We are moving to Git Issues for bug tracking in future releases. During transition, content will be in both tools. If you'd like to file a new bug, please create an issue.

Bug 8040

Summary: Cross Site Attacks reported by Hosting Company - IP is blocked
Product: OJS Reporter: Farrukh <farrukh.saleem>
Component: Open Journal SystemsAssignee: PKP Support <pkp-support>
Severity: blocker CC: alec
Priority: P3    
Version: To be determined   
Hardware: All   
OS: All   
Version Reported In: Also Affects:
Attachments: Error reported by Hosting Company for OJS

Description Farrukh 2012-11-25 04:54:19 PST

Comment 1 Farrukh 2012-11-25 05:01:32 PST
Created attachment 3891 [details]
Error reported by Hosting Company for OJS

OJS 2.8.3 is installed on a hosting company. Every time a user registers itself, the IP is blocked by the hosting company. The attachment is showing exact error on the server.

Hosting company advised that the error in in /lib/pkp/js/jquery.cookie.js and developer should check it particularly.

Should upgrading to newer version resolve this issue?

Comment 2 Farrukh 2012-11-25 05:04:35 PST

The installed version is 2.3.8 and not 2.8.3
Comment 3 Farrukh 2012-11-25 05:23:03 PST
The exact error is also reported on some earlier verion here: http://pkp.sfu.ca/support/forum/viewtopic.php?f=8&t=8188
Comment 4 Alec Smecher 2012-11-26 09:45:26 PST
I'm marking this invalid for two reasons:
- It's not our code, i.e. the problem resides either in the third-party jquery.cookie.js or in the mod_security rules that target it (clearly the latter IMO)
- The "correct" solution, per the discussion at <http://drupal.org/node/522646>, is to correct the broken mod_security rule or pester your ISP into doing the same.

If you need to rename jquery.cookie.js while your ISP is reading your request for a rule correction (hint hint), you can do so by:
1) renaming lib/pkp/js/lib/jquery/plugins/jquery.cookie.js to e.g. jquery.c.js
2) editing templates/common/minifiedScripts.tpl and updating the same filename there to the new name.