transmission. |
Issue History | |||
Date Modified | Username | Field | Change |
2011-11-04 02:42 | jowwow | New Issue | |
2011-11-09 22:26 | helloworldweb | Note Added: 0000022 | |
2012-10-04 09:14 | webuddha | Status | New => Implemented |
2012-10-04 09:14 | webuddha | Resolution | open => fixed |
2012-10-04 09:14 | webuddha | Assigned To | => webuddha |
2014-05-20 13:33 | webuddha | Status | Implemented => Feedback |
2014-05-20 13:33 | webuddha | Resolution | fixed => reopened |
2014-05-20 13:33 | webuddha | Note Added: 0010127 | |
2014-05-20 13:33 | webuddha | Status | Feedback => Under Review |
2015-02-04 16:50 | webuddha | Note Added: 0010214 |
Dashboard | Features | Bugs | Report Issue | My View | View Issues | Change Log | Roadmap | My Account |
Copyright © 2000 - 2024 MantisBT Team |