back to phpList.org

3.3.3 Manage campaign link errors and wsod with mod_security results here


#1

See attached screen-shots. Also the following information - some provided by mod_security results. Also, even with mod_security turned off, there is still a blank screen on the link that doesn’t work (shown in attached image).

link URL for manage campaign from inside orange icon:
https://www.somedomain.com/lists/admin/?page=messages&tk=50465b7c85e708be297052aa91b47a56

Link URL for manage campaing from left-side navigation bar:
https://www.somedomain.com/lists/admin/?page=main&pi=CampaignsPlugin&tk=50465b7c85e708be297052aa91b47a56

with mod_security running:

2018-06-27 21:41:42 www.somedomain.com xx.xxx.xx.xx ERROR 403 php information leakage
Request:
GET /lists/admin/?page=main&pi=CampaignsPlugin&tk=50465b7c85e708be297052aa91b47a56
Action Description:
Access denied with code 403 (phase 4).
Justification:
Matched phrase "b> on line " at RESPONSE_BODY.

blank page even with mod_security turned off


Using PHP Version 5.6.36


#2

Fixed. Updated campaign plugin.

Suggestion: don’t identify two separate processes with the same name:

Manage Campaigns (in orange icon) and Manage Campaigns (in the left-side navigation panel).

One manages campaigns in the traditional sense and the other uses a PLUGIN to add extended features.

Confusing to users.

Thanks for the great product though - phplist rocks!