ExtendedImageManage bug in xinha 0.96beta2 (Trac #1506)

[sleemanj]

Recently I built a cms using xinha as text editor plugin. on my localhost it worked well but when I uploaded it to my web host with mod_security on. it gave me a 406 error whenever I tried to load the extendedimagemanager plugin by clicking the icon on the xinha toolbar.

here is the code from the server logs mod_security

[error] ModSecurity: Access denied with code 406 (phase 2). Pattern match "\\.\\./\\.\\./" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "66"] [id "300004"] [rev "2"] [msg "Generic Path Recursion denied"] [severity "CRITICAL"] [hostname "www.******.org"] [uri "/en//xinha/plugins/ExtendedFileManager/backend.php"] [unique_id "G41rh88tt@oAAGAl0goAAACv"]
[Fri Mar 05 12:33:04 2010] [error] [client 41.205.15.51] File does not exist: /home/******/public_html/406.shtml, referer: http://www.********.org/en/admin_articles/editNews/10

this is the actual rule in mod_rewrite the caught it

SecRule REQUEST_URI "!(alt_mod_frameset\.php)" "chain,id:300004,rev:2,severity:2,msg:'Generic Path Recursion denied'"

Reported by guest, migrated from http://trac.xinha.org/ticket/1506

[sleemanj]

• @sleemanj commented:

This is most likely a configuration issue. Look at your images_dir, images_url, base_dir etc...

• @sleemanj changed resolution to worksforme
• @sleemanj changed status from new to closed

[sleemanj]

• guest commented:

How do you explain the fact that, when mod_security is on it shows 406 and when mod_security is turned off, it works ?? thats what is happening on my server.

• guest changed resolution from worksforme to ``
• guest changed status from closed to reopened

[sleemanj]

• @sleemanj commented:

Well that shows it is not a bug in ExtendedFileManager then. Your configuration triggers mod_security but is otherwise a workable configuration, tip: look at the rule that is being triggered.

I use mod_security myself.

Can not assist further here, post in the forum your configuration for ExtendedFileManager if you desire further assistance.

Also, ensure you are using the latest trunk.

• @sleemanj changed resolution to worksforme
• @sleemanj changed status from reopened to closed