X3Photo Gallery Forums

hpdorn · 19 Sep 2023, 10:38

Saving the settings of X3 (version 3.32 and 3.31) causes an error on my hosting system (textStatus: error).

It seems that the error comes from the settings of my hoster, so I already contacted him.

But may be someone knows about the problem and can give an advice.

Here the Apache protocol:

[client 37.138.199.166] ModSecurity:
[file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/10_asl_rules.conf"]
[line "225"]
[id "344367"]
[rev "2"]
[msg "Atomicorp.com WAF Rules: SQL Injection Attack"]
[data "Matched Data: local( found within ARGS:settings: {\\x22style\\x22:{\\x22layout\\x22:{\\x22layout\\x22:\\x22sidebar\\x22,\\x22fixed\\x22:\\x22topbar-fixed-up\\x22,\\x22wide\\x22:true,\\x22overlay\\x22:true},\\x22skin\\x22:{\\x22skin\\x22:\\x22organic\\x22,\\x22primary_color\\x22:\\x22goldenrod\\x22,\\x22clear\\x22:\\x22filled\\x22},\\x22font\\x22:{\\x22font\\x22:\\x22lato:400,400italic,700,700italic|subheader:italic|topbar:uppercase,large|sidebar:uppercase,small|footer:italic|styled:italic\\x22},\\x22logo\\x22:{\\x22enabled\\x22:true,\\x22title\\..."]
[tag "SQLi"] Access denied with code 403 (phase 2). Pattern match "(?i)\\\\b(?:c(?:o(?:n(?:v(?:ert(?:_tz)?)?|cat(?:_ws)?|nection_id)|(?:mpres)?s|ercibility|(?:un)?t|llation|alesce)|ur(?:rent_(?:time(?:stamp)?|date|user)|(?:dat|tim)e)|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|ast|r32)|s(?:u(?:b(?:str(?:ing(?:_index ..." at ARGS
[hostname "hapede.de"]
[uri "/sites/x3old/panel/x3_settings.php"]
[unique_id "ZQmVhM436RfUD6twJfvnxAAAAI0"], referer: https://hapede.de/sites/x3old/panel/

19 Sep 2023, 23:21

This is normally caused by server firewall blocking POST requests to server, and I can see from your output that this is exactly the case. You shouldn't really be running mod security inside the /panel/ dir ... Why? Because this is already login-only area, and these scripts therefore need to be able to POST to server/PHP, to save settings.

So either the firewall needs to be disabled entirely for requests that match /panel/ or this specific rule would need to be disabled.

hpdorn · 20 Sep 2023, 05:36

Thanks for your answer.

The hoster tries to configure the firewall but failed until now.:slight_smile:

agavedesign · 13 Nov 2023, 15:08

I am also getting the "textStatus: error" when I try to update the username and password on X3. I contacted my host and they said that I am running PHP 8 and they said...

It is a reference to a function that is no longer working on PHP 8:

https://www.php.net/manual/en/function.create-function.php

"Warning - This function has been DEPRECATED as of PHP 7.2.0, and REMOVED
as of PHP 8.0.0. Relying on this function is highly discouraged."

Is there a way around this? I want to use X3 with PHP 8?

Thanks in Advance.

13 Nov 2023, 23:47

agavedesign wrote: I am also getting the "textStatus: error" when I try to update the username and password on X3.

Do you have a link with login for me so I can test? Please send private message or email. This sounds like misconfigured server firewall or problem with file permissions.

agavedesign wrote:I contacted my host and they said that I am running PHP 8 and they said... It is a reference to a function that is no longer working on PHP 8:

https://www.php.net/manual/en/function. ... nction.php

"Warning - This function has been DEPRECATED as of PHP 7.2.0, and REMOVED
as of PHP 8.0.0. Relying on this function is highly discouraged."

Is there a way around this? I want to use X3 with PHP 8?

They are wrong, and I don't even know where they get this idea from. We don't use this function in X3, and X3 was already made compatible with PHP 8 ages ago. Me and most customers already run X3 on PHP 8 since a long time.

X3Photo Gallery Forums

Saving Settings5 posts

Saving Settings

Re: Saving Settings

Re: Saving Settings

Re: Saving Settings

Re: Saving Settings