"Access Denied" message /tools/ajaxRequest on test server
Permalink
we recently discovered a really strange issue.
On our development machines (all win7 Enterprise, PHP 5.3.5, 5.3.8) all "tools" requests are fine and handled as expected.
Same story on our production server (RHEL, PHP 5.3.3).
Our test server (and I must admit there is a inconsistency in OS etc.) the same request fails with an error message "Access Denied" (Ubuntu 10.04.4 LTS, PHP 5.3.2 with suhosin patch).
We have confirmed (by removing the defined(C5_EXECUTE) check) that it does crash on the file /tools/ajaxRequest(.php).
As described in the documentation, the ajax request is done _WITHOUT_ the extension ".php" in the request URL (host/tools/ajaxRequest?param=val).
We have done some debugging and verified that the request does actually set the constant "C5_EXECUTE" in dispatcher.php. There seems to be no file that unsets this data...
Any idea on how this is even possible, and eventually, how to solve this issue?
PS: we currently work with ccm_5.4.x
On our development machines (all win7 Enterprise, PHP 5.3.5, 5.3.8) all "tools" requests are fine and handled as expected.
Same story on our production server (RHEL, PHP 5.3.3).
Our test server (and I must admit there is a inconsistency in OS etc.) the same request fails with an error message "Access Denied" (Ubuntu 10.04.4 LTS, PHP 5.3.2 with suhosin patch).
We have confirmed (by removing the defined(C5_EXECUTE) check) that it does crash on the file /tools/ajaxRequest(.php).
As described in the documentation, the ajax request is done _WITHOUT_ the extension ".php" in the request URL (host/tools/ajaxRequest?param=val).
We have done some debugging and verified that the request does actually set the constant "C5_EXECUTE" in dispatcher.php. There seems to be no file that unsets this data...
Any idea on how this is even possible, and eventually, how to solve this issue?
PS: we currently work with ccm_5.4.x
Another thought, something that may be different between the environments is .htaccess.
Thanks John(the Fish)!
You helped us to look in the right direction.
It was a misleading story, starting with a favicon.ico that was missing in the root directory of the public web directory. This gave the impression that the ajax request successfully went through index.php.
Then there was this test server that had its' Options directive configured to search for files against known extensions if the extension was missing (which it did!) and therefore didn't pass the rewrite condition for missing files (and finally missed the rewrite to index.php). That explained the "Access Denied" error.
You helped us to look in the right direction.
It was a misleading story, starting with a favicon.ico that was missing in the root directory of the public web directory. This gave the impression that the ajax request successfully went through index.php.
Then there was this test server that had its' Options directive configured to search for files against known extensions if the extension was missing (which it did!) and therefore didn't pass the rewrite condition for missing files (and finally missed the rewrite to index.php). That explained the "Access Denied" error.
http://www.concrete5.org/community/forums/customizing_c5/tools-dire...
Are you using getToolsURL to get the tool urls, or some other method?