Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.9.4 (stable) is now available! Go get it now

Issue with tickets.php ?

When viewing a ticket, next to the email address is a number in brackets

eg: [email]user@domain.co.uk[/email] (3)

Clicking on '3' should show me all the tickets associated with that email address.
Instead I get:

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, [email]webmaster@domain.co.uk[/email] and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Any idea why ? The link for '3' is:

http://xxxx.domain.co.uk/scp/tickets.php?a=search&query=user@domain.co.uk

Thanks :)

Comments

  • Hmmm interesting. What happens if you do a normal search from the open or closed tickets pages?
  • Normal searches etc work fine.

    Just noticed this:

    This URL works:
    http://helpdesk.domain.co.uk/scp/tickets.php?a=search&query=issues

    This fails:
    http://helpdesk.domain.co.uk/scp/tickets.php?a=search&query=iss@es
    note the @ symbol.

    So searches with @ fail !!
  • said:

    Normal searches etc work fine.

    Just noticed this:

    This URL works:
    http://helpdesk.domain.co.uk/scp/tickets.php?a=search&query=issues

    This fails:
    http://helpdesk.domain.co.uk/scp/tickets.php?a=search&query=iss@es
    note the @ symbol.

    So searches with @ fail !!

    Hmm, which of course the @ will be in any of these that you are trying. When you click on the link does it actually show the @ symbol in the address bar? On mine it replaces the @ with a %40 (Hex Code). I'm running 1.6RC5, are you on RC5 or ST or something else?
  • Lastest download from the website.
    @ is replaced with %40.

    Also noticed a normal search with @ shows the same error..
    (which is also changed to %40)
  • Do you have access to your SQL logs? I would next see what its trying to search for there and see if maybe thats the problem.
  • Not sure if I can get the logs, but I can run an sql query to see if that works.
    Any idea what the page is trying to run ?
  • It looks like the search function is within include/staff/tickets.inc.php

    The following is what I have:
    //See if this is a search
    $search=$_REQUEST['a']=='search'?true:false;
    $searchTerm='';
    //make sure the search query is 3 chars min...defaults to no query with warning message
    if($search) {
    $searchTerm=$_REQUEST['query'];
    if( ($_REQUEST['query'] && strlen($_REQUEST['query'])<3)
    || (!$_REQUEST['query'] && isset($_REQUEST['basic_search'])) ){ //Why do I care about this crap...
    $search=false; //Instead of an error page...default back to regular query..with no search.
    $errors['err']='Search term must be more than 3 chars';
    $searchTerm='';
    }
    }


    Do you have the same?
  • This is mine.. looks the same !

    //See if this is a search
    $search=$_REQUEST['a']=='search'?true:false;
    $searchTerm='';
    //make sure the search query is 3 chars min...defaults to no query with warning message
    if($search) {
    $searchTerm=$_REQUEST['query'];
    if( ($_REQUEST['query'] && strlen($_REQUEST['query'])<3)
    || (!$_REQUEST['query'] && isset($_REQUEST['basic_search'])) ){ //Why do I care about this crap...
    $search=false; //Instead of an error page...default back to regular query..with no search.
    $errors['err']='Search term must be more than 3 chars';
    $searchTerm='';
    }
    }


    Just tried a quick " SELECT * FROM `ost_ticket` WHERE email LIKE '%@%' "
    Worked fine with no errors, this was via phpmysql !
  • Anyone any ideas on this ?
    My host think it should be fine !!

    I've reinstalled to be sure yet still have the error.
    Help :?
  • Sorry, I'm only good at troubleshooting when I've got full access to the servers logs. What OS are you installing this on?
  • The server is linux based :

    Operating system Linux
    Kernel version 2.6.18-164.el5
    cPanel Version 11.25.0-RELEASE
    Architecture x86_64
    MySQL version 5.0.91-community
    cPanel Build 46156
    Path to sendmail /usr/sbin/sendmail
    Apache version 2.2.11
    PHP version 5.2.10

    I've also tried to reinstall via cpanel / fantastico.
    Installed OK, but same error on search !
  • Damn, it looks like you are on almost the same environment as me. I'm on Ubuntu with MySQL 5 and PHP 5.1.2. Maybe its something in there but otherwise I'm afraid I'm of no more use. Maybe one of the developers could be more helpful :confused:
  • Thanks for your help..

    If anyone has any other ideas, please let me know :)
    I want to try and get this working !
  • This has been resolved. Turns out to have been an ISP issue.

    Not sure what they changed but it's working :)

    Thanks
  • tickets.php issue

    Very interesting.
    I can go directly to the link below and get the page to display correctly. Or to the site with %40 vice @ and it still works. Could this have something to do with php short tags? (I'm grasping at straws here)

    http://sitename/scp/tickets.php?a=search&query=Firstname.Lastname@email.com
  • said:

    Very interesting.
    I can go directly to the link below and get the page to display correctly. Or to the site with %40 vice @ and it still works. Could this have something to do with php short tags? (I'm grasping at straws here)

    http://sitename/scp/tickets.php?a=search&query=Firstname.Lastname@email.com
    I would guess that its not as I believe osTickets has short tags in several different places. Could always test by replacing any short tags in the effecting files though. :)
  • I would assume it's mod security in WHM because of the following rule:

    #Command inline detection
    SecRule REQUEST_URI "( |\;|/|\'|,|\&|\=|\.)((s|r)(sh|cp)) *(.*\@.*|(http|https|ftp)\:/|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|.*[A-Za-z|0-9]\.[a-zA-Z]{2,4}/|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)"

    Kicks This Error:

    Access denied with code 500 (phase 2). Pattern match "( |\\;|/|\\'|,|\\&|\\=|\\.)((s|r)(sh|cp)) *(.*\\@.*|(http|https|ftp)\\:/|[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|.*[A-Za-z|0-9]\\.[a-zA-Z]{2,4}/|[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+)" at REQUEST_URI.

    I'm having the same issue and looking on how to just fix it for this script instead of changing mod security server wide.

    Note-> If you disable the entire rule the issue goes away.
  • SOLVED:

    1. Locate this rule in the mod security configuration in whm:

    SecRule REQUEST_URI "( |\;|/|\'|,|\&|\=|\.)((s|r)(sh|cp)) *(.*\@.*|(http|https|ftp)\:/|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|.*[A-Za-z|0-9]\.[a-zA-Z]{2,4}/|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)"

    2. Append a 7 digit unique id number at the end with the quotation marks like this:

    SecRule REQUEST_URI "( |\;|/|\'|,|\&|\=|\.)((s|r)(sh|cp)) *(.*\@.*|(http|https|ftp)\:/|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|.*[A-Za-z|0-9]\.[a-zA-Z]{2,4}/|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)" "id:1022001"


    3. Then you must add this entry with your appropriate path:


    SecRuleRemoveById 1022001


    To the following file:

    /usr/local/apache/conf/modsec2/whitelist.conf

    4. Restart Apache

    Now this mod security rule will be disabled only on this page.
Sign In or Register to comment.