CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

[SOLVED] Problems creating UDT

https://forum.cmsmadesimple.org/viewtopic.php?t=32940

Page 1 of 1

[SOLVED] Problems creating UDT

Posted: Sat Apr 11, 2009 10:27 pm
by dmgd
I found UDT code on this site to create a category list for uploads (code below) 

I get errors similar to this when trying to create UDTs and add templates or update user preferences. 

I get this entery in my error log
[Sat Apr 11 22:04:33 2009] [error] [client xxx.xxx.xxx] ModSecurity: Warning. Pattern match "(?:\\\\b(?:(?:s(?:elect\\\\b(?:.{1,100}?\\\\b(?:(?:length|count|top)\\\\b.{1,100}?\\\\bfrom|from\\\\b.{1,100}?\\\\bwhere)|.*?\\\\b(?:d(?:ump\\\\b.*\\\\bfrom|ata_type)|(?:to_(?:numbe|cha)|inst)r))|p_(?:(?:addextendedpro|sqlexe)c|(?:oacreat|prepar)e|execute(?:sql)?|makewebt ..." at ARGS:code. [id "950001"] [msg "SQL Injection Attack. Matched signature "] [severity "CRITICAL"] [hostname "MYSITE.org"] [uri "/admin/edituserplugin.php?_s_=67e6d404&userplugin_id=41"] [unique_id "SeFaQUMPZxEAACQsIxQAAAAQ"]


[Sat Apr 11 22:04:33 2009] [error] [client xxx.xxx.xxx] ModSecurity: Access denied with code 501 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}? ..." at ARGS:code. [id "950006"] [msg "System Command Injection. Matched signature "] [severity "CRITICAL"] [hostname "MYSITE.org"] [uri "/admin/edituserplugin.php?_s_=67e6d404&userplugin_id=41"] [unique_id "SeFaQUMPZxEAACQsIxQAAAAQ"]
I can create a simple UDT

Code: Select all

echo 'it works';
CMSMS 1.5.3
Apache 2.x
php 5.x
MySql 5.x


http://forum.cmsmadesimple.org/index.php/topic,5775.0.html
westis code

Code: Select all

$html="";


$categories = array(
1 => array(
   'catid' => 1,
   'categoryname' => "Name of category 1"
),
2 => array(
   'catid' => 2,
   'categoryname' => "Name of category 2"
),
3 => array(
   'catid' => 3,
   'categoryname' => "Name of category 3"
),
4 => array(
   'catid' => 4,
   'categoryname' => "Name of category 4"
)
);



//post handler
$catid = '';
if($_SERVER['REQUEST_METHOD']=='POST') {
if (preg_match("/[0-9]*/" , $_POST['category_id']))
  $catid = $_POST['category_id'];
  $category=$categories[$catid]['categoryname'];
}

//form
$html .= '<form method="post">'."\n";
$html .= '<select name="category_id">'."\n";
foreach($categories as $one) {
$html .= '<option value="'. $one['catid'] .'" ';
if ($catid == $one['catid'])
$html .= 'selected';
$html .= '>'. $one['categoryname'] .'</option>'."\n";
};
$html .= '</select>'."\n";
$html .= '<input type="submit" value="Select a category" />'."\n";
$html .= '</form>'."\n";
//end form

if($catid) {
echo $html;
//Uploads module tag
global $gCms;
$mid = 'm' . ++$gCms->variables["modulenum"];
$returnid = '';
if (isset($gCms->variables['pageinfo']))
{
  $returnid = $gCms->variables['pageinfo']->content_id;
}
print_r( $parms );
$uploads = $gCms->modules['Uploads']['object'];
$parms = array();
$parms['category'] = $category;
$parms['mode'] = summary;
$parms['sortorder'] = date_desc;
$parms['summary_filetemplate'] = 'videos.tpl';
$parms['detail_filetemplate'] = 'showvideo.tpl';
$html .= $uploads->DoAction( 'default', $mid, $parms, $returnid ); 
//end Uploads module tag
} else {
//help
$html .= '<h4>Select a category</h4>';
echo $html;
}

Re: Problems creating UDT

Posted: Sun Apr 12, 2009 9:41 am
by musicscore
That because some module installed on the Apache server blocks some commands.

Try this,

In the .htaccess file in the root of your website add

SecFilterEngine Off
SecFilterScanPOST Off

After adding this you disable that security module on the Apache server.

Musicscore

Re: Problems creating UDT

Posted: Sun Apr 12, 2009 1:09 pm
by dmgd
That sounds a little scary.
I tried it anyway and front end gets a 501 error.

Error log:
MYSITE.COM/.htaccess: Invalid command 'SecFilterEngine',
MYSITE.COM/.htaccess: Invalid command 'SecFilterEngine',


Thanks

Re: Problems creating UDT

Posted: Sun Apr 12, 2009 1:26 pm
by musicscore
This is how the .htaccess should look like.

Code: Select all

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName mysite.com
AuthUserFile /var/www/vhosts/mysite.com/httpdocs/_vti_pvt/service.pwd   (depending on hoster)
AuthGroupFile /var/www/vhosts/mysite.com/httpdocs/_vti_pvt/service.grp (depending on hoster)
SecFilterEngine Off
SecFilterScanPOST Off
That should solve the problem with the 500 error.
The 501 error ??? Is there a Typo.

Musicscore

[SOLVED] [Re: Problems creating UDT

Posted: Sun Apr 12, 2009 2:02 pm
by dmgd
Sorry that was a typo 500.

Anyway this is a host issue.  I have to many issues with this host and this is just one more.  It time to move 15+ sites to a new host.

Thanks for all your help.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited