this.mask.addClass

Support
1

Devs,

I’ve come to a point where I dont know how to proceed. I have a simple snippet which is really hard to debug. When I try to save it won’t save unless I remove some code. But the code is valid php and works on other modx sites.

My ModX version is up to date, same as all the extras.

What I do:

  • Insert the snippet
  • Click save, first error appears (this.mask…)
  • Click save again, other two errors appear.

The snippet is NOT saved. I just cant make any sense of what is going on here.

I’ve tried to input the snippet code directly in the database but then my site crashes.

Any help would be appreciated.

Kind,
Ilja

image
image586×569 26 KB

2

Sounds a lot like mod security on the server is blocking the request that saves the snippet. Try looking at your server error and/or mod security logs, or contact your host for help disabling that.

3

Thanks Mark!

Where do I find the modx sec logs? I will ask mijndomein.nl for the server ones.

Any specific that can cause it?

Kind,
Ilja

4

It’s ModSecurity, a firewall for your web server, that has nothing to do with MODx.

5

Oh wow I feel so stupid. Did not notice that.

Will be continued.

6

@markh @halftrainedharry

No luck on the logs. There is nothing in there that implicate an error of any kind. Only thing I can think of is the PHP version. The one working is 7.2.34 and the one not is 7.4.

This is the code snippet I want to save. This way I retrieve photo’s on Flickr and save them in a file so I limit the API calls.

You guys see any reason why it will not save?

<?php

// Check input
if (!ctype_digit($albumId)) {
  return false;
};

$cache_time = 3600*24; // 24 hours
$cache_file = 'assets/cache/album_'.$albumId.'.json';
$timedif = @(time() - filemtime($cache_file));

if (file_exists($cache_file) && $timedif < $cache_time) {
    // Cache versie
    $string = file_get_contents($cache_file);

} else 
{   
    $key = 'xxxx';
    $user = 'xxx';
    $album = $albumId;
    $feed = 'https://api.flickr.com/services/rest/?method=flickr.photosets.getPhotos&api_key='.$key.'&photoset_id='.$album.'&user_id='.$user.'&extras=url_t%2Curl_h%2Curl_c&format=json&nojsoncallback=1';
    $string = file_get_contents($feed);
    if ($f = @fopen($cache_file, 'w')) {
        fwrite ($f, $string, strlen($string));
        fclose($f);
    }
   
}

$json = json_decode($string);

//http://farm{farm-id}.staticflickr.com/{server-id}/{id}_{secret}.jpg
if (!function_exists('objectToArray')) {
  function objectToArray($d) {
	  if (is_object($d)) {
		// Gets the properties of the given object
		// with get_object_vars function
		$d = get_object_vars($d);
	  }
	
	  if (is_array($d)) {
		/*
	* Return array converted to object
	* Using __FUNCTION__ (Magic constant)
	* for recursive call
	*/
		return array_map(__FUNCTION__, $d);
	  }
	  else {
		// Return array
		return $d;
	  }
	}
}

// Create array
$array = objectToArray($json);
$output = false;

foreach ($array['photoset']['photo'] as $key => $value) {

    $farm = $value['farm'];
    $server = $value['server'];
    $id = $value['id'];
    $secret = $value['secret'];
    $title = $value['title'];
    $img = 'http://farm'.$farm.'.staticflickr.com/'.$server.'/'.$id.'_'.$secret.'_b.jpg';
    if (array_key_exists ( 'url_h' , $value )) {
        $img = $value['url_h'];
    }
    $thumb = $value['url_c'];

	$output .= $modx->getChunk('tpl.gallery.img2',array(
	  'thumb' => $thumb,
	  'img' => $img,
	  'title' => $title,
	));

}

 return $output;
7

Do you have the ability to disable ModSecurity on the server to make sure it’s really the reason of the error?

If ModSecurity is the problem, then it (mistakenly) classifies your request as an attack and blocks it.

8

I cant disable it. Tried it with the .htaccess but also no luck in saving the snippet.

<IfModule mod_security.c>
  SecFilterEngine Off
  SecFilterScanPOST Off
</IfModule>
9

Ask the host, there’s a lot of different ways that can be configured. One client of mine has a section in their DirectAdmin panel to manage it, for example.

It could also be a proxy or CDN like CloudFlare that’s filtering, or some other security software, though in my estimation 8/10 times this comes up it is mod_security.

As for the snippet contents, modx comes with a cache manager that I’d suggest using.

10

which part do you need to remove, so you can save it?

11

@markh thanks. I have zero influence, the site is hosted at mijndomein.nl They offer no such thing as DA. I have asked if they can put it off for me to check.

@bruno17 So when I remove the following it works:

if (file_exists($cache_file) && $timedif < $cache_time) {
    // Cache versie
    $string = file_get_contents($cache_file);

} else 
{   
    $key = 'xxxx';
    $user = 'xxx';
    $album = $albumId;
    $feed = 'https://api.flickr.com/services/rest/?method=flickr.photosets.getPhotos&api_key='.$key.'&photoset_id='.$album.'&user_id='.$user.'&extras=url_t%2Curl_h%2Curl_c&format=json&nojsoncallback=1';
    $string = file_get_contents($feed);
    if ($f = @fopen($cache_file, 'w')) {
        fwrite ($f, $string, strlen($string));
        fclose($f);
    }
   
}```
12

Does it also work, when you remove only this line, for example:

$feed = 'https://api.flickr.com/services/rest/?method=flickr.photosets.getPhotos&api_key='.$key.'&photoset_id='.$album.'&user_id='.$user.'&extras=url_t%2Curl_h%2Curl_c&format=json&nojsoncallback=1';
13

This probably doesn’t work, but have you tried using a static snippet and then uploading the file with the snippet code with FTP.

1 Like
14

@bruno17 no luck there…
@halftrainedharry that worked! I can work with the snippet now. Only downside is I still can’t edit it from within the manager. So that won’t save still. But I can edit the .php on the server and it will update in the manager.

Thanks all. It is not a complete fix, but I can move on.

15

This topic was automatically closed 2 days after discussion ended and a solution was marked. New replies are no longer allowed. You can open a new topic by clicking the link icon below the original post or solution and selecting “+ New Topic”.