News:

Looking for documentation? Take a look on our wiki

Main Menu

1.9.8G can't save anything in VM back-end

Started by Venkko, September 19, 2011, 22:45:34 PM

Previous topic - Next topic

Milbo

Quote from: constantined on October 09, 2011, 09:27:17 AM
Turned off the native Mootools (see the post by AmyStephen on http://forum.joomla.org/viewtopic.php?p=1993832 for method)

This can be bad in j1.7. The save buttons are provided by joomla and run afaik still with mootools
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

constantined

#46
Milbo, in my j1.7 mootools works fine.
meinekatze, what message you get from VM when add category? Try to change "Display #" value at "Products"->"Product Categories"

upd: Hoster added ".cookie." word to url filter. It's blow my mind.

meinekatze

in products i get no currency defined errors.
however, it doesnt save my settings when i try to add them.

maybe it helps you to take a look.
i've sent login to test account.

thank you

meinekatze

#48
twimc

constantined dug into the case and found the error and a fix.

theres a ".cookie." word filter running.
atm i'm trying to figure out if this is hoster sided.

constantineds fix:
rename jquery.cookie.js to jquery.coookie.js
/administrator/components/com_virtuemart/helpers/adminui.php line 48
replace jquery.cookie.js with jquery.coookie.js

thanks again for anyones efforts.
cheers

SteveBab

I'm confused --- rename the file to the same name?


aboutimage

I can confirm, constantined's cookie fix actually works:

Quoteconstantined dug into the case and found the error and a fix.

theres a ".cookie." word filter running.
atm i'm trying to figure out if this is hoster sided.

constantineds fix:
rename jquery.cookie.js to jquery.coookie.js
/administrator/components/com_virtuemart/helpers/adminui.php line 48
replace jquery.cookie.js with jquery.coookie.js

Thanks VERY much, and I think this particular issue needs to be looked at by the VM folks. Many, many hours of frustration came before this fix, and I would have never guessed it. Constantined, how the heck did you figure this out!!!!????
Dave Simpson
Aboutimage Professional Web Services

800     (800) 833-4204
email   sales@aboutimage.com
web    https://www.aboutimage.com

Aboutimage is a Small Business (SB), Disabled Veteran Business Enterprise (DVBE), with over 30 years of information systems management (IT), web development, shared and dedicated hosting services, and business consulting.

constantined


aboutimage

#53
I have a follow-up on this, as I believe I may have found the actual source of the problem: mod_security

Logged into my server in SSH: cat /usr/local/apache/logs/error_log |grep cookie.js gives me a LOT of the following error:

[Sun Oct 09 11:06:29 2011] [error] [client 59.69.79.189] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\\\b(?:(?:type\\\\b\\\\W*?\\\\b(?:text\\\\b\\\\W*?\\\\b(?:j(?:ava)?|ecma|vb)|application\\\\b\\\\W*?\\\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\\\b.{0,100}?\\\\bsrc)\\\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)| ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "www.my-website.com"] [uri "/administrator/components/com_virtuemart/assets/js/jquery.cookie.js"] [unique_id "TpG4dbitTqYACpDqW0cAAAAB"]

So, if you're running your own servers (as I am), you can either rename the files (good temporary solution) or disable your security (not gonna happen). Maybe as a long-term solution, VM can incorporate a code change to make their cookie.js file not look like an XSS attack to mod_security!
Dave Simpson
Aboutimage Professional Web Services

800     (800) 833-4204
email   sales@aboutimage.com
web    https://www.aboutimage.com

Aboutimage is a Small Business (SB), Disabled Veteran Business Enterprise (DVBE), with over 30 years of information systems management (IT), web development, shared and dedicated hosting services, and business consulting.

Milbo

Thank you constantined and aboutimage for your research and explanations. So the problem is a filter for the word cookie? LOL and instead you can just use coookie? wow what a nonsense security. It will not prevent any hacker, but makes a lot work for people like us.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Studio 42

Quoteconstantined dug into the case and found the error and a fix.

theres a ".cookie." word filter running.
atm i'm trying to figure out if this is hoster sided.

constantineds fix:
rename jquery.cookie.js to jquery.coookie.js
/administrator/components/com_virtuemart/helpers/adminui.php line 48
replace jquery.cookie.js with jquery.coookie.js

Your solution is now in the code

SteveBab


jean2013

Quote from: jean2013 on February 16, 2012, 14:13:02 PM
Hello everybody :)
I would like to disable the SSL redirection when trying to checkout .
I tried to do this through :
       $mainframe = JFactory::getApplication();

       $mainframe->redirect(JRoute::_('index.php?option=com_virtuemart&view=cart&task=editshipment',$this->useXHTML,$this->useSSL), $_retVal);

break;

    }

}



if ($cart->getInCheckOut()) {

    $mainframe = JFactory::getApplication();

    $mainframe->redirect('index.php?option=com_virtuemart&view=cart&task=checkout');

}

    }


But no, results. Please help me and thank's a lot

matthewod01

I am having sort of the same issue.  I can create a product, add all information and save it but my product category does not save.  I can save from other select options like shopper group and manufacturer but can't save the category, which is pretty important.

I looking for a solution but if anyone has any suggestions, I will take them!

Thanks