PKP Bugzilla – Full Text Bug Listing
|Summary:||Cross Site Attacks reported by Hosting Company - IP is blocked|
|Component:||Open Journal Systems||Assignee:||PKP Support <pkp-support>|
|Version:||To be determined|
|Version Reported In:||Also Affects:|
|Attachments:||Error reported by Hosting Company for OJS|
Description Farrukh 2012-11-25 04:54:19 PST
Comment 1 Farrukh 2012-11-25 05:01:32 PST
Created attachment 3891 [details] Error reported by Hosting Company for OJS OJS 2.8.3 is installed on a hosting company. Every time a user registers itself, the IP is blocked by the hosting company. The attachment is showing exact error on the server. Hosting company advised that the error in in /lib/pkp/js/jquery.cookie.js and developer should check it particularly. Should upgrading to newer version resolve this issue? Farrukh.
Comment 2 Farrukh 2012-11-25 05:04:35 PST
Correction ========== The installed version is 2.3.8 and not 2.8.3
Comment 3 Farrukh 2012-11-25 05:23:03 PST
The exact error is also reported on some earlier verion here: http://pkp.sfu.ca/support/forum/viewtopic.php?f=8&t=8188
Comment 4 Alec Smecher 2012-11-26 09:45:26 PST
I'm marking this invalid for two reasons: - It's not our code, i.e. the problem resides either in the third-party jquery.cookie.js or in the mod_security rules that target it (clearly the latter IMO) - The "correct" solution, per the discussion at <http://drupal.org/node/522646>, is to correct the broken mod_security rule or pester your ISP into doing the same. If you need to rename jquery.cookie.js while your ISP is reading your request for a rule correction (hint hint), you can do so by: 1) renaming lib/pkp/js/lib/jquery/plugins/jquery.cookie.js to e.g. jquery.c.js 2) editing templates/common/minifiedScripts.tpl and updating the same filename there to the new name.