I'm Not Disabling Mod_security. So The Front End Editor is Broken.
Jenni Armstrong
You can't be serious that your solution is to disable mod_security.
Request: POST /index.php?option=com_sppagebuilder&task=page.apply&pageId=8 Action Description: Access denied with code 500 (phase 2). Justification: Pattern match "(insert[[:space:]]+into.+values|select.from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\(.from)" at ARGS:jform[text].
seems like you ought to be able to resolve this without making our servers vulnerable.
Toufiq
Accepted AnswerHi there,
Thanks for contacting us. Sorry for the inconvenience. The mod_security blocked the resource loading of page builder. That's why occurred the problem. Will you please contact your hosting provider and tell them to disable the mod_security.
-Thanks
Paul Frankowski
Accepted AnswerHi.
As I know, mod_security has extra settings (Ask hosting support for help) that allows you to have it enabled and with working SPPB front-end editor. My hosting admin changed something and all works perfect.
Jenni Armstrong
Accepted AnswerThat's insane. NOBODY SHOULD DISABLE MOD_SECURITY!
I am my hosting provider. I know how to whitelist things and deal with mod_security. But your code is tripping a rule. Specifically, it's 300016, Generic SQL injection.
The developers should be able to code around that. Because i do not want to have to whitelist client IP's. Doing my own is risky enough.