Support

Admin Tools

#22668 Unknown Joomla, Unknown Extensions, can't upload images

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Saturday, 18 July 2015 17:20 CDT

Friday, 22 May 2015 11:06 CDT

mcanimal
I've got three symptoms on my site and think they are all related. I can't be sure my Admin Tools settings are contributing but that seems most likely.

Symptoms:
1) My Joomla control panel states in the lower left corner under Maintenance: Unknown Joomla, and Unknown Extensions, however when clicking on these links, Joomla appears to search out updates just fine.

2) I am unable to upload images to the media manager. I've tried multiple types (gif, jpg, png)

I'm running a Rockettheme template and many Rockettheme extensions, Admin Tools Pro and Akeeba backup, and a facebook wall module, nothing else.

The site was created originally on a sub-director/sub-domain when in development then using Akeeba and kickstart I moved it to the home director. I've explored and fixed one permission issue related to the log folder, but I believe that has been resolved as all show as writable in joomla.

Generally the site works fine in all aspects, the main concern is uploading images.

I am suspicious of an Admin Tools setting because I recently used it to make the .htaccess file. However my host tried swapping it out with a default file with no luck.

Thanks for your help.

Friday, 22 May 2015 11:12 CDT

nicholas
Let's make sure that the problem is indeed caused by Admin Tools. In order to do so, try the following:

1. Try setting the Error Reporting level in your Global Configuration to "None". Many errors are caused by harmless PHP Notices and Warnings being output to the browser, breaking anything which requires HTTP header manipulation such as Joomla!'s session management, AJAX calls and download systems.

2. Try to replicate the issue after disabling the "System - Admin Tools" plugin. If you can still replicate the issue, it is not caused by Admin Tools. Disabling that plugin means that Admin Tools code (including the Web Application Firewall) is not running on your site.

3. If you suspect an issue with the .htaccess file, replace its contents with the contents of the stock htaccess.txt file shipped with every version of Joomla!. If you are on GoDaddy please wait for 1-30 minutes for the changes to be effective. Then, retry loading the problem page. If you can still reproduce the error, then it is not caused by .htaccess Maker.

If doing any of the above resulted in the issue still occurring, it's not related with Admin Tools and we can't help you. If doing any of the above did stop the issue from occurring, we'll have to do some troubleshooting.

First go to Admin Tools, Web Application Firewall, Configure WAF. Make sure "Log security exceptions" is set to Yes; if it's not, set it to Yes and click on Save. Now try reproducing your issue. Immediately after that, please go to Admin Tools, Web Application Firewall, Security Exceptions Log. The latest log entry at the top should have the date and time of when the issue occurred. Please copy the Reason and Target URL here so that we can further help you.

If, however, you do not see a log entry, or the Date and/or IP address do not match your last access, this problem is not caused by Admin Tools' WAF. In this case, you will have to do some .htaccess troubleshooting. You may need to read the general .htaccess troubleshooting page, as well as the page on finding out necessary .htaccess exceptions.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 22 May 2015 13:47 CDT

mcanimal
Thank you, Short Update:

#3 - replacing the .htaccess file with a default version did solve all the problems.

What setting could I have set that would be causing this when using the Admin Tools created file?

I can upload the htaccess.admintools file to you when you're back after the weekend.
Edited by mcanimal on 2015-05-22 13:52 CDT

Monday, 25 May 2015 03:05 CDT

nicholas
All right! Now that we've narrowed it down you can follow the “How to determine which exceptions are required” instructions to see what is actually being blocked by the generated .htaccess.

I will take an educated guess. Your template or a plugin puts all your images through a directly web accessible .php file (it doesn't go through Joomla!'s index.php). This is bad practice –as you're opening many entry points to your site– but quite common. Just remember that when you allow direct access to .php files it is more than likely that Admin Tools' system plugin, therefore Admin Tools Web Application Firewall, is NOT executed when you are accessing them. In other words it makes it possible for an attacker to exploit a vulnerability that Admin Tools could catch, but since it doesn't run inside that script it won't.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 25 May 2015 10:44 CDT

mcanimal
Thank you, I was already browsing that article and will continue to do so. I understand the concept and your explanation.

The part I don't understand, which is why I decided to create the ticket, is that the features that are not working are built-in core Joomla funcctions: uploading to the Media Manager and Joomla update. As I understand, you built the update functionality for Joomla and I assumed the htaccess creator in Admin Tools would have already factored these in.

I have very few plugins installed. Is it possible for a template or plugin to change the way Media Manager handles files?

Tuesday, 26 May 2015 01:18 CDT

nicholas
Uploading to the Media Manager is not affected by the .htaccess Maker. The file is posted to Joomla!'s index.php file which is of course not blocked (that would make your site inaccessible).

Regarding Joomla! Update –which I've written myself, it used to be part of Admin Tools– we do add a special rule by default in .htaccess Maker to let it work. Did you remove the default "Allow direct access to these .php files" options?

> I have very few plugins installed. Is it possible for a template or plugin to change the way Media Manager handles files?

Yes, it is.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 18 June 2015 12:55 CDT

mcanimal
Using your instructions on “How to determine which exceptions are required” I found that the update function wants access to administrator/index.php

XMLHttpRequest cannot load http://www.mcanimalhospital.com/administrator/index.php?option=com_installer&view=update&task=update.ajax&eid=0&skip=700. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://mcanimalhospital.com' is therefore not allowed access.

Allowing direct access to this file did not resolved the issue.

However, I noticed that I had turned on the redirect www to non-www function. After flipping that to redirect to www everything worked and with it set that way, I don't need to add an exception to the administrator/index.php file.

Now for a followup: Where would I start to look to fix whatever is preventing me from redirecting to the non-www address?
Edited by mcanimal on 2015-06-18 13:07 CDT

Thursday, 18 June 2015 15:14 CDT

nicholas
Please read the error message again and you'll see that it has nothing to do with the protection:
XMLHttpRequest cannot load http://www.mcanimalhospital.com/administrator/index.php?option=com_installer&view=update&task=update.ajax&eid=0&skip=700. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://mcanimalhospital.com' is therefore not allowed access.


You have a page on www.mcanimalhospital.com making an AJAX request to mcanimalhospital.com. This is considered a cross-site request as far as the browser is concerned which is not allowed. Please contact the developer of the extension making this request and ask them to use JURI::base() to get the correct domain name.

If this happens by the Joomla! core itself or if they are already using JURI::base() you need to edit your configuration.php file and set 
$live_site = 'http://www.mcanimalhospital.com';
This is required on about 5% of servers which do not report the domain name correctly to PHP (therefore Joomla! has no idea what the correct domain name is).

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Saturday, 18 July 2015 17:20 CDT

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
Edited by on 2015-07-18 17:20 CDT

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!