|
PKP Bugzilla – Full Text Bug Listing |
| Summary: | Cross Site Attacks reported by Hosting Company - IP is blocked | ||
|---|---|---|---|
| Product: | OJS | Reporter: | Farrukh <farrukh.saleem> |
| Component: | Open Journal Systems | Assignee: | PKP Support <pkp-support> |
| Status: | RESOLVED INVALID | ||
| Severity: | blocker | CC: | alec |
| Priority: | P3 | ||
| Version: | To be determined | ||
| Hardware: | All | ||
| OS: | All | ||
| Version Reported In: | Also Affects: | ||
| Attachments: | Error reported by Hosting Company for OJS | ||
|
Description
Farrukh
2012-11-25 04:54:19 PST
Created attachment 3891 [details]
Error reported by Hosting Company for OJS
OJS 2.8.3 is installed on a hosting company. Every time a user registers itself, the IP is blocked by the hosting company. The attachment is showing exact error on the server.
Hosting company advised that the error in in /lib/pkp/js/jquery.cookie.js and developer should check it particularly.
Should upgrading to newer version resolve this issue?
Farrukh.
Correction ========== The installed version is 2.3.8 and not 2.8.3 The exact error is also reported on some earlier verion here: http://pkp.sfu.ca/support/forum/viewtopic.php?f=8&t=8188 I'm marking this invalid for two reasons: - It's not our code, i.e. the problem resides either in the third-party jquery.cookie.js or in the mod_security rules that target it (clearly the latter IMO) - The "correct" solution, per the discussion at <http://drupal.org/node/522646>, is to correct the broken mod_security rule or pester your ISP into doing the same. If you need to rename jquery.cookie.js while your ISP is reading your request for a rule correction (hint hint), you can do so by: 1) renaming lib/pkp/js/lib/jquery/plugins/jquery.cookie.js to e.g. jquery.c.js 2) editing templates/common/minifiedScripts.tpl and updating the same filename there to the new name. |