XF 1.2 More useful error messages?

Mr Lucky

Mr Lucky

Well-known member
I recently spent a lot of time troubleshooting a problem a member was having - she was getting error messages when posting video media

The following error occurred:
Forbidden
You don't have permission to access /community/index.php on this server.
Click to expand...

It turned out eventually this was merely because she was pasting the Youtube embed code instead of the URL.

I can understand why someone might make this mistake, but the error message is very misleading as it implies a permissions problem.

Is there a way to either:

  • Make the message more relevant to the problem
  • Make it so that an embed code also works as well as the URL
Thanks
 
Sort by date Sort by votes
That's actually an Apache error.

There is a resource which allows you to post HTML but be aware that allowing that is a security risk, hence why bb code is used instead.
 
Upvote 0 Downvote
As noted, that is happening before XF is even executed. It's probably mod_security. Your host may be able to help identify the specific rule being triggered.
 
Upvote 0 Downvote
Update:

It seems we don't get the error if you have "old embed code" ticked.

This one causes an error:

HTML: 
<iframe width="560" height="315" src="//www.youtube.com/embed/0xXwNwe2OjM?rel=0" frameborder="0" allowfullscreen></iframe>

This one doesn't:

HTML: 
<object width="560" height="315"><param name="movie" value="//www.youtube.com/v/0xXwNwe2OjM?version=3&amp;hl=en_US&amp;rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="//www.youtube.com/v/0xXwNwe2OjM?version=3&amp;hl=en_US&amp;rel=0" type="application/x-shockwave-flash" width="560" height="315" allowscriptaccess="always" allowfullscreen="true"></embed></object>
 
Upvote 0 Downvote
This is the current default embed code:
Code: 
<iframe width="500" height="300" src="https://www.youtube.com/embed/{$id}?wmode=opaque" frameborder="0" allowfullscreen></iframe>

The second code block you have posted above looks quite wrong.
 
Upvote 0 Downvote
This is almost definitely mod_security blocking specific HTML strings (like an <iframe). Nothing we can do about it unfortunately. Your host would need to be involved.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

K
Error messages generated by ValueFormatter are not really useful
Replies
1
Views
51
Xon
X
JasonBrody
  • Question Question
XF 2.3 Email to from failed: Unable to connect with STARTTLS: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error
Replies
6
Views
112
JasonBrody
JasonBrody
GameNet
  • Locked
Not a bug SSL operation failed with code 1. OpenSSL Error messages: error:1408F10B:SSL routines:ssl3_get_record:wrong version number src/vendor/symfony/mailer/T
Replies
8
Views
197
Jeremy P
Jeremy P
findozor
  • Question Question
XF 2.2 ErrorException: Job XF:EmailUnsubscribe: [E_WARNING] stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:0A
Replies
2
Views
322
findozor
findozor
N
  • Question Question
XF 2.2 Occasional "Site is currently being upgraded" error messages
Replies
2
Views
507
Noma
N
Back
Top Bottom