"Save as" not working
jenspr opened this issue · 3 comments
Describe the bug
When opening a file in ICEcoder and then going to MENU -> SAVE AS I get an error message and it seems not possible to save under a new name.
To Reproduce
- Open a file
- MENU -> SAVE AS
Expected behavior
A dialog to enter the new filename. A duplicate of the file created.
Browser & Server (please complete the following information):
- Chrome
- Webserver Unix (don't know which, maybe Apache)
Additional context
From the Dev tools:
icecoder.js?microtime=1624787989.6405:3482 POST https://jp01.de/ICEcoder/lib/file-control.php?action=save&fileMDT=1596547133&fileVersion=0&saveType=saveAs&newFileAutoSave=false&tabNum=1&csrf=4b78e8a037b1743189489d113381ca4d 403
serverQueue @ icecoder.js?microtime=1624787989.6405:3482
(anonymous) @ icecoder.js?microtime=1624787989.6405:2175
setTimeout (async)
saveFile @ icecoder.js?microtime=1624787989.6405:2160
onclick @ (index):161
icecoder.js?microtime=1624787989.6405:3462 ICEcoder error info for your request...
icecoder.js?microtime=1624787989.6405:3463 undefined
Did some more test:
When creating a NEW file I can save that (empty) file.
If editing the file to contain:
<b></b>
it fails to save.
if I edit to
<b> it saves
if edited to
</b> it saves
.. strange.. seems to somehow be connected to the file content and the special combinations of opening and closing statements? .. some characters not escaped or some checks run before save?! Dont know. Hope this helps
I did some research. It is actually because of problem between ICEcoder and my Webserver (Apache):
The ModSecurity (2.9) web application firewall is causing the issue. It blocks the save operation and thows an error:
WAF 350147
See here for some details.
https://wiki.atomicorp.com/wiki/index.php/WAF_350147
The sense of the firewall rule is prevent command injection I guess.
And it falsely detects data send to the server. I guess it is text which is understood as javascript or PHP inside it.
Dont know more.
I could get around by disabling the firewall rules and it works fine now.
Maybe this recognition is worth for somebody else too running in such a problem.
All the best Jens