Author Topic: CiviEvent won't trust me and keeps kicking me out for "suspicious activity" (Read 686 times)

Rick Cunningham · April 09, 2013, 06:13:34 am

When trying to set up an event and using full html for editing a text box I am unable to save anything fancier than plain text. Centering, changing fonts, adding tables, etc. almost always results in the failure message below which ends with: Your activity is a bit suspicious, hence aborting. I don't know which part of this is going wrong, and I'm having a very difficult time setting up online registration for an impending fundraiser. Any help would be appreciated!

(I have D7.21, Civi 2.4.2, CKEditor 3.6.5.7647, Wysiwyg 7.x-2.2)

{"IP":"my ip address","error_code":"IDS_KICK","level":"security","referer":"http:\/\/www.mydomain.net\/members\/civicrm\/event\/manage\/settings?reset=1&action=update&id=6","reason":"XSS suspected","is_error":1,"error_message":"There is a validation error with your HTML input. Your activity is a bit suspicious, hence aborting"}

Rick Cunningham · April 09, 2013, 06:36:43 am

I just noticed another volunteer had pasted something from Word into one of the fields (not the ones I've been editing) and I believe that will turn out to be the error - will turn this into plain text and see if the errors go away. I'll re-post this if the errors persist. It didn't solve the problem! (But still pasting from word is a bad idea unless your wysiwyg editor knows how to strip all the junk.)

Status -

I've turned everything into plain text - no html, and everything is now saving properly, but when I try to add a table in the introduction, I get the error again. I know Lobo had posted something about a year ago on this subject that had to do with disabling the activity monitor for certain classes of users. I'll take a look at that. Meanwhile, if there's any new news on this problem please let me know - this is extremely frustrating. Reminds me of playing Chutes and Ladders with a 6 year old. Who cheats!

Michael McAndrew · April 10, 2013, 06:01:17 am

hey rick,

agree this is frustrating.

is the html for the table just simple html? did you write it yourself or copy from somewhere else? try keeping it as simple as possible.

also see http://forum.civicrm.org/index.php?topic=12851.0 for another solution / more background.

you could always turn off ids checking temporarily and then turn it back on again...

Rick Cunningham · April 11, 2013, 12:52:44 pm

Thanks - I didn't write the html, it's being generated by CKeditor 3.6.x.x via wysiwyg, and the html gets mangled by viewing source and going back to wysigyg so it's not that easy to see what html is being generated.

I think I'm going to disable for the afternoon and then go get a wysiwyg editor that doesn't cut corners!

Also, Coleman Watts posted (May 15 2012) a slightly more sophisticated patch in the thread below - it doesn't turn off checking, except for those who have civicrm access permission. I don't know whether it worked, but here's the link.

http://forum.civicrm.org/index.php/topic,18168.msg103823.html#msg103823

CiviCRM Community Forums (archive)

News:

Author Topic: CiviEvent won't trust me and keeps kicking me out for "suspicious activity" (Read 686 times)

Rick Cunningham

CiviEvent won't trust me and keeps kicking me out for "suspicious activity"

Rick Cunningham

Spoke too soon

Michael McAndrew

Re: CiviEvent won't trust me and keeps kicking me out for "suspicious activity"

Rick Cunningham

Re: CiviEvent won't trust me and keeps kicking me out for "suspicious activity"