Support

Admin Tools

#20286 Dizi images gallery upload blocked

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by gosha on Tuesday, 17 June 2014 03:18 CDT

Monday, 16 June 2014 09:04 CDT

gosha
 Dear Akeeba support,
compliments for your great software.

I didn’t find solution and I must ask for help regarding to using dizi image gallery component (http://extensions.joomla.org/extensions/photos-a-images/galleries/content-photo-gallery/23507) with Akeeba Admintools.

If I try to upload picture from dizi tab in new article form in backend I get message “…HTTP Error (303)”
In admintools Security Exceptions Log it throws
reason: Admin directory and
Target url
.../administrator/?option=com_di&task=ajax.upload&object_id=-9643998&session_name=ab74e08fbe6f96771b18f30aaa835155&session_id=a2b039bc89460dd0dd5b36e937492427&

In WAF configuration I use Change administrator login directory, I don’t know is it related with this issue (but dizi images upload did not work even before I changed this admin directory path).

If I uninstall Admintools, uploading picture from Dizi image galleries tab pass without any problems.

I use this dizi component on many of my joomla sites and I will be grateful if you can suggest me how to solve this problem.

Best regards,
Goran

Monday, 16 June 2014 09:39 CDT

dlb
This is a fairly common problem with Admin Tools' .htaccess Maker. You said the problem went away when you uninstalled Admin Tools, but that would not have restored the .htaccess file. Did you also restore the .htaccess file back to the standard file when you uninstalled Admin Tools?

Just for future reference, uninstalling Admin Tools will destroy all your component settings. It is easier to simply disable the System - Admin Tools plugin if you need to temporarily disable Admin Tools. That will disable the WAF, but will not affect .htaccess.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Monday, 16 June 2014 15:27 CDT

gosha
Dear Akeeba support,
thank you for your quick answer .

Actually, when I removed Admintools I restored my old .htaccess file and then I saw that problem is gone. But I made some additional testing using your tip for disabling admintools plugin and it seems that problem is not related with .htaccess file (when i leave .htaccess file and disable admintools plugin file is uploaded without problems, but when I enable plugin, 303 error appears after 100% of upload process - i attached printscreen)
I found that problem appears only if one of this two params od Configure WAF is used
Change administrator login directory to
or
Administrator secret URL parameter

I suppose that problem is url redirection after file upload... If I set login directory and login in site administration on www.mysite.com/test (instead of /administrator) i get 303 error on upload, but if I delete this parameter, login on www.mysite,com/administrator upload is ok, even if admintools plugin is enabled and .htaccess generated by admintools is active.

I am interested to use this great change admin folder functionality of admintools (or to add secret param to default admin path), but I don't know is it possible with this ajax upload 303 error on sites where I use dizi images gallery component.

Best regards,
Goran

Tuesday, 17 June 2014 01:00 CDT

nicholas
The developer of the extension you are using is doing something very wrong. Look at the URL it reads administrator/?option instead of administrator/index.php?option and that's the problem.

Moreover he;s doing another pointless thing, namely ../administrator when he KNOWS he's already inside the administrator directory. This is like telling you that if you want to come into the room you are already in you must exist through the door then enter again through the same door. Does it make sense? Of course not.

You will have to disable the administrator secret URL parameter and rename administrator directory features of Admin Tools BUT this will further degrade the security of your site.

I would recommend contacting the developer of that third party extension and asking him to review the URL he's using. He MUST put index.php in the URL and he'd better use the absolute URL to it. These are problems we have already solved years ago. If he doesn't understand how to do it please ask him to contact me, I will be happy to share the solution.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 17 June 2014 03:18 CDT

gosha
Dear Mr. Nicholas,
thank you very much for your great support, I will try to contact developer or to fix dizi admin url.
I will be free to contact you if we need help from your side.
My compliments to your work :-)
Best regards,
Goran

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!