Hello,
I just installed Mantis version 1.0.1. After backing up my Mantis directory and my database, I used Matthew Hayes's script to update the databases, ran the install successfully and got a good report when I ran check.php.
I have been able to successfully log in and, I have been able to Report Issues except for the following one.
ISSUE I'M TRYING TO REPORT
===================
Category: Wish list/feature requests
Reproducibility: Always
Severity: Feature
Priority: Normal
Product: 1.03.0
Summary: Need means for deleteing unused Term/Grading Period, Class or
Subject/Category
Description: Currently, there is no way to delete an entry from the "Term/Grading Period", "Class" and "Subject/Category" database tables. When the editors are invoked from the "Test Editor" by choosing the "Edit or Add XXXX" entry in the list, the user can edit an existing entry or add a new entry. If an existing entry is not selected, the only choices for the user are "Save" or "Cancel", which is fine. If, however, an existing entry is selected, the only choices are "Update" or "Cancel". I suggest we first query the database to see if the item is used in any existing test. If so, we do nothing, since the record cannot be deleted as long as it is referenced in a test. If the item is not used an a test, however, we add a third option "Delete". If chosen, the user would see an "Are you sure...?" query. If user says OK, we we would delete the item from the appropriate database table.
===================
When I enter the entire body of the summary, I get the following error:
"Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, jerry@rosearbour.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log."
I can enter the first four or five words of the summary and successfully submit the report, but if I try to enter any more than that, I get the error.
When I look at my server error log I see the following:
SERVER ERROR REPORT
================
[Mon Feb 20 13:02:40 2006] [error] [client 209.223.115.33] mod_security: Access denied with code 500. Pattern match "[[:space:]]+(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\\\\*| |\\\\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\\\\*| |\\\\,]" at POST_PAYLOAD [hostname "www.rosearbour.com"] [uri "/mantis/bug_report.php"] [unique_id "Nxoc8NHS75oAAAbNEu4AAAAd"]
================
Code 500 is, of course,
Internal Error 500
The server encountered an unexpected condition which prevented it from fulfilling the request.
It sure is unknown. ; > ) 'cause I can't figure it out with my level of knowledge. Can anyone help me with this problem?
I should mention that we have submitted Issue Reports with as much or more text than what appears in this message with no problem.
This appears to me to be some kind of security or privileges error, but I can login successfully and submit other Issue Reports. Why not this one.
Thanks for any help you can provide.
Jerry Nielsen
Error message when attempting to Report Issue
Moderators: Developer, Contributor
Is mod_security to blame?
It looks as if the culprit might be the mod_security Apache module. I am not able to configure anything at this level on my ISP's systems. If this is the problem, can anyone tell me how to get around it?
Could the slashes in the text of the summary be responsible for the problem? I could easily eliminate them. Doh! (Maybe I should try that.) I'll let you know.
Jerry Nielsen
Could the slashes in the text of the summary be responsible for the problem? I could easily eliminate them. Doh! (Maybe I should try that.) I'll let you know.
Jerry Nielsen
Well, that wasn't it!
Eliminated both the slashes and quotation marks from the text, and it still will not post the issue. Help!
Jerry Nielsen
Jerry Nielsen
From that error message (and knowing practically nothing about mod_security) I'd say that Apache is intercepting the post as it contains text that is like "delete.... database".
Sounds like you have an over-zealous host :)
I would hazard a guess and suggest replacing any mention of the word 'database' with 'data-base' or 'data base' or something.
You might even need to do a few more words, too (eg. select, delete, insert etc.).
I don't know how'd you deal with this in the long run, though, without doing something about your host...
Lincoln.
Sounds like you have an over-zealous host :)
I would hazard a guess and suggest replacing any mention of the word 'database' with 'data-base' or 'data base' or something.
You might even need to do a few more words, too (eg. select, delete, insert etc.).
I don't know how'd you deal with this in the long run, though, without doing something about your host...
Lincoln.
That was right on the mark!
Lincoln,
I changed the words delete to deleate and references to the database to deebee, and the post went through. We can live with that, but I do plan to check with my host and see if there is anything we can do about it.
Thanks so much for your help. I just love open source forums. Folks are always so willing to help.
Thanks again!
Jerry Nielsen
I changed the words delete to deleate and references to the database to deebee, and the post went through. We can live with that, but I do plan to check with my host and see if there is anything we can do about it.
Thanks so much for your help. I just love open source forums. Folks are always so willing to help.
Thanks again!
Jerry Nielsen