We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
    • 28779
    • 25 Posts
    Some modx weirdness, or maybe it’s my setup, but either way here it goes, maybe someone else knows what’s going on here....

    I spent around 30mins wondering what the hell was wrong with this.

    I was writing a snippet - I needed to upload a file, and read from the file. So I write the snippet, I get to the point where I use fopen() to open the file, and then read it line by line with fgets().

    When I saved the snippet, and it contained the call to
    fgets($fh);
    I would get an error page in the snippet pane of the modx manager:

    Forbidden
    You don't have permission to access /manager/index.php on this server.
    
    Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. 
    


    When I removed the fgets call, the error went away, and the snippet was would save with no problem. I really needed to implement this, so I played around a bit more. I tried to figure out exactly what was causing the problem, and I left out the semicolon, and the parentheses, and tried adding in some spaces and stoopid stuff like that.

    In the end this worked:

    $line = fgets ( $fh     )       ;
    


    What does it all mean? I’m guessing there is an bug in the modx snippet parser... Anyone care to reproduce? or maybe I have a botched install....
    Modx 0.9.6.1p2
    PHP 4.4.7 (shared host)


    Subd
    • Looks very much like Apache mod_security shenanigans, more info in the wiki here: http://wiki.modxcms.com/index.php/What_is_mod_security_and_how_does_it_affect_me
        Garry Nutting
        Senior Developer
        MODX, LLC

        Email: [email protected]
        Twitter: @garryn
        Web: modx.com
        • 28779
        • 25 Posts
        ah! that looks about right. So mod_security doesn’t like the string

        fgets($fh);

        fair enough. Well I’m glad I could get around it without having to include another file. Was pulling my hair out for a while...

        Thanks!
          • 7231
          • 4,205 Posts
          Another option is to insert the code directly via phpMyAdmin, that has worked for me in the past. Interesting to see that you were able to "fool" modsec by adding whitespace.
            [font=Verdana]Shane Sponagle | [wiki] Snippet Call Anatomy | MODx Developer Blog | [nettuts] Working With a Content Management Framework: MODx

            Something is happening here, but you don't know what it is.
            Do you, Mr. Jones? - [bob dylan]