First Last Prev Next    This bug is not in your last search results.
Bug 8040 - Cross Site Attacks reported by Hosting Company - IP is blocked
: Cross Site Attacks reported by Hosting Company - IP is blocked
Status: RESOLVED INVALID
Product: OJS
Classification: Unclassified
Component: Open Journal Systems
: To be determined
: All All
: P3 blocker
Assigned To: PKP Support
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-11-25 04:54 PST by Farrukh
Modified: 2012-11-26 09:45 PST (History)
1 user (show)

See Also:
Version Reported In:
Also Affects:

Attachments
Error reported by Hosting Company for OJS (150.74 KB, image/jpeg)
2012-11-25 05:01 PST, Farrukh 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Farrukh 2012-11-25 04:54:19 PST 

    

  


      




        
          Comment 1
        

        Farrukh

        

        
        

        
          2012-11-25 05:01:32 PST
        
      





Created attachment 3891 [details]
Error reported by Hosting Company for OJS

OJS 2.8.3 is installed on a hosting company. Every time a user registers itself, the IP is blocked by the hosting company. The attachment is showing exact error on the server.

Hosting company advised that the error in in /lib/pkp/js/jquery.cookie.js and developer should check it particularly.

Should upgrading to newer version resolve this issue?

Farrukh.

    

  


      




        
          Comment 2
        

        Farrukh

        

        
        

        
          2012-11-25 05:04:35 PST
        
      





Correction
==========

The installed version is 2.3.8 and not 2.8.3

    

  


      




        
          Comment 3
        

        Farrukh

        

        
        

        
          2012-11-25 05:23:03 PST
        
      





The exact error is also reported on some earlier verion here: http://pkp.sfu.ca/support/forum/viewtopic.php?f=8&t=8188

    

  


      




        
          Comment 4
        

        Alec Smecher

        

        
        

        
          2012-11-26 09:45:26 PST
        
      





I'm marking this invalid for two reasons:
- It's not our code, i.e. the problem resides either in the third-party jquery.cookie.js or in the mod_security rules that target it (clearly the latter IMO)
- The "correct" solution, per the discussion at <http://drupal.org/node/522646>, is to correct the broken mod_security rule or pester your ISP into doing the same.

If you need to rename jquery.cookie.js while your ISP is reading your request for a rule correction (hint hint), you can do so by:
1) renaming lib/pkp/js/lib/jquery/plugins/jquery.cookie.js to e.g. jquery.c.js
2) editing templates/common/minifiedScripts.tpl and updating the same filename there to the new name.

    

  


  






  

        






        




  
  First
  Last
  Prev
  Next
    
  This bug is not in your last
    search results.