CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Discussion (deprecated) »
  • Alpha and Beta Release Testing »
  • 4.6 Release Testing »
  • New mailing - page won't load in 4.6.alpha4 - overzealous AJAX security [FIXED]
Pages: [1]

Author Topic: New mailing - page won't load in 4.6.alpha4 - overzealous AJAX security [FIXED]  (Read 902 times)

ken

  • I live on this forum
  • *****
  • Posts: 916
  • Karma: 53
    • City Bible Forum
  • CiviCRM version: 4.6.3
  • CMS version: Drupal 7.36
  • MySQL version: 5.5.41
  • PHP version: 5.3.10
New mailing - page won't load in 4.6.alpha4 - overzealous AJAX security [FIXED]
February 02, 2015, 02:14:19 pm
When I attempt to create a new mailing in 4.6.alpha4 I get a message saying "Initializing ...". When I refresh the browser that message goes away but the screen remains empty. This is not a WSOD but an empty CiviCRM page.

Perhaps an AJAX call is not completing?
« Last Edit: March 01, 2015, 10:08:24 pm by ken »

ken

  • I live on this forum
  • *****
  • Posts: 916
  • Karma: 53
    • City Bible Forum
  • CiviCRM version: 4.6.3
  • CMS version: Drupal 7.36
  • MySQL version: 5.5.41
  • PHP version: 5.3.10
Re: New mailing - page won't load in 4.6.alpha4
February 02, 2015, 09:16:40 pm
The AJAX call via https://example.com/civicrm/ajax/rest?entity=Attachment&action=get&json=%7B%22entity_table%22%3A%22civicrm_mailing%22%2C%22entity_id%22%3A%223816%22%7D returns the response ...

Quote
{"error_code":"unauthorized","entity":"Attachment","action":"get","is_error":1,"error_message":"API permission check failed for Attachment\/get call; insufficient permission: require access CiviCRM and access AJAX API"}

Adding the 'access AJAX API' permission solves that problem. However this is a defect.

The API security documentation says the API checks "The user has ‘access AJAX API’ (that could be granted to anonymous) OR 'access CiviCRM'". This piece of code checks for both. See http://wiki.civicrm.org/confluence/display/CRMDOC/API+Security

totten

  • Administrator
  • Ask me questions
  • *****
  • Posts: 695
  • Karma: 64
Re: New mailing - page won't load in 4.6.alpha4 - overzealous AJAX security
February 24, 2015, 10:36:39 am
I believe that this and other permission issues where addressed in 4.6.alpha6. https://github.com/civicrm/civicrm-core/commit/f8be71a63eb6de24055edf499b561388d28646c3 It would be great to re-test when beta1 ships.

ken

  • I live on this forum
  • *****
  • Posts: 916
  • Karma: 53
    • City Bible Forum
  • CiviCRM version: 4.6.3
  • CMS version: Drupal 7.36
  • MySQL version: 5.5.41
  • PHP version: 5.3.10
Re: New mailing - page won't load in 4.6.alpha4 - overzealous AJAX security
February 27, 2015, 11:33:35 pm
@totten, this is fixed in 4.6beta1. Thanks!

joelcomit

  • I’m new here
  • *
  • Posts: 14
  • Karma: 0
  • Owner/Designer/Developer at Comit Strategies
    • Comit Strategies
  • CiviCRM version: 4.5.5
  • CMS version: WordPress 4.1
  • MySQL version: 10.0.14-MariaDB
  • PHP version: 5.4.34
Re: New mailing - page won't load in 4.6.alpha4 - overzealous AJAX security [FIXED]
April 20, 2015, 10:48:38 am
I'm having this issue on version 4.6.2 on WordPress 4.1.1.

joelcomit

  • I’m new here
  • *
  • Posts: 14
  • Karma: 0
  • Owner/Designer/Developer at Comit Strategies
    • Comit Strategies
  • CiviCRM version: 4.5.5
  • CMS version: WordPress 4.1
  • MySQL version: 10.0.14-MariaDB
  • PHP version: 5.4.34
Re: New mailing - page won't load in 4.6.alpha4 - overzealous AJAX security [FIXED]
April 20, 2015, 11:32:25 am
I refreshed...and now the page loads.
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Discussion (deprecated) »
  • Alpha and Beta Release Testing »
  • 4.6 Release Testing »
  • New mailing - page won't load in 4.6.alpha4 - overzealous AJAX security [FIXED]

This forum was archived on 2017-11-26.