1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.2 More useful error messages?

Discussion in 'XenForo Questions and Support' started by Mr Lucky, Mar 17, 2014.

  1. Mr Lucky

    Mr Lucky Well-Known Member

    I recently spent a lot of time troubleshooting a problem a member was having - she was getting error messages when posting video media

    It turned out eventually this was merely because she was pasting the Youtube embed code instead of the URL.

    I can understand why someone might make this mistake, but the error message is very misleading as it implies a permissions problem.

    Is there a way to either:

    • Make the message more relevant to the problem
    • Make it so that an embed code also works as well as the URL
    Thanks
     
  2. Brogan

    Brogan XenForo Moderator Staff Member

    That's actually an Apache error.

    There is a resource which allows you to post HTML but be aware that allowing that is a security risk, hence why bb code is used instead.
     
    Amaury likes this.
  3. Mike

    Mike XenForo Developer Staff Member

    As noted, that is happening before XF is even executed. It's probably mod_security. Your host may be able to help identify the specific rule being triggered.
     
    Amaury likes this.
  4. Mr Lucky

    Mr Lucky Well-Known Member

    Oh, I see. Then it's because the embed code contains the iframe tag?

    I would not want to allow html.
     
  5. Mr Lucky

    Mr Lucky Well-Known Member

    Update:

    It seems we don't get the error if you have "old embed code" ticked.

    This one causes an error:

    HTML:
    <iframe width="560" height="315" src="//www.youtube.com/embed/0xXwNwe2OjM?rel=0" frameborder="0" allowfullscreen></iframe>
    This one doesn't:

    HTML:
    <object width="560" height="315"><param name="movie" value="//www.youtube.com/v/0xXwNwe2OjM?version=3&amp;hl=en_US&amp;rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="//www.youtube.com/v/0xXwNwe2OjM?version=3&amp;hl=en_US&amp;rel=0" type="application/x-shockwave-flash" width="560" height="315" allowscriptaccess="always" allowfullscreen="true"></embed></object>
     
  6. Brogan

    Brogan XenForo Moderator Staff Member

    This is the current default embed code:
    Code:
    <iframe width="500" height="300" src="https://www.youtube.com/embed/{$id}?wmode=opaque" frameborder="0" allowfullscreen></iframe>
    The second code block you have posted above looks quite wrong.
     
  7. Mike

    Mike XenForo Developer Staff Member

    This is almost definitely mod_security blocking specific HTML strings (like an <iframe). Nothing we can do about it unfortunately. Your host would need to be involved.
     
  8. Mr Lucky

    Mr Lucky Well-Known Member

    But is available on Youtube if you tick "old embed code"
     

Share This Page