XF 1.2 More useful error messages?

Mr Lucky

Mr Lucky

Well-known member
I recently spent a lot of time troubleshooting a problem a member was having - she was getting error messages when posting video media

The following error occurred:
Forbidden
You don't have permission to access /community/index.php on this server.
Click to expand...

It turned out eventually this was merely because she was pasting the Youtube embed code instead of the URL.

I can understand why someone might make this mistake, but the error message is very misleading as it implies a permissions problem.

Is there a way to either:

  • Make the message more relevant to the problem
  • Make it so that an embed code also works as well as the URL
Thanks
 
Sort by date Sort by votes
That's actually an Apache error.

There is a resource which allows you to post HTML but be aware that allowing that is a security risk, hence why bb code is used instead.
 
Upvote 0 Downvote
As noted, that is happening before XF is even executed. It's probably mod_security. Your host may be able to help identify the specific rule being triggered.
 
Upvote 0 Downvote
Update:

It seems we don't get the error if you have "old embed code" ticked.

This one causes an error:

HTML: 
<iframe width="560" height="315" src="//www.youtube.com/embed/0xXwNwe2OjM?rel=0" frameborder="0" allowfullscreen></iframe>

This one doesn't:

HTML: 
<object width="560" height="315"><param name="movie" value="//www.youtube.com/v/0xXwNwe2OjM?version=3&amp;hl=en_US&amp;rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="//www.youtube.com/v/0xXwNwe2OjM?version=3&amp;hl=en_US&amp;rel=0" type="application/x-shockwave-flash" width="560" height="315" allowscriptaccess="always" allowfullscreen="true"></embed></object>
 
Upvote 0 Downvote
This is the current default embed code:
Code: 
<iframe width="500" height="300" src="https://www.youtube.com/embed/{$id}?wmode=opaque" frameborder="0" allowfullscreen></iframe>

The second code block you have posted above looks quite wrong.
 
Upvote 0 Downvote
This is almost definitely mod_security blocking specific HTML strings (like an <iframe). Nothing we can do about it unfortunately. Your host would need to be involved.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

kontrabass
  • Question Question
XF 1.5 Help tracking down image upload error
Replies
1
Views
301
kontrabass
kontrabass
yor14
  • Solved
XF 2.2 DB Errors on Fresh Install
Replies
15
Views
631
yor14
yor14
N
  • Question Question
XF 2.2 XF\Db\Exception: MySQL query error [1048]: Column 'ip_id' cannot be null in src/XF/Db/AbstractStatement.php at line 230
Replies
2
Views
209
nathanw
N
Mr Lucky
  • Question Question
XF 2.2 help with error: Argument #1 ($url) must be of type string, null given, called in
Replies
5
Views
1K
Mr Lucky
Mr Lucky
Reflect
  • Suggestion Suggestion
Improving email outreach
Replies
6
Views
907
Reflect
Reflect
Top Bottom