Since yesterday I can not edit a specific category in K2 component. Obviously I do not have access to this particular url". When I try it, the system redirect to the home page of the site. In Security Exceptions log write as reason the "Admin Query String". My ip is not on the black list. I deleted the entry from Security Exceptions log and I add my ip to the white list but the problem continues.
#27573 I can't edit a specific category in K2
Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket
Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Environment Information
Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a
Latest post by on Thursday, 25 May 2017 17:17 CDT
Monday, 24 April 2017 07:05 CDT
daskaloudis
Monday, 24 April 2017 08:20 CDT
nicholas
Akeeba Staff
Manager
Does this happen on the frontend or the backend of the site?
If this happens in the frontend it would be a bug in K2. You are getting an error about trying to access a backend URL without having logged in first. You should never, ever be redirected from the frontend to the backend: the two applications are considered separate and isolated by Joomla!.
If this happens in the backend things are a bit more complicated. You would only get this message if you got logged out or your session got corrupt before the redirection takes place. In this case you are both logged out and there's no way to tell Admin Tools that you had already entered the secret URL parameter. The only way you'd end up in this situation is if a third party component or plugin tried to place too much data in the Joomla! session or otherwise logged you out.
However, I am confused by the following statement:
This is impossible. You have not enabled the IP whitelist (in which case adding an IP to it has no effect); or your IP has changed (but with an enabled whitelist you'd be locked out again). If you have not enabled the IP whitelist and you do not have a static IP address do not enable the IP whitelist. Read the documentation about what it does first, otherwise you'd risk getting completely locked out from your site.
In order to have a better idea of what is going on I want you to give me three pieces of information:
1. Does this happen only from the frontend of the site, only from the backend of the site or from both the frontend and backend of the site?
2. What is the Target URL reported in the Security Exceptions Log?
3. What is the URL you are before you click on the category edit link?
(you can replace your domain name with www.example.com in all URLs for privacy)
If this happens in the frontend it would be a bug in K2. You are getting an error about trying to access a backend URL without having logged in first. You should never, ever be redirected from the frontend to the backend: the two applications are considered separate and isolated by Joomla!.
If this happens in the backend things are a bit more complicated. You would only get this message if you got logged out or your session got corrupt before the redirection takes place. In this case you are both logged out and there's no way to tell Admin Tools that you had already entered the secret URL parameter. The only way you'd end up in this situation is if a third party component or plugin tried to place too much data in the Joomla! session or otherwise logged you out.
However, I am confused by the following statement:
I deleted the entry from Security Exceptions log and I add my ip to the white list but the problem continues.
This is impossible. You have not enabled the IP whitelist (in which case adding an IP to it has no effect); or your IP has changed (but with an enabled whitelist you'd be locked out again). If you have not enabled the IP whitelist and you do not have a static IP address do not enable the IP whitelist. Read the documentation about what it does first, otherwise you'd risk getting completely locked out from your site.
In order to have a better idea of what is going on I want you to give me three pieces of information:
1. Does this happen only from the frontend of the site, only from the backend of the site or from both the frontend and backend of the site?
2. What is the Target URL reported in the Security Exceptions Log?
3. What is the URL you are before you click on the category edit link?
(you can replace your domain name with www.example.com in all URLs for privacy)
Nicholas K. Dionysopoulos
Lead Developer and Director
π¬π·Greek: native π¬π§English: excellent π«π·French: basic β’ π My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Monday, 24 April 2017 08:40 CDT
daskaloudis
You have right. i don' t enable the IP whitelist. Sorry, it was an quick act of despair.
1. This happen on the the backend.
2. The target url with reported in the Security Exceptions Log was https://www.mysite.gr/administrator/index.php?option=com_k2&view=category&cid=52
3. The URL before I click on the category edit link is https://www.mysite.gr/administrator/index.php?option=com_k2&view=categories
1. This happen on the the backend.
2. The target url with reported in the Security Exceptions Log was https://www.mysite.gr/administrator/index.php?option=com_k2&view=category&cid=52
3. The URL before I click on the category edit link is https://www.mysite.gr/administrator/index.php?option=com_k2&view=categories
Monday, 24 April 2017 09:49 CDT
nicholas
Akeeba Staff
Manager
In this case we have the second possibility I mentioned. You would only get this message if you got logged out or your session got corrupt before the redirection takes place. This happens before Admin Tools processes the request. If it only ever happens when editing a specific K2 category it'd seem that the bug is in either K2 or a third party system or content plugin on your site which interacts with K2 categories.
Try making a copy of your site (e.g. with Akeeba Backup Core), disable all third party system and content plugins and try editing the K2 category. If the problem persists you should contact the K2 authors.
My personal experience is that they are very unlikely to admit the existence of a bug, without even attempting to reproduce your issue. Even if they do I wouldn't hold my breath waiting for the bugfix: K2 releases come once or twice a year which might be a bit too far apart to be practical.
Maybe it'd be easier for you to disable the secret URL parameter and instead use the Administrator Password Protection feature in Admin Tools to maintain backend login security without being locked out of the site. Then again, since the problem in K2 doesn't depend on Admin Tools' secret URL parameter feature being enabled you would still not be able to edit the K2 category, but at least you'd have no doubt as to where the bug lies (i.e. not in our code).
Try making a copy of your site (e.g. with Akeeba Backup Core), disable all third party system and content plugins and try editing the K2 category. If the problem persists you should contact the K2 authors.
My personal experience is that they are very unlikely to admit the existence of a bug, without even attempting to reproduce your issue. Even if they do I wouldn't hold my breath waiting for the bugfix: K2 releases come once or twice a year which might be a bit too far apart to be practical.
Maybe it'd be easier for you to disable the secret URL parameter and instead use the Administrator Password Protection feature in Admin Tools to maintain backend login security without being locked out of the site. Then again, since the problem in K2 doesn't depend on Admin Tools' secret URL parameter feature being enabled you would still not be able to edit the K2 category, but at least you'd have no doubt as to where the bug lies (i.e. not in our code).
Nicholas K. Dionysopoulos
Lead Developer and Director
π¬π·Greek: native π¬π§English: excellent π«π·French: basic β’ π My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Tuesday, 25 April 2017 05:40 CDT
daskaloudis
After 48 hours the problem was automatically solved (???) without doing anything.
I think the problem was created when the administrator system, due to time expiration, was automatically disconnected, and I tried to edit and update the K2 category from a forgotten open window.
However, thank you for your response and your support. The admin tools is an exellent security product.
I think the problem was created when the administrator system, due to time expiration, was automatically disconnected, and I tried to edit and update the K2 category from a forgotten open window.
However, thank you for your response and your support. The admin tools is an exellent security product.
Thursday, 25 May 2017 17:17 CDT
System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.