-
- 572 Posts
Hi Webaff,
Thanks very much...removing database_truncate fixes the issue.
All i need to do now is find out why the package management doesn't work and i'll be able to run revo successfully on my web server:-)
www.9thwave.co.uk
WEB | DESIGN | PRINT
This sounds like an issue being caused by mod_security filtering on your server. In all likelihood, it is seeing the word "truncate" and not allowing the POST to ever make it to the server to save the changes.
-
- 572 Posts
so whatever mod_security is being triggered could be turned off, is that correct?
www.9thwave.co.uk
WEB | DESIGN | PRINT
Some hosts allow the filtering to be configured (or turned off) via .htaccess rules, some don't. It really depends on your hosting environment on whether you can modify this.
-
- 28 Posts
Thanks, opengeek, for clearing that up.
I'll contact my hosting provider for that purpose.
But what is 'database_truncate' for anyway?
Where is this permission needed?
Is it a bad idea to let it deactivated?
Truncating a database table means to empty it of all it's records. This is a pretty dangerous SQL command to allow in a web application and is likely why they have a filter for any POST values with this string in it. However, it is used to let MODX administrators empty certain log tables that can become bloated over time, or to flush all session records in the database. It is not critical to typical workflow in MODX, but you might miss it if you need to empty the manager log table or reset everyone's session.
-
- 91 Posts
Didn't see this 13 months ago. In all that time I could not save an updated duplicate access policy. Could not even rename a duplicated access policy in Modx Revolution. Tried again today and got a new form of weirdness when trying just to rename a duplicate access policy in MODX Revolution 2.2.4-pl traditional - after clicking "Save" the "Save Successful" doesn't show (hasn't shown for the past 13 months) and suddenly styling from the main website starts making a mess of the manager and whatever I click takes me out of the manager to the front end of the website.
The solution (as mentioned above): Go to Security -> Access Controls -> Policy Templates, then right-click database_truncate and delete it, then save.
Feels a bit scary, but it does the trick. All weirdness disappears and you can update duplicated access policies normally henceforth.
A massive thanks to 9thwave, webaff and opengeek for finding the solution.