I am getting the following error while trying to edit an album's sub-album:
"Zenphoto Error: the requested object was not found. Please go back and try again."
Checking the error page's source shows:
"<!-- The requested object (album="zp-core": image="admin.php") was not found. -->"
The problem only occurs when trying to edit an album's sub-album and has no problems with the front end or any other administrative pages. See the two links below to see what works and what doesn't:
This works -->
http://www.mysite.com/zp-core/admin.php?page=edit&album=my-albumThis doesn't -->
http://www.mysite.com/zp-core/admin.php?page=edit&album=my-album/my-subalbumThe actual address in the address bar of an error page changes the final forward slash of the url to %2F (
http://www.mysite.com/zp-core/admin.php?page=edit&album=my-album/my-subalbum). This leads me to believe that there is perhaps a problem with the regular expressions? mod_rewrite is enabled.
I was using ver. 1.1.4 but upgraded to try to fix the problem, to no avail.
Currently I have ver. 1.1.6 (05/16/2008)
If anyone has any suggestions or ideas, it would be greatly appreciated. Thanks in advance!
Zenphoto
Comments
I cannot reproduce this on my gallery. The %2F is actually correct. The album path is urlencoded to prevent link problems and this changes the slash to a %2F. that is stripped out when the album path is processed by admin.
The behavior you are describing sounds like the admin.php script was not found in the second case. Where did the link `http://www.mysite.com/zp-core/admin.php?page=edit&album=my-album/my-subalbum` come from? It is not correct.
I'm continuing to try to troubleshoot this and I've made it a step further. Perhaps this info will help you help me
I think the URL is getting trapped in this particular line of the mod-rewrite of the htaccess file, but I'm not positive yet and I'm starting to experiment at this point.
# Catch-all - everything else gets handled in PHP for compatibility.
RewriteRule ^(.*)/?$ index.php?album=$1 [L,QSA]
I think this is perhaps that the server is seeing the "/" or "%2F" in the album variable as a directory... as though it's ignoring the fact it's a PHP page with a querystring, or it's requesting a 403.shtml error page (indicating a permission error?) and then when the file doesn't exist in the root it's hitting that catch-all above. This is causing the album variable to come through as 403.shtml. See my phpinfo() environment variable list below.
PHP_SELF /index.php
_REQUEST["album"] 403.shtml
_GET["album"] 403.shtml
_SERVER["GATEWAY_INTERFACE"] CGI/1.1
_SERVER["HTTP_HOST"] www.highcountryphotos.com
_SERVER["HTTP_MOD_SECURITY_ACTION"] 403
_SERVER["HTTP_MOD_SECURITY_MESSAGE"] Access denied with code 403. Pattern match "(\\.\\./\\.\\.|/|(http|https|ftp)\\:/)" at ARG("album") [id "HG2008030101"][rev "1"] [msg "phpThumb album RFI"] [severity "NOTICE"]
_SERVER["HTTP_REFERER"] http://www.highcountryphotos.com/zp-core/admin.php?page=edit&album=appalachian-mountain-photography-competition
_SERVER["QUERY_STRING"] album=403.shtml
_SERVER["REDIRECT_QUERY_STRING"] album=403.shtml
_SERVER["REDIRECT_REDIRECT_REQUEST_METHOD"] GET
_SERVER["REDIRECT_REDIRECT_STATUS"] 403
_SERVER["REDIRECT_REDIRECT_mod_security_relevant"] 1
_SERVER["REDIRECT_STATUS"] 403
_SERVER["REDIRECT_URL"] /403.shtml
_SERVER["REQUEST_METHOD"] GET
_SERVER["REQUEST_URI"] /zp-core/admin.php?page=edit&album=appalachian-mountain-photography-competition%2F2008
_SERVER["SCRIPT_NAME"] /index.php
_SERVER["SERVER_SIGNATURE"] <ADDRESS>Apache/1.3.41 Server at www.highcountryphotos.com Port 80</ADDRESS>
_SERVER["SERVER_SOFTWARE"] Apache/1.3.41 (Unix) mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.7a
_SERVER["PHP_SELF"] /index.php
_SERVER["argv"] Array
(
[0] => album=403.shtml
)
Thanks so much for the insight!
Joe
I have found the issue, and it was indeed with my host. This might be an issue for other hosts as well, but the error had to do with server settings. After finally determining that the server was giving the 403 error and not the script, I started researching why the server wouldn't give us permission to execute the script. I searched for "hostgator 403 problems" in google and I got lucky with the answer on the first listing.
There was a clue above also in the environment variables dealing with the "MOD_SECURITY_ACTION" variable getting inserted on only the pages that I had the error with.
So, apparantly Hostgator has recently turned on some security filters for mod_rewrite that I was not aware of. The way I fixed this was to simply add the following 2 lines to the top of my .htaccess file:
SecFilterEngine Off
SecFilterScanPOST Off
I sure hope this helps someone else. I also might point out that in troubleshooting this through the forums that it was hard to determine when someone was talking about a SERVER 403 error and a ZENPHOTO 403 error, as zenphoto does indeed generate it's own 403's. That might need to be clarified.
For reference, here are the links to more details about the issue as I found them in Google:
http://www.requestedresponse.com/cgi-bin/kb.cgi?do=read&id=10&lang=en
and
http://forum.joomla.org/viewtopic.php?f=126&t=277888
Thanks for your efforts!
Joe