• Welcome to the Chevereto user community!

    Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.

    Please keep in mind:

    • 😌 This community is user driven. Be polite with other users.
    • 👉 Is required to purchase a Chevereto license to participate in this community (doesn't apply to Pre-sales).
    • 💸 Purchase a Pro Subscription to get access to active software support and faster ticket response times.
  • Chevereto Support CLST

    Support response

    Support checklist

    • ⚠️ Got a Something went wrong message? Read this guide and provide the actual error. Do not skip this.
    • ✅ Confirm that the server meets the System Requirements
    • 🔥 Check for any available Hotfix - your issue could be already reported/fixed
    • 📚 Read documentation - It will be required to Debug and understand Errors for a faster support response

Can't substitute a new privacy page

Status
Not open for further replies.
L

lumiworx

Chevereto Member
▶🚶‍Reproduction steps
  1. I've tried creating a new privacy policy page as-per the documentation, to replace the default page.
  2. After a half-dozen 403 errors, I deleted the page entry from the admin page list, and tried creating a new/fresh page - and tried creating it as both an 'internal' 'Privacy' page or an 'external' 'extra' page, but not a 'link'.
  3. After another half-dozen 403 errors, I manually edited the DB to insert a new row that was a copy of a successfully inserted custom TOS page, and manually created the PHP page itself from cPanel.
  4. After getting the new page to show up in the page list, and also in the 'About...' page menu on the front end that can be read correctly, I tried editing the page settings to get the internal link set to "Privacy".
😢Unexpected result

Although the page shows in the page list and can be selected and read on the site, the backend refuses to accept any edits to the page setup, including an attempt to only get the internal "Privacy" page link working. Any time the edit is submitted, it instantly sends me to the same generic 403 'Denied...' error page.

📃Error log message

There are no log entries showing any errors.

NOTE: I had absolutely no issue in creating a new TOS page, with it's custom file name outside the "default" folder, the internal link to "tos" that holds its value in the backend, and loads/displays correctly with both 'header' and 'footer' on the page. I then used the exact same procedure in changing the privacy page, and it continually spit out 403 pages on every save attempt.
 
Sort by date Sort by votes
To amend my note... I noticed I had an extra character in the internal link as 'privvacy'. Once that was corrected, the backend does show the link as expected, as "Privacy".
 
Upvote 0 Downvote
Hi @lumiworx, I'm sorry to hear you have issues.

I think that the issue is mod_security (or other request filterers) that prevent you from saving these files using the web interface. Some servers still implement this kind of filtering, and it causes a 403 when some "unsafe" content is submitted using a given HTTP request.

Chevereto pages are on its core, PHP files that you can save/edit using the panel. Basically, your server throws a 403 once it detects a POST request body with <?php and other many others kind of code like JavaScript or even HTML. Chances are that you won't be able to add any html/js banner, or analytics code as it will fail over the alleged filtering.

You either disable the filtering or you manually create the pages in the server file-system. Simply make sure to put the page location (relative) pointing to your custom page.

Let me know if it helps.
 
Upvote 0 Downvote
Sorry about the late reply.... The idea that it's due to mod_security makes sense, unfortunately my cPanel plugin for it is limited to toggling it on or off for individual sites, so I can't make granular settings for anything at all. I could probably issue a request to my hosting provider and see if they might adjust it, but I don't mind using a workaround for something I'd only do once every year or two - or maybe only once.

Strange that I had no issue with a brand new 'terms-of-service.php' page - complete with the default header and footer <?php wrappers from the original page - and could mark it as 'internal' and tied to the 'tos' link once I deleted the original in the backend. Is it possible that the string 'privacy' is somehow protected in code?

At any rate, as long as there's a way to get it in place that I can code myself, it all works out in the end.
 
Upvote 0 Downvote
lumiworx said:
Is it possible that the string 'privacy' is somehow protected in code?
Click to expand...
No, the privacy string is not protected. Chances are that the actual file has messed permissions.

It happens frequently in setups where the permissions gets altered due to different file access (ftp, ssh, etc).
 
Upvote 0 Downvote
Unfortunately, this ticket has more than seven days without a reply or feedback from the original poster. We will now consider this ticket abandoned and its now closed.

Don't hesitate to create a new ticket if this matter is still causing you issues.

Ticket closed.
 
Upvote 0 Downvote
Status
Not open for further replies.
Back
Top