Pretty URL causing 403?

[CMSmonkey]

Hi Everyone,
I just upgraded an e-commerce site that utilizes Products/Orders/Cart to CMSMS 1.11.5 and the latest modules. The site is also configured to use pretty URLs.

After the upgrade, all of the pages seem to be working well with the exception of the cart. When I test an order, upon hitting "Add to Cart", I get a 403 Forbidden. I also get it if I try to view the Cart page directly. If I try to access the page using index.php?page=cart, I can see it.

Does anyone have any suggestions to resolve this issue?

Here's my sysinfo:

Cms Version: 1.11.5

Installed Modules:

CMSMailer: 5.2.1
CMSPrinting: 1.0.4
FileManager: 1.4.3
MenuManager: 1.8.5
MicroTiny: 1.2.5
ModuleManager: 1.5.5
News: 2.12.12
Search: 1.7.8
ThemeManager: 1.1.8
CGExtensions: 1.32.4
CGEcommerceBase: 1.3.11
CGSimpleSmarty: 1.6.1
Products: 2.18.4
AuthNetAim: 1.4
CGPaymentGatewayBase: 1.1
FrontEndUsers: 1.21.10
SelfRegistration: 1.7.4
Orders: 1.13.3
JQueryTools: 1.2.5
Cart: 1.8.4
CustomContent: 1.8.3
FRShipping: 1.2.3
AuthNetSim: 1.0
NMSTrack: 1.0
Showtime: 3.3
Album: 1.10-beta2
Uploads: 1.14.4
FormBuilder: 0.7.3
FormBrowser: 0.4.2
Promotions: 1.0.16
CGMyOrders: 1.0
Printing: 1.1.2
NMS: 2.4.3
SEOTools2: 1.0.9
PerItemShipping: 1.1.2
Captcha: 0.4.5
FEU_Auth_Basic: 1.0
Statistics: 1.1.3
CGJobMgr: 1.2.8


Config Information:

php_memory_limit: 80M
process_whole_template:
output_compression:
max_upload_size: 20000000
url_rewriting: mod_rewrite
page_extension:
query_var: page
image_manipulation_prog: GD
auto_alias_content: true
locale:
default_encoding: utf-8
admin_encoding: utf-8
set_names: true


Php Information:

phpversion: 5.3.13
md5_function: On (True)
gd_version: 2
tempnam_function: On (True)
magic_quotes_runtime: Off (False)
E_STRICT: 0
E_DEPRECATED: 0
memory_limit: 80M
max_execution_time: 120
output_buffering: On
safe_mode: Off (False)
file_uploads: On (True)
post_max_size: 20M
upload_max_filesize: 20M
session_save_path: /myserver/htdocs/cgi-bin/tmp (0775)
session_use_cookies: On (True)
xml_function: On (True)
xmlreader_class: On (True)


Server Information:

Server Api: cgi-fcgi
Server Db Type: MySQL (mysql)
Server Db Version: 5.0.91
Server Db Grants: Found a "GRANT ALL" statement that appears to be suitable

--------------------

Here is my htaccess:

# Attempt to override some php settings, these settings may be helpful on some hosts if your
# default configuration does not meet CMS's minimum requirements, and your host
# has given your account appropriate permissions
#php_value upload_max_filesize "80M"
#php_value session_save_path "tmp/cache"

#php_flag magic_quotes_gpc Off
#php_flag register_globals Off
#php_flag session.use_trans_sid Off

# (this is important, so uncomment if your host permit)
#Options -Indexes
#ServerSignature Off

#Options +FollowSymLinks

# To prevent E_STRICT problems with PHP 5.3+ you can uncomment the following lines
# Note: These settings should only be enabled for production sites!
#php_flag display_startup_errors 0
#php_flag display_errors 0
#php_flag html_errors 0
#php_value docref_root 0
#php_value docref_ext 0

<IfModule mod_rewrite.c>
RewriteEngine on
#
#Sub-dir e.g: /cmsms
RewriteBase /sg/sg

# 301 Redirect all requests that don't contain a dot or trailing slash to
# include a trailing slash
# but ignore POST requests.
RewriteCond %{REQUEST_URI} !/$
RewriteCond %{REQUEST_URI} !\.
RewriteCond %{REQUEST_METHOD} !POST$
RewriteRule ^(.*) %{REQUEST_URI}/ [R=301,L]

# Rewrites urls in the form of /parent/child/
# but only rewrites if the requested URL is not a file or directory
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?page=$1 [QSA]
</IfModule>

<IfModule mod_header.c>
# Disable ETags
Header unset ETag
FileEtag None
</IfModule>

<IfModule mod_deflate.c>
# Compress css, plaintext, xml, gif, and images in transport.
AddOutputFilterByType DEFLATE text/css text/plain text/xml image/gif image/jpeg image/png
</IfModule>

<IfModule mod_expires.c>
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
# Set expires tags on various files... so that the browser wont attempt to reload them.
ExpiresActive On
ExpiresDefault "access plus 1 year"
<IfModule mod_header.c>
# Setting cache control to public allows proxy servers to cache the items too.
Header set Cache-Control "public"
</IfModule>
</FilesMatch>
</IfModule>

[calguy1000]

Tell your host to disable mod_security for your sites.

[CMSmonkey]

Hi Calguy,
Thanks for the prompt response.

Would adding to the htaccess:

Code: Select all

<IfModule mod_security.c>
   SecFilterEngine Off
   SecFilterScanPOST Off
</IfModule>

resolve the issue?

[calguy1000]

You can try it... but some hosts don't allow overriding that stuff.

[calguy1000]

holy shit... somebody actually uses FEU_Auth_BASIC?

[CMSmonkey]

holy shit... somebody actually uses FEU_Auth_BASIC?

Yes.... well, I wouldn't say "uses" - rather "attempting to use"... The e-comm site didn't pass PCI compliance, and one of the failed scans was for auth_basic. So I uploaded the module but haven't worked with it yet.

You can try it... but some hosts don't allow overriding that stuff.

Adding the code to htaccess didn't work. I contacted the host and they disabled mod_security, but I am still running into a 403 error. Any other suggestions?

Also, I've tried to just utilize the index.php?page=cart page to continue testing checkout. When I get to the checkout page there is no CSS and where the {Orders} tag is, it is blank.

According to the CGI error log, I get

Code: Select all

1: no version information available (required by /opt/users/myserver/php/php) 
/opt/users/myserver/php/php: /usr/lib/libxslt.s 

I just moved to PHP 5.3 with this upgrade (specifically from 5.2.17 to 5.3.13) since your modules required it. Do you know how I can resolve this issue?

[calguy1000]

Also, I've tried to just utilize the index.php?page=cart page to continue testing checkout. When I get to the checkout page there is no CSS and where the {Orders} tag is, it is blank.

Means that there is an error somewhere... try looking at your logs, enabling debug mode, or turning on error reporting in the .htaccess

PHP is very good at reporting errors. Unfortunately most production sites have error reporting turned off (some even have it turned off by default)... it should be turned on when diagnosing problems. We can't really help much till we get an error message and a reliable way of reproducing it.

[CMSmonkey]

Yes, I was actually debugging at the moment. Here is what I got on the checkout page:

Code: Select all

Debug: (4.000000000004E-5) - (usage: 1017196) - (peak: 1023620) 
done loading required files
Debug: (0.130399) - (usage: 1018168) - (peak: 1062112) 
loading adodb
Debug: (0.142526) - (usage: 1095348) - (peak: 1125024) 
loading page functions
Debug: (0.150373) - (usage: 1224336) - (peak: 1287360) 
loading content functions
Debug: (0.390437) - (usage: 1232748) - (peak: 1287360) 
loading translation functions
Debug: (0.395296) - (usage: 1243188) - (peak: 1287360) 
loading php4 entity decode functions
Debug: (0.402854) - (usage: 1445632) - (peak: 1592208) 
done loading files
Debug: (0.402913) - (usage: 1445900) - (peak: 1592208) 
Initialize Database
Debug: (0.45485) - (usage: 2020972) - (peak: 2028200) 
(mysql): SET NAMES 'utf8' 
Debug: (0.454922) - (usage: 2020620) - (peak: 2069208) 
Done Initializing Database
Debug: (0.454972) - (usage: 2020804) - (peak: 2069244) 
Initialize Smarty
Debug: (0.75671) - (usage: 3061068) - (peak: 3064212) 
Loading /myserver/lib/classes/class.Smarty_CMS.php = 1039096 bytes for an approximate total of 1039096
Debug: (0.768847) - (usage: 3121848) - (peak: 3125904) 
Loading /myserver/lib/classes/class.CMSModuleDbTemplateResource.php = 51448 bytes for an approximate total of 1090544
Debug: (0.774242) - (usage: 3152532) - (peak: 3166388) 
Loading /myserver/lib/classes/class.CMSPageTemplateResource.php = 29704 bytes for an approximate total of 1120248
Debug: (0.780343) - (usage: 3192980) - (peak: 3204324) 
Loading /myserver/lib/classes/class.usertagoperations.inc.php = 39660 bytes for an approximate total of 1159908
Debug: (0.785516) - (usage: 3193132) - (peak: 3238008) 
(mysql): SELECT * FROM cms_userplugins ORDER BY userplugin_name 
Debug: (0.791275) - (usage: 3237688) - (peak: 3249516) 
Loading /myserver/lib/classes/class.cms_siteprefs.php = 18352 bytes for an approximate total of 1178260
Debug: (0.80011) - (usage: 3237740) - (peak: 3283328) 
(mysql): SELECT sitepref_name,sitepref_value FROM cms_siteprefs 
Debug: (0.808131) - (usage: 3455024) - (peak: 3591592) 
Loading /myserver/lib/classes/class.CMSContentTemplateResource.php = 17492 bytes for an approximate total of 1195752
Debug: (0.816274) - (usage: 3467444) - (peak: 3615884) 
Loading /myserver/lib/classes/class.CMSGlobalContentTemplateResource.php = 11908 bytes for an approximate total of 1207660
Debug: (0.825822) - (usage: 3470036) - (peak: 3626168) 
Done Initialiing Smarty
Debug display of 'Loading Modules':(0.825912) - (usage: 3470348) - (peak: 3638336) 
Debug: (0.834408) - (usage: 3684308) - (peak: 3810852) 
Loading /myserver/lib/classes/class.moduleoperations.inc.php = 213076 bytes for an approximate total of 1420736
Debug: (0.836487) - (usage: 3684892) - (peak: 3843660) 
(mysql): SELECT * FROM cms_modules ORDER BY module_name 
Debug: (1.212651) - (usage: 3721084) - (peak: 3843996) 
loading module Album
Debug: (1.226411) - (usage: 4318260) - (peak: 4410500) 
Loading /myserver/lib/classes/class.CMSModule.php = 398044 bytes for an approximate total of 1818780
Debug: (1.235679) - (usage: 4391496) - (peak: 4472332) 
Loading /myserver/lib/classes/class.CmsRoute.php = 28092 bytes for an approximate total of 1846872
Debug: (1.243913) - (usage: 4443688) - (peak: 4526604) 
Loading /myserver/lib/classes/class.cms_route_manager.php = 51348 bytes for an approximate total of 1898220
Debug: (1.258136) - (usage: 4531272) - (peak: 4652900) 
Loading /myserver/lib/classes/class.CmsLangOperations.php = 43244 bytes for an approximate total of 1941464
Debug: (1.258361) - (usage: 4530016) - (peak: 4652900) 
loading module AuthNetAim
Debug: (1.285049) - (usage: 5232924) - (peak: 5262532) 
Loading /myserver/lib/classes/class.CmsNlsOperations.php = 59372 bytes for an approximate total of 2000836
Debug: (1.304243) - (usage: 5264912) - (peak: 5299620) 
Loading /myserver/lib/classes/class.CmsNls.php = 27996 bytes for an approximate total of 2028832
Debug: (1.336594) - (usage: 5372680) - (peak: 5394024) 
loading module CGEcommerceBase
Debug: (1.346306) - (usage: 5486188) - (peak: 5512856) 
loading module AuthNetSim
Debug: (1.350502) - (usage: 5626888) - (peak: 5638640) 
loading module Cart
Debug: (1.359744) - (usage: 5794916) - (peak: 5809732) 
loading module Products
Debug: (1.380129) - (usage: 6297284) - (peak: 6335016) 
Loading /myserver/lib/classes/class.contentoperations.inc.php = 168084 bytes for an approximate total of 2196916
Debug: (1.382523) - (usage: 6316688) - (peak: 6371572) 
loading module CGSimpleSmarty
Debug: (1.403469) - (usage: 6481636) - (peak: 6517112) 
loading module JQueryTools
Debug: (1.408583) - (usage: 6555388) - (peak: 6587212) 
loading module CGJobMgr
Debug: (1.418055) - (usage: 6638180) - (peak: 6664788) 
loading module CGMyOrders
Debug: (1.665914) - (usage: 6741400) - (peak: 6771744) 
loading module Orders
Debug: (1.686673) - (usage: 6948796) - (peak: 7050788) 
loading module FrontEndUsers
Debug: (1.708588) - (usage: 7564336) - (peak: 7636256) 
Loading /myserver/lib/classes/class.module_meta.php = 31376 bytes for an approximate total of 2228292
Debug: (1.719644) - (usage: 7602824) - (peak: 7667800) 
Loading /myserver/lib/classes/class.cms_utils.php = 34344 bytes for an approximate total of 2262636
Debug: (1.726334) - (usage: 7693668) - (peak: 7826784) 
loading module CMSMailer
Debug: (1.731209) - (usage: 7852472) - (peak: 7921800) 
loading module CMSPrinting
Debug: (1.736662) - (usage: 7946976) - (peak: 7999952) 
loading module CustomContent
Debug: (1.744142) - (usage: 8076836) - (peak: 8125904) 
loading module FormBrowser
Debug: (1.759633) - (usage: 8621976) - (peak: 8828112) 
loading module FormBuilder
Debug: (1.785789) - (usage: 9905324) - (peak: 9983808) 
loading module FRShipping
Debug: (1.790694) - (usage: 9986228) - (peak: 10051468) 
loading module MenuManager
Debug: (1.794898) - (usage: 10121384) - (peak: 10197392) 
loading module NMS
Debug: (1.824778) - (usage: 10516712) - (peak: 10620348) 
loading module NMSTrack
Debug: (1.829132) - (usage: 10600456) - (peak: 10655568) 
loading module Printing
Debug: (1.838387) - (usage: 10711028) - (peak: 10768560) 
loading module Promotions
Debug: (2.084456) - (usage: 10868220) - (peak: 10935888) 
loading module SelfRegistration
Debug: (2.099528) - (usage: 11199860) - (peak: 11250044) 
loading module Showtime
Debug: (2.10339) - (usage: 11278508) - (peak: 11314196) 
loading module Statistics
Debug: (2.126183) - (usage: 12030392) - (peak: 12334128) 
loading module Uploads
Debug display of 'End of Loading Modules':(2.159543) - (usage: 12425648) - (peak: 12497260) 
Debug: (2.164052) - (usage: 12452128) - (peak: 12518984) 
Loading /myserver/lib/classes/class.CmsRegularTaskHandler.php = 25668 bytes for an approximate total of 2288304
Debug: (2.169667) - (usage: 12476740) - (peak: 12543652) 
Loading /myserver/lib/classes/class.cms_content_cache.php = 26800 bytes for an approximate total of 2315104
Debug: (2.171261) - (usage: 12477912) - (peak: 12570692) 
(mysql): SELECT * FROM cms_content WHERE content_id = 26 AND active = 1 LIMIT  1 
Debug: (2.184282) - (usage: 12933396) - (peak: 13004796) 
Loading /myserver/lib/classes/class.ContentBase.php = 347172 bytes for an approximate total of 2662276
Debug: (2.184445) - (usage: 12962720) - (peak: 13006248) 
Loading /myserver/lib/classes/contenttypes/Content.inc.php = 482132 bytes for an approximate total of 3144408
Debug: (2.186259) - (usage: 12976812) - (peak: 13035288) 
(mysql): SELECT * FROM cms_content_props WHERE content_id = '26'