CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Core CiviCRM Functions (Moderator: Yashodha Chaku) »
  • Overactive IDS in 4.3.3
Pages: [1]

Author Topic: Overactive IDS in 4.3.3  (Read 19615 times)

Shawn_LaLucha

  • I’m new here
  • *
  • Posts: 8
  • Karma: 0
  • CiviCRM version: 4.3
  • CMS version: Drupal 7
  • MySQL version: 5.1.67
  • PHP version: 5.3.3
Overactive IDS in 4.3.3
July 04, 2013, 10:26:44 am
I'm a little bit new to the CiviCRM community and generally to participating in open source projects on this level, so pardon me if this appears obvious.

I am having an issue where each time I attempt to upload a photo to a contact I get an IDS kick (see below).  Since it had worked previously and stopped suddenly (not after making any administrative changes) I believe it to be this issue:
http://issues.civicrm.org/jira/browse/CRM-12197

Am I correct that there isn't a solution to this issue currently? Until version 4.5..?  Is there a fix or way around this problem?  At present none of my users are able to edit contacts (in any way). 

Thanks all.

CiviCRM 4.3.3, Drupal 7

Error:

{"IP":"....","error_code":"IDS_KICK","level":"security","referer":"\/civicrm\/contact\/add?reset=1&context=search&action=update&cid=11","reason":"XSS suspected","is_error":1,"error_message":"There is a validation error with your HTML input. Your activity is a bit suspicious, hence aborting"}

JonGold

  • Ask me questions
  • ****
  • Posts: 638
  • Karma: 81
    • Palante Technology
  • CiviCRM version: 4.1 to the latest
  • CMS version: Drupal 6-7, Wordpress 4.0+
  • PHP version: PHP 5.3-5.5
Re: Overactive IDS in 4.3.3
July 04, 2013, 12:28:46 pm
n Civi 4.3 with Drupal, there's a permission in the Drupal permissions to bypass the IDS for certain roles.  If these are authenticated users, perhaps that presents a solution?

Jon
Sign up to StackExchange and get free expert CiviCRM advice: https://civicrm.org/blogs/colemanw/get-exclusive-access-free-expert-help

Shawn_LaLucha

  • I’m new here
  • *
  • Posts: 8
  • Karma: 0
  • CiviCRM version: 4.3
  • CMS version: Drupal 7
  • MySQL version: 5.1.67
  • PHP version: 5.3.3
Re: Overactive IDS in 4.3.3
July 06, 2013, 11:04:59 am
I thought that was the case, but am unable to find the bypass IDS option in the permission when I look at them (in Drupal).

I apologize for not being more specific previously, I should mention that I am using Commerce Kickstart.

I'm just not sure I understand why the option to bypass IDS does not appear - can you tell me which subheading it should be under? 

Is there any other way to set that option (config file, in db, etc)?

Thanks!
Shawn

JonGold

  • Ask me questions
  • ****
  • Posts: 638
  • Karma: 81
    • Palante Technology
  • CiviCRM version: 4.1 to the latest
  • CMS version: Drupal 6-7, Wordpress 4.0+
  • PHP version: PHP 5.3-5.5
Re: Overactive IDS in 4.3.3
July 06, 2013, 11:56:53 am
Hi Shawn,

My mistake - I saw that pemission in Civi 4.4 alpha.

While it's not recommended, you can set an option in civicrm.settings.php to disable the IDS altogether: http://forum.civicrm.org/index.php?topic=12851.0

I also believe it's supposed to be disabled if you're in the Administrators CiviCRM group, but can't swear that's true.
Sign up to StackExchange and get free expert CiviCRM advice: https://civicrm.org/blogs/colemanw/get-exclusive-access-free-expert-help

Shawn_LaLucha

  • I’m new here
  • *
  • Posts: 8
  • Karma: 0
  • CiviCRM version: 4.3
  • CMS version: Drupal 7
  • MySQL version: 5.1.67
  • PHP version: 5.3.3
Re: Overactive IDS in 4.3.3
July 06, 2013, 02:12:02 pm
Thanks Jon! I appreciate the follow-up.  I disabled it to get a few things done and will look for that fix in 4.4.

I appreciate the help greatly.

BasH

  • I’m new here
  • *
  • Posts: 18
  • Karma: 0
  • CiviCRM version: 4.3.3. revision ce35dedb59
  • CMS version: Drupal 6.29
  • MySQL version: 5.0.8-dev - 20102224
  • PHP version: 5.3.11
Re: Overactive IDS in 4.3.3
July 29, 2013, 04:49:47 am
I had the same problem after upgrading to CiviCRM 4.3.3. Couldn't update a contact (also couldn't use the cancel button, so even without changing something I got this error!). I am the administrator so it looks like that permission doesn't help either, maybe because I still use Drupal 6?.

I didn't completely remove the setting in the config file because that completely removes a security layer. Instead I used the solution suggested by Coleman Watts (see http://forum.civicrm.org/index.php/topic,18168.msg103823.html#msg103823) to change the ids.php file in the CRM/Core directory (only the linenumber changed to 185).

In my case there also was a workaround to be able to change a contact by hoovering over part of the contact in the contact view, in the upper right hand corner of this part an edit/add button appears and the contact can be changed without getting this error.   
kind regards, Bas
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Core CiviCRM Functions (Moderator: Yashodha Chaku) »
  • Overactive IDS in 4.3.3

This forum was archived on 2017-11-26.