Announcement

Collapse
No announcement yet.

Blank page when try to edit post

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Mark.B
    replied
    Originally posted by mojiba View Post

    It is, I narrowed down to 2 rules that were causing the problem:

    - OWASP_CRS/PROTOCOL_VIOLATION/EVASION-REQUEST_BODY
    - OWASP_CRS/WEB_ATTACK/XSS-2000000412_251

    I just did not understand why this started happening now after I updated vBulletin to version 4.2.5. Previously these same rules existed in Cloudflare and there was no such problem.
    No changes were made to the editor in 4.2.5. It is in any event a standard editor made by a third party (CKEditor).

    Leave a comment:


  • mojiba
    replied
    Originally posted by Mark.B View Post

    Your only option would be to disable the rules causing problems, if that's even possible.
    It is, I narrowed down to 2 rules that were causing the problem:

    - OWASP_CRS/PROTOCOL_VIOLATION/EVASION-REQUEST_BODY
    - OWASP_CRS/WEB_ATTACK/XSS-2000000412_251

    I just did not understand why this started happening now after I updated vBulletin to version 4.2.5. Previously these same rules existed in Cloudflare and there was no such problem.

    Leave a comment:


  • Mark.B
    replied
    Originally posted by mojiba View Post

    Hi Mike, you're right, I just catch a trigger in Cloudflare from my IP address while trying to edit a post with rich text.

    These are the rules that I broke on the Cloudflare firewall:

    OWASP_CRS/PROTOCOL_VIOLATION/EVASION-REQUEST_BODY
    OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION-ARGS:MESSAGE
    OWASP_CRS/WEB_ATTACK/XSS-2000000412_251
    OWASP_CRS/WEB_ATTACK/XSS-ARGS:MESSAGE
    OWASP_CRS/WEB_ATTACK/XSS-2000000408_182
    OWASP_CRS/WEB_ATTACK/XSS-2000000412_265
    OWASP_CRS/WEB_ATTACK/XSS-2000000412_265
    OWASP_CRS/PROTOCOL_VIOLATION/EVASION-REQUEST_BODY

    The edit post problem disappears if I disable the Web Application Firewall in Cloudflare, but I'm no comfortable in doing so. Is there anything I can do besides disabling these rules?

    Thanks.
    Your only option would be to disable the rules causing problems, if that's even possible.

    Leave a comment:


  • mojiba
    replied
    Originally posted by Mark.B View Post

    This is to do with trying to paste content from websites or other irch media into the editor. It isn't really designed to do that, and when you do it it will do its best to translate it into something that can be displayed. The results can be unpredictable however, and can also trigger server security software.

    If this causes issues, use the plain text editor for such things, then it will paste only the basic text.
    Hi Mike, you're right, I just catch a trigger in Cloudflare from my IP address while trying to edit a post with rich text.

    These are the rules that I broke on the Cloudflare firewall:

    OWASP_CRS/PROTOCOL_VIOLATION/EVASION-REQUEST_BODY
    OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION-ARGS:MESSAGE
    OWASP_CRS/WEB_ATTACK/XSS-2000000412_251
    OWASP_CRS/WEB_ATTACK/XSS-ARGS:MESSAGE
    OWASP_CRS/WEB_ATTACK/XSS-2000000408_182
    OWASP_CRS/WEB_ATTACK/XSS-2000000412_265
    OWASP_CRS/WEB_ATTACK/XSS-2000000412_265
    OWASP_CRS/PROTOCOL_VIOLATION/EVASION-REQUEST_BODY

    The edit post problem disappears if I disable the Web Application Firewall in Cloudflare, but I'm no comfortable in doing so. Is there anything I can do besides disabling these rules?

    Thanks.

    Leave a comment:


  • Mark.B
    replied
    Originally posted by mojiba View Post
    I don't believe that in my case is the character enconding issue, but something to do with rich text and the advanced editor.

    If I edit a message pasting a plain text (even with latin characters) and save it, there's no problem, but if I try to do it with rich text content (with URLs for example), then nothing happens.

    Thanks.
    This is to do with trying to paste content from websites or other irch media into the editor. It isn't really designed to do that, and when you do it it will do its best to translate it into something that can be displayed. The results can be unpredictable however, and can also trigger server security software.

    If this causes issues, use the plain text editor for such things, then it will paste only the basic text.

    Leave a comment:


  • mojiba
    replied
    I don't believe that in my case is the character enconding issue, but something to do with rich text and the advanced editor.

    If I edit a message pasting a plain text (even with latin characters) and save it, there's no problem, but if I try to do it with rich text content (with URLs for example), then nothing happens.

    Thanks.
    Last edited by mojiba; Sat 17 Nov '18, 1:15pm.

    Leave a comment:


  • bosss
    replied
    Thanks for reply

    Just checked - server use Serverns teckenuppsättning: UTF-8 Unicode (utf8) but in my admin cp on vbulletin 4 - language settings is english - ISO-8859-1

    regards

    bosss

    edit: coalitions - MyISAM latin1_swedish_ci

    Leave a comment:


  • Joe D.
    replied
    Originally posted by bosss View Post
    Still have same problem ...but not with all posts (only posts copied from another sources - like web pages and more) - and problem persist in both PHP 5.6 and now in PHP 7.1. 23

    regards

    bosss
    That's usually because a character being copied (like a fancy looking quote or apostrophe) isn't part of the character set being used in the database and causes an error. Can you check your database tables, are you using utf8 or latin1 coalitions?

    Leave a comment:


  • bosss
    replied
    Still have same problem ...but not with all posts (only posts copied from another sources - like web pages and more) - and problem persist in both PHP 5.6 and now in PHP 7.1. 23

    regards

    bosss

    Leave a comment:


  • Mark.B
    replied
    Originally posted by mojiba View Post

    Hi Scream And Fly,

    I'm with the same problem, could you share what rules do you added to Modsecure?

    Thanks.
    Rather than use what someone else did, you need to check your own logs and find out which rule is causing it.

    Leave a comment:


  • mojiba
    replied
    Originally posted by Scream And Fly View Post

    Thank you Mark. I’ve not changed anything but I will check with my hosting company on the server end. I really appreciate your reply.

    Edit: Issue resolved. It was a matter of adding whitelisting rules to ModSecure. That corrected the issue. Thanks again.
    Hi Scream And Fly,

    I'm with the same problem, could you share what rules do you added to Modsecure?

    Thanks.

    Leave a comment:


  • Scream And Fly
    replied
    Originally posted by Mark.B View Post

    If it used to work, but now doesn't, then something has changed on the server.

    First thing to look at is php version. What is the exact current version, and has it been changed recently?
    Thank you Mark. I’ve not changed anything but I will check with my hosting company on the server end. I really appreciate your reply.

    Edit: Issue resolved. It was a matter of adding whitelisting rules to ModSecure. That corrected the issue. Thanks again.
    Last edited by Scream And Fly; Wed 8 Aug '18, 10:38pm.

    Leave a comment:


  • Mark.B
    replied
    Originally posted by Scream And Fly View Post
    I'm sorry to bump an older post, but I'm having the same issue with VBulletin 4.2.5 and I am unable to resolve it. This just began happening and I have no idea why. I'd really appreciate any insight into this that could help.
    Thank you.
    If it used to work, but now doesn't, then something has changed on the server.

    First thing to look at is php version. What is the exact current version, and has it been changed recently?

    Leave a comment:


  • Scream And Fly
    replied
    I'm sorry to bump an older post, but I'm having the same issue with VBulletin 4.2.5 and I am unable to resolve it. This just began happening and I have no idea why. I'd really appreciate any insight into this that could help.
    Thank you.

    Leave a comment:


  • bosss
    replied
    Originally posted by Mark.B View Post
    The problem with copying and pasting content (effectively html) from other sites is that the editor isn't actually built to do that. It will make a best effort at converting stuff but it will often fail.

    WYSIWYG is designed so that you can compose a post and see how how it going to look 'on the fly'. It isn't intended for copying entire blocks of third party html. Depending on what's being copied, it may work or it may not, and as you've noted can break the css as well in extreme cases.
    Thanks for answer!
    Problem is only when i copy croatian or swidish letters - englis no problem.

    regards

    bosss

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X