CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM (Moderator: Dave Greenberg) »
  • kabissa custom org update now no longer saves changes from frontent "suspicious"
Pages: [1]

Author Topic: kabissa custom org update now no longer saves changes from frontent "suspicious"  (Read 3520 times)

tobiaseigen

  • I post frequently
  • ***
  • Posts: 151
  • Karma: 5
    • Kabissa - Space for Change in Africa
kabissa custom org update now no longer saves changes from frontent "suspicious"
March 08, 2010, 11:39:52 am
Dear CiviCRM friends!

I hope this message finds everyone well.

I have not made any changes I am aware of to the Kabissa setup, but now for some reason I am getting an error message when anyone tries to update their organization's details via our custom developed frontend. This is embarrassing because I just asked alot of organiations to come and update their details and I am getting complaints. I'd be grateful for advice!

Here's the error:

Code: [Select]
Sorry. A non-recoverable error has occurred.
There is a validation error with your HTML input. Your activity is a bit suspicious, hence aborting

Return to home page.
I saw some references to this here, but am not seeing how their solutions apply to me. What I am suspecting/hoping is that there is some maintenance task I can do like clear out a database cache or the templates_c directory to get this working again. I haven't had to mess with these things for a while so am feeling a little rusty! :)

Thanks,

Tobias
Kabissa - Space for Change in Africa http://kabissa.org

Kurund Jalmi

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4169
  • Karma: 128
    • CiviCRM
  • CiviCRM version: 4.x, future
  • CMS version: Drupal 7, Joomla 3.x
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: kabissa custom org update now no longer saves changes from frontent "suspicious"
March 08, 2010, 12:44:15 pm
Can you update your forum profile with CiviCRM version etc,

Kurund
Found this reply helpful? Support CiviCRM

tobiaseigen

  • I post frequently
  • ***
  • Posts: 151
  • Karma: 5
    • Kabissa - Space for Change in Africa
Re: kabissa custom org update now no longer saves changes from frontent "suspicious"
March 08, 2010, 12:49:15 pm
Hi Kurund -

Done. Civi 2.2.2, Drupal 6

Thanks!

Tobias
Kabissa - Space for Change in Africa http://kabissa.org

tobiaseigen

  • I post frequently
  • ***
  • Posts: 151
  • Karma: 5
    • Kabissa - Space for Change in Africa
Re: kabissa custom org update now no longer saves changes from frontent "suspicious"
March 09, 2010, 02:21:08 am
Also have some debugging info that doesn't help me further - maybe it gives you an idea.

Thanks in advance for any pointers. I am eager to get this crucial feature fixed.

-Tobias

Code: [Select]
backTrace

/var/www/vhosts/kabissa.org/httpdocs/sites/all/modules/civicrm/CRM/Core/Error.php, backtrace, 258
/var/www/vhosts/kabissa.org/httpdocs/sites/all/modules/civicrm/CRM/Core/IDS.php, fatal, 222
/var/www/vhosts/kabissa.org/httpdocs/sites/all/modules/civicrm/CRM/Core/IDS.php, kick, 156
/var/www/vhosts/kabissa.org/httpdocs/sites/all/modules/civicrm/CRM/Core/IDS.php, react, 135
/var/www/vhosts/kabissa.org/httpdocs/sites/all/modules/civicrm/CRM/Core/Invoke.php, check, 74
/var/www/vhosts/kabissa.org/httpdocs/sites/all/modules/civicrm/drupal/civicrm.module, invoke, 339
, civicrm_invoke,
/var/www/vhosts/kabissa.org/httpdocs/includes/menu.inc, call_user_func_array, 348
/var/www/vhosts/kabissa.org/httpdocs/index.php, menu_execute_active_handler, 18
Kabissa - Space for Change in Africa http://kabissa.org

tobiaseigen

  • I post frequently
  • ***
  • Posts: 151
  • Karma: 5
    • Kabissa - Space for Change in Africa
Re: kabissa custom org update now no longer saves changes from frontent "suspicious"
March 10, 2010, 07:31:38 am
Thank you deepaks on the #civicrm irc channel for helping me resolve this issue. I am not certain exactly what was going on, but I certainly learned alot about troubleshooting civicrm.

Key learnings:
  • tailing the CiviCRM.log file while trying things out gives alot of info about what is going on
  • the file ~CRM/Core/IDS.php contains a list of HTML elements that are permitted by the malicious HTML code filter called IDS. Adding custom fields intended for HTML code into here tells IDS that they are also supposed to have HTML.
  • after changing the IDS.php file, you have to delete the Config.IDS.ini file and it will be regenerated.
  • turning off the wysiwyg editor to view the HTML code revealed a weird <!--fragment--> HTML code. I am not sure where this came from - either from the editor or some legacy code on my site. I removed that and IDS then accepted it.

I am still not entirely sure where the problem came from and was not able to reproduce it after the problem went away. Hopefully these notes will help me and others later if this comes up again! :)

Cheers,

Tobias
Kabissa - Space for Change in Africa http://kabissa.org

tobiaseigen

  • I post frequently
  • ***
  • Posts: 151
  • Karma: 5
    • Kabissa - Space for Change in Africa
Re: kabissa custom org update now no longer saves changes from frontent "suspicious"
April 08, 2010, 04:01:02 am
FYI - this problem has not gone away for Kabissa unfortunately. We continue to have reports of this issue, which we're tracking also here: http://roadmap.kabissa.org/issues/42

If we find a solution, we'll post it here. If anyone has any suggestions I'd appreciate hearing them!

Cheers,

Tobias
Kabissa - Space for Change in Africa http://kabissa.org

xavier

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4453
  • Karma: 161
    • Tech To The People
  • CiviCRM version: yes probably
  • CMS version: drupal
Re: kabissa custom org update now no longer saves changes from frontent "suspicious"
April 08, 2010, 06:01:37 am
Hi,

That might not be a bug, but simply that your users directly paste the html turd generated by microsoft word.

There is already a wonderful library (htmlpurifier) that is packaged with civicrm if I'm correct. I would suggest to run the text imputed on the form through this library and use the resulting (cleaned) text to provide it to civicrm.

More specifically about how to try to clean the html:
http://htmlpurifier.org/phorum/read.php?3,3750

Let us know if it works. Good luck

X+
-Hackathon and data journalism about the European parliament 24-26 jan. Watch out the result

tobiaseigen

  • I post frequently
  • ***
  • Posts: 151
  • Karma: 5
    • Kabissa - Space for Change in Africa
Re: kabissa custom org update now no longer saves changes from frontent "suspicious"
April 08, 2010, 06:26:36 am
Hi Xavier - you are probably right that this is "html turd" produced by microsoft word, but the outcome is still bad for Kabissa because it means fewer people finish adding organizations to our database and they are getting frustrated. I will add this idea of yours to our issue tracker and see if we can implement it easily.

In the meantime, I have upped the threshold in IDS.php from 75 to 100 so that hopefully more will get through the first time, even if it looks ugly.

Does this functionality work better generally in the latest version of civicrm? I am at 2.1.2.

Thanks!

Tobias
Kabissa - Space for Change in Africa http://kabissa.org

johng

  • Guest
Re: kabissa custom org update now no longer saves changes from frontent "suspicious"
April 13, 2010, 10:56:36 am
Quote from: tobiaseigen on March 10, 2010, 07:31:38 am
Thank you deepaks on the #civicrm irc channel for helping me resolve this issue. I am not certain exactly what was going on, but I certainly learned alot about troubleshooting civicrm.

Key learnings:
  • tailing the CiviCRM.log file while trying things out gives alot of info about what is going on
  • the file ~CRM/Core/IDS.php contains a list of HTML elements that are permitted by the malicious HTML code filter called IDS. Adding custom fields intended for HTML code into here tells IDS that they are also supposed to have HTML.
  • after changing the IDS.php file, you have to delete the Config.IDS.ini file and it will be regenerated.
  • turning off the wysiwyg editor to view the HTML code revealed a weird <!--fragment--> HTML code. I am not sure where this came from - either from the editor or some legacy code on my site. I removed that and IDS then accepted it.

I am still not entirely sure where the problem came from and was not able to reproduce it after the problem went away. Hopefully these notes will help me and others later if this comes up again! :)

Cheers,

Tobias

Hello,

Our organization is also having this issue and wondered if you could clarify some of the above.

In the IDS file, I gather that you should add to the html[] array the intended fields... is it the field label that should be added?

I can not find the Config.IDS.ini file... in what directory is it located?

Thank you!



Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: kabissa custom org update now no longer saves changes from frontent "suspicious"
April 13, 2010, 11:12:11 am

check: CRM/Core/IDS.php, line 84 or so

You can add various exceptions or html fields there. Please let us know if we need to add any other fields. Once you've changed that file, please delete Config.IDS.ini (from files/civicrm/templates_c/en_US/ConfigAndLog/Config.IDS.ini)

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

tobiaseigen

  • I post frequently
  • ***
  • Posts: 151
  • Karma: 5
    • Kabissa - Space for Change in Africa
Re: kabissa custom org update now no longer saves changes from frontent "suspicious"
April 13, 2010, 11:40:04 am
Hi Lobo -

I've been having more difficulty with my forms, and the solution (albeit counter to the purpose of IDS) has been to raise the threshold to 100. I'd rather find a more appropriate way to handle this.

I'm tracking my progress with this issue here: http://roadmap.kabissa.org/issues/42

Cheers,

Tobias
Kabissa - Space for Change in Africa http://kabissa.org

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: kabissa custom org update now no longer saves changes from frontent "suspicious"
April 13, 2010, 11:49:16 am

tobias:

we've added a lot more exceptions and html fields to CRM/Core/IDS.php since 2.2.x. We've also upgraded php-ids since then. Your best bet might be to either patch those changes or upgrade to 3.1.x

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

tobiaseigen

  • I post frequently
  • ***
  • Posts: 151
  • Karma: 5
    • Kabissa - Space for Change in Africa
Re: kabissa custom org update now no longer saves changes from frontent "suspicious"
April 13, 2010, 11:51:14 am
thanks lobo - so I will live with the kludge until I am able to upgrade.

cheers,

tobias
Kabissa - Space for Change in Africa http://kabissa.org
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM (Moderator: Dave Greenberg) »
  • kabissa custom org update now no longer saves changes from frontent "suspicious"

This forum was archived on 2017-11-26.