Closed deadpoint closed 2 months ago
Hi. I presume page 367 exists (Get-BsPage -Id 367
) and the image exists in that folder?
Do you have permissions to add images to the gallery and to edit that page?
Hi,
Yes the page exists, it was created with "New-BsPage -ChapterId 87 -Name "Circuit ID" -Html" and I have permissions to add images and edit that page.
Get-BsPage -Id 367
id : 367
book_id : 157
chapter_id : 87
name : Circuit ID
slug : circuit-id
html : ---
OK, can you run the command with -Verbose
at the end, not that it gives much extra, and let me have the output please.
What environment are you running BookStack under and what OS are you running the commands? My testing with a Docker BookStack and Linux are all working fine.
This is being caused by the ModSecurity on the webserver, specifically I think were "filename=utf-8''f8a9c74508974fa2a7aa8f5e34eac39e.png" is being set. Where or how is the filename=utf-8'' being set? filename is not present in any of the module files.
Message: Multipart parsing error: Multipart: Invalid Content-Disposition header (-11): form-data; name=image; filename=f8a9c74508974fa2a7aa8f5e34eac39e.png; filename*=utf-8''f8a9c74508974fa2a7aa8f5e34eac39e.png.
Message: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/apache2/conf.d/mod_security2.conf"] [line "124"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid Content-Disposition header (-11): form-data; name=image; filename=f8a9c74508974fa2a7aa8f5e34eac39e.png; filename*=utf-8''f8a9c74508974fa2a7aa8f5e34eac39e.png."] [severity "CRITICAL"]
BookStack Server:
I am seeing data "Multipart parsing error: Multipart: Invalid Content-Disposition header
in the error message and I am not specifically setting any header information in the code, except for "Authorization" and "X-HTTP-Method-Override" if required. Do I need to set a specific header?
This is this document that may help you, but it means nothing to me - https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-%28v3.x%29#user-content-REQBODY_ERROR
I am not sure this is a "me" problem?? I don't know enough about modsecurity to help.
Did you manage to get this fixed? If so, can you share the details?
Hi,
I wasn't able to figure out how to exclude this in ModSecurity so I just disabled it when importing the images. I'll close the issue given that it's not the poweshell module where the issue resides. Thanks!
When using New-BsImageGallery to upload an image it is failing with the following error. I have the current version of psBookStack loaded, and the site is BookStack v24.05.1.
`New-BsImageGallery -Type gallery -PageId 367 -Image 'C:\apps\f8a9c74508974fa2a7aa8f5e34eac39e.png' Invoke-BookStackMultiPart : StatusCode: 400, ReasonPhrase: 'Bad Request', Version: 1.1, Content: System.Net.Http.StreamContent, Headers: { Vary: accept-language Vary: accept-charset Connection: close Accept-Ranges: bytes Date: Thu, 08 Aug 2024 17:18:37 GMT Server: Apache Content-Language: en Content-Type: text/html; charset=utf-8 } At line:77 char:17