Results 1 to 4 of 4
  1. #1
    Join Date
    May 2005
    Location
    Phoenix Arizona (whew!)
    Posts
    188
    Plugin Contributions
    0

    application error Problem with plain text editor

    I've been searching for someone else on the forums with this problem, and come up empty.
    Using plain text editor for *any* editing on my cart produces the error:

    You don't have permission to access /shop/admin/define_pages_editor.php on this server.

    I've tried CHMODing the permissions on the file, to no avail.
    I'm fully up to date on my Zen version (1.3.7.1), and moderately modified. PHP 4.47 (awaiting an upgrade), Apache/Linux server.

    This is a fairly recent occurrence, but I can't tie it to a specific upgrade/mod.

    I'm out of ideas (and doing the files offline/locally is a PItA). Any advice will be most appreciated!
    [FONT=Comic Sans MS]Vicki[/FONT]
    www.moebiusenterprises.com
    Fragrance*jewelry*metaphysical supplies*art*LIFE ... 'bout sums it up....

  2. #2
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Problem with plain text editor

    Quote Originally Posted by Moebiusenterprises View Post
    Using plain text editor for *any* editing on my cart produces the error:
    Is the converse true? Does it also happen when editing with a rich-text editor?
    Quote Originally Posted by Moebiusenterprises View Post
    You don't have permission to access /shop/admin/define_pages_editor.php on this server.
    This is likely a result of mod_security stopping the use of the page because the page contains potentially dangerous content akin to what a hacker might attempt to upload if one was exploiting the server.

    What kind of code is in the pages you're getting these errors on ? You must have some sort of HTML codes or SCRIPT tags etc which the security filters are catching.

    Your server's errorlog should also explain more about "why" the page access was blocked.
    Quote Originally Posted by Moebiusenterprises View Post
    This is a fairly recent occurrence, but I can't tie it to a specific upgrade/mod.
    Your hosting company should also be able to offer assistance in clarifying what recent changes may have been implemented to cause this.

    Or maybe *they* didn't change anything and the timing is just that *you* just recently started using certain "prohibited" content in your pages?
    Quote Originally Posted by Moebiusenterprises View Post
    I'm out of ideas (and doing the files offline/locally is a PItA).
    It's also the most secure way to do it. That way you don't need to leave files world-writable on the server, making your site less vulnerable to exploitation.



    You could try adding this to your /admin/.htaccess file and see if it helps:
    Code:
    <IfModule mod_security.c>
        SecFilterEngine Off
        SecFilterScanPOST Off
    </IfModule>
    That will turn OFF all the security protections that normally protect against what hackers might do to upload rogue content. It leaves you somewhat exposed, but would stop the blockages if the issue is truly a mod_security filter that's blocking you.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #3
    Join Date
    May 2005
    Location
    Phoenix Arizona (whew!)
    Posts
    188
    Plugin Contributions
    0

    Default Re: Problem with plain text editor

    Quote Originally Posted by DrByte View Post
    Is the converse true? Does it also happen when editing with a rich-text editor?
    After some *very* careful examination, the problem appears to lie almost exclusively in the Define pages editor. And no, I can't use HTMLAREA either, but I get a different error:

    HTML Code:
     You don't have permission to access /shop/admin/define_pages_editor.php on this server.
    They're both coming up as 403/forbidden, but pointing at different files.
    This is likely a result of mod_security stopping the use of the page because the page contains potentially dangerous content akin to what a hacker might attempt to upload if one was exploiting the server.

    What kind of code is in the pages you're getting these errors on ? You must have some sort of HTML codes or SCRIPT tags etc which the security filters are catching.
    Anything from simple text, to iframes

    Your server's errorlog should also explain more about "why" the page access was blocked.
    All I can see is them coming up as 403/forbidden

    Your hosting company should also be able to offer assistance in clarifying what recent changes may have been implemented to cause this.

    Or maybe *they* didn't change anything and the timing is just that *you* just recently started using certain "prohibited" content in your pages?
    ahh... yes, I've turned into a code-crunching pornographer in my spare time!
    It's also the most secure way to do it. That way you don't need to leave files world-writable on the server, making your site less vulnerable to exploitation.
    Yes, and I imagine that's what I'll likely continue to do, if making changes to the ZenCart or other functionality poses that kind of risk

    You could try adding this to your /admin/.htaccess file and see if it helps:
    Code:
    <IfModule mod_security.c>
        SecFilterEngine Off
        SecFilterScanPOST Off
    </IfModule>
    That will turn OFF all the security protections that normally protect against what hackers might do to upload rogue content. It leaves you somewhat exposed, but would stop the blockages if the issue is truly a mod_security filter that's blocking you.
    hmm... I *might* give that a try, but I'll probably just do the modifications offline & upload them (yay for good freeware!)

    Thanks!
    [FONT=Comic Sans MS]Vicki[/FONT]
    www.moebiusenterprises.com
    Fragrance*jewelry*metaphysical supplies*art*LIFE ... 'bout sums it up....

  4. #4
    Join Date
    May 2005
    Location
    Phoenix Arizona (whew!)
    Posts
    188
    Plugin Contributions
    0

    Default Re: Problem with plain text editor

    Quote Originally Posted by DrByte View Post
    You could try adding this to your /admin/.htaccess file and see if it helps:
    Code:
    <IfModule mod_security.c>
        SecFilterEngine Off
        SecFilterScanPOST Off
    </IfModule>
    Just to update:
    Turns out this *was* a mod_security filter issue.
    Modified the .htaccess file in the admin directory with the 2 lines of code (confirmed as correct/what I needed by our hosting folks), and things function. I did, however, insert a comment line to remind me what those were for.... then, commented out the code.
    When I need the functionalities, it's simple enough to go in and edit the file... then change it back. Small extra step.

    Thanks!
    [FONT=Comic Sans MS]Vicki[/FONT]
    www.moebiusenterprises.com
    Fragrance*jewelry*metaphysical supplies*art*LIFE ... 'bout sums it up....

 

 

Similar Threads

  1. How to Replace Default Plain Text Editor
    By RiazShahid in forum General Questions
    Replies: 10
    Last Post: 22 Jun 2020, 05:12 PM
  2. Replies: 2
    Last Post: 19 Nov 2013, 07:01 PM
  3. Plain Text editor munging code in define pages editor
    By TecBrat in forum Customization from the Admin
    Replies: 2
    Last Post: 24 Feb 2013, 12:19 PM
  4. HTML Editor preview changes to Plain Text with HTML code
    By Morph99 in forum Basic Configuration
    Replies: 5
    Last Post: 3 Jan 2011, 10:12 PM
  5. Plain text editor not working
    By warren in forum General Questions
    Replies: 2
    Last Post: 9 Jun 2008, 10:51 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR