We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

Can't save custom TV with certain string

    • 36436
    • 28 Posts
    webaff Reply #1, 12 years, 9 months ago
    Hi

    If I enter
    /about
    into the content field of my custom template variable (input type Rich Text or Textarea) and try to save, I get a blank page with the following error message:
    {"success":false,"message":"Access denied.","total":0,"data":[],"object":[]}
    I was able to save any other string so far.

    I tested on two different shared hosting environments and this bug only shows up on one of them. So I assume the bug is related to the server environment. On both hostings I use Revo 2.1.3-pl on LAMP, satisfying the MODX Revo requirements http://modx.com/revolution/developer/requirements/. And I can’t see any relevant differences in the PHP configuration.

    Any help is much appreciated,
    Werre
      http://webaff.ch
      • 36436
      • 28 Posts
      webaff Reply #2, 12 years, 8 months ago
      I still couldn't solve that one.
      - In which technical context "/about" is a forbidden/sensitive string?
      - What other strings could be affected?
      Thanks!
        http://webaff.ch
        • 33968
        • 863 Posts
        Lucas Reply #3, 12 years, 8 months ago
        Can't help with the issue itself - don't see any reason why that should be 'forbidden'. Could be something up with TinyMCE in combination with your server.

        However, what happens if you remove the '/' from the beginning of the string? Could you perhaps add that in the template instead, or as an output filter?
          • 36436
          • 28 Posts
          webaff Reply #4, 12 years, 8 months ago
          Thanks, Lucas, for motivating me to do some more testing.

          - '/about': does not work
          - '/ about': works
          - '/test' or any other tested string after a slash: works

          The error only occurs when entering the string via TinyMCE (plain text works).
          And it only occurs when using custom TVs (Resource Content works).
          I tried all 3 different entity encodings from the TinyMCE sytem settings.

          After all, its easy to bypass this problem, so I can live with it.
          But I can't insert an image out of a directory named 'about', for example.
            http://webaff.ch
          • opengeek Reply #5, 12 years, 8 months ago
            Do you have a physical folder on the server named about/ ? Or any .htaccess rules that might be intercepting the requests?
              Jason Coward
              Chief Architect @ MODX
              http://www.jasoncoward.com | http://twitter.com/drumshaman | https://github.com/opengeek
              • 36436
              • 28 Posts
              webaff Reply #6, 12 years, 8 months ago
              Quote from: opengeek at Aug 30, 2011, 12:18 AM
              Do you have a physical folder on the server named about/ ?
              Yes, I had the folder structure /assets/images/about/. I discovered the problem because I couldn't insert images out of that directory (via TinyMCE into custom TV). No problems with other directories, though.

              Quote from: opengeek at Aug 30, 2011, 12:18 AM
              Or any .htaccess rules that might be intercepting the requests?
              I have the basic .htaccess file from the MODX build, extended with suPHP_ConfigPath, the path to the php.ini file. Nothing critical IMO.

              Some testing on another installation on the same shared hosting shows:
              - Infinite saving loop instead of the error message.
              - '/abou' works
              - '/aboutx' does not work [ed. note: webaff.ch last edited this post 12 years, 8 months ago.]
                http://webaff.ch