Joomla Custom component with Mod_security - joomla

I had built a custom component for Joomla v 1.5.23.However now when my forms in the backend send any HTML content I get the following error
Forbidden
You don't have permission to access /administrator/index.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
However when I submit the form without the html content it updates and I am redirected to my component page.
I am using the following configuration
PHP built on : Linux bluemoon19.ukhost4u.com 2.6.32-13-pve #1 SMP Mon Jul 9 08:39:20 CEST 2012 x86_64
PHP version: 5.3.14
Joomla : Joomla! 1.5.23 Stable [ senu takaa ama baji ] 04-March-2011 18:00 GMT
Any ideas ?

Related

Phpmailer doesnt work in joola on altervista.org Host

I have a form in a joomla website on altervista.org and I use phpmailer to send the output of this form (quote) throught email.
But when I load the page it occurs this error
Fatal error: require(): Failed opening required
'http://lindoelinda.altervista.org/reception2/phpmailer/PHPMailerAutoload.php'
(include_path='.:') in/
membri/lindoelinda/plugins/system/sourcerer/helper.php(607) :
runtime-created function on line 481
the file is well PHPmailer is located in that folder but it seems tell me that file doesn't exist
You should be using the Joomla! jMail class and not phpmailer. There's no point in using Joomla! CMS if your not using its classes and functions.
As it is a simple form you would be best just getting a new form component like rsforms to handle this and remove your custom setup.

unknown tag "plugin" in smarty PRESTASHOP 1.6.0.13

In prestashop 1.6.0.13.
using pf_stationery theme if i go to authentication form (log in as a customer not as a visitor) then i log-in the entire site not work. Only error message I have is:
Fatal error: Uncaught --> Smarty Compiler: Syntax error in template "/var/www/vhosts/***********.com/httpdocs/themes/pf_stationery/header.tpl" on line 114 "{plugin module='ptsmegamenu' hook='displayTop'}" unknown tag "plugin"
<-- thrown in /var/www/vhosts/*********.com/httpdocs/tools/smarty/sysplugins/smarty_internal_templatecompilerbase.php on line 114
I've activated debug in defines.config
Maybe it is a problem with the version of smarty but i've tried an older version and still not work..
At the end the problem was not related to smarty but in fact the user that i was using to login in the front-office has associated any group. I associate the user to the prestashop default group "Customer" and the problem disappear...

server-based email attachements

I'm using codeigniter to work on an intranet based system that will allow users from within the company to send price sheets and marketing materials to our clients via a codeigniter based mailing system.
I'm able to send an email just fine without adding the line
$this -> email -> attach('/uploads/'.$file_name.$file_extension);
The uploads are added by staff members and put into an 'uploads' folder that's in public_html.
I store the file's information in a database table and then call it to get the required name and extension when I'm going to send the email. I've already tested to make sure that it's pulling the right name and extension from the database.
I still keep getting an error that says:
Unable to locate the following email attachment: /uploads/company_canadian_catalog.pdf
220 smtp.mandrillapp.com ESMTP
hello: 250-ip-10-33-129-14
250-PIPELINING
250-SIZE 26214400
250-STARTTLS
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250 8BITMIME
from: 250 2.1.0 Ok
to: 250 2.1.5 Ok
data: 354 End data with .
250 2.0.0 Ok: queued as A20963C201A
quit: 221 2.0.0 Bye
Your message has been successfully sent using the following protocol: smtp
User-Agent: CodeIgniter
Date: Wed, 3 Sep 2014 12:24:55 -0700
From: "me" <my_company#email.com>
Return-Path: <my_company#email.com>
To: me
Subject: =?utf-8?Q?TESt?=
Reply-To: "my_company#email.com" <my_company#email.com>
X-Sender: my_company#email.com
X-Mailer: CodeIgniter
X-Priority: 3 (Normal)
Mime-Version: 1.0
The uploads folder clearly works because I've been successfully able to send files to it and store said files information in the database. I can also download the files fine on the front end when I click on a generated link.
I've exhausted by google-foo resources and have turned to the wise inter-webs gurus of stack overflow. Please let me know my minuscule and tiny mistake that will make me forever want to stub my pinky toe on my bed frame.
EDIT: I have also put:
$this -> email -> clear(TRUE);
at the beginning of my function
The uploads are added by staff members and put into an 'uploads' folder that's in public_html.
If that 'uploads' directory is a sub-directory of 'public_html', then '/uploads/' couldn't possibly be pointing to it. '/uploads/' is an absolute path, while you're trying to use it as a relative one.
The solution is simple, just use the right directory path.
If you have your application/ directory is inside public_html/ as well, then you need this:
FCPATH.'/uploads/'
If application/ directory is at the same level as public_html/ (it should be, for security purposes), then:
APPPATH.'/uploads/'

Magento - Google chrome sets new session - unable to login as customer

I'am not at the point where my hair starts to turn gray..
Two sessions is created by magento, this seems to be right, works in IE/FF:
PHPSESSID
hqndmkildduflb04lpgohu6pk5
www.domain.com
/
Tue, 12 Mar 2013 11:31:57 GMT
35
PHPSESSID
hqndmkildduflb04lpgohu6pk5
.www.domain.com
/
Tue, 12 Mar 2013 11:31:56 GMT
The strange thing is, when logging out and closing the browser, reopen and go to the login site again, another session is now created, and I'm now unable to log in:
PHPSESSID
ru9lvno0mt8kpj6lhb2g3vmlq3
.domain.com
/
Tue, 12 Mar 2013 11:42:51 GMT
35
When deleting the 3 sessions, I can login again, creating two new sessions. This only happens in Chrome.
I would guess that it actually has something to do with cookies.
In System->Config->Web->SessionCookieManagement try setting the path to '' (empty), domain to 'domain.com', use HTTP only to 'YES', and Cookie Restriction Mode to 'NO'.

production vs dev server content-disposition filename encoding

I am using asp.net mvc3, download file in the same browser (Chrome 22). Here is the controller code:
[HttpPost]
public ActionResult Uploadfile(HttpPostedFileBase file)//HttpPostedFileBase file, string excelSumInfoId)
{
...
return File(
result.Output,
"application/vnd.ms-excel",
String.Format("{0}_{1:yyyy.MM.dd-HH.mm.ss}.xls", "Суммирование", DateTime.Now));
}
On my dev machine I download a programmatically created file with the correct name "Суммирование_2012.10.18-13.36.06.xls".
Response:
Content-Disposition:attachment; filename*=UTF-8''%D0%A1%D1%83%D0%BC%D0%BC%D0%B8%D1%80%D0%BE%D0%B2%D0%B0%D0%BD%D0%B8%D0%B5_2012.10.18-13.36.06.xls
Content-Length:203776
Content-Type:application/vnd.ms-excel
Date:Thu, 18 Oct 2012 09:36:06 GMT
Server:ASP.NET Development Server/10.0.0.0
X-AspNet-Version:4.0.30319
X-AspNetMvc-Version:3.0
And from production server I download a file with the name of the controller's action + correct extension "Uploadfile.xls", which is wrong.
Response:
Content-Disposition:attachment; filename="=?utf-8?B?0KHRg9C80LzQuNGA0L7QstCw0L3QuNC1XzIwMTIuMTAuMTgtMTMuMzYu?=%0d%0a =?utf-8?B?NTUueGxz?="
Content-Length:203776
Content-Type:application/vnd.ms-excel
Date:Thu, 18 Oct 2012 09:36:55 GMT
Server:Microsoft-IIS/7.5
X-AspNet-Version:4.0.30319
X-AspNetMvc-Version:3.0
X-Powered-By:ASP.NET
Web.config files are the same on both machines.
Why does filename gets encoded differently for the same browser? Are there any kinds of default settings in web.config that are different on machines that I am missing?
The dev server is running .NET 4, and the production server is running .NET 4.5. The MVC framework contains a heuristic for determining whether it needs to use RFC 6266 for the Content-Disposition header, and while this heuristic works correctly on .NET 4 it does not work correctly on .NET 4.5. The end result is that the Content-Disposition header gets mangled, as you're witnessing in this instance.
Your easiest course of action would probably be to upgrade the application to MVC 4. That version of the framework contains a different heuristic that is more robust and should work correctly on both .NET 4 and .NET 4.5.
Most likely reason seems to be that the server indeed sees different User-Agent header fields.
That being said, the 2nd response isn't correct for any browser, and you should report that problem to Microsoft.

Resources