Announcement

#1 2021-05-05 06:42:17

TabulaRetina
Member
2016-05-11
17

Single Edit mode 403

Woo hoo, a new 403! After years of providing a workaround for the Login 403 that caught numerous users out, Piwigo has tossed me a fresh challenge. Now the Single Edit bulk-editing page throws the following useless 403 message when I try to update photo information:

403
Forbidden
Access to this resource on the server is denied!

Individual photo editing works just fine and saves correctly. Login works fine (because I still have my hack in place). Only Single Edit breaks on save. Maybe I've unlocked a new ransomware feature.

This was a very recent change, because I was able to bulk edit before the last "minor fix" update.

Environment Details:
    Piwigo 11.4.0
    Operating system: Linux
    PHP: 5.6.40 (Show info) [2021-05-05 00:33:34]
    MySQL: 10.3.28-MariaDB-log-cll-lve [2021-05-05 00:33:34]
    Graphics Library: ImageMagick 7.0.10-10

Piwigo URL: http://photos.tabularetina.com

Regression testing is your friend.

Offline

 

#2 2021-05-15 04:01:14

TabulaRetina
Member
2016-05-11
17

Re: Single Edit mode 403

Latest release didn't fix this.

Again, why would I be able to edit photo metadata everywhere except the batch edit page? This is ridiculous. Especially as it worked fine two releases back.

Offline

 

#3 2021-05-15 10:27:01

erAck
Only trying to help
2015-09-06
1396

Re: Single Edit mode 403

What is "the Single Edit bulk-editing page"?
And what exactly are you doing there?


Running Piwigo at https://erack.net/gallery/

Offline

 

#4 2021-05-15 14:39:25

TabulaRetina
Member
2016-05-11
17

Re: Single Edit mode 403

It's the confusingly-named "single mode" photo info editor page under Batch Manager, which in fact edits a group of photos' info. Used when editing the metadata on multiple photos that are in the Basket, for example. It usually displays 5 photos by default and lets one set the title, description, tags, etc. What's the official name for this page so that I don't trigger the a**l-retentives in future?

Awesome passive-aggressive tone, by the way. I can really sense the urge to help. Just so you know, I've been developing software for decades, and I've patched this very product to get around bugs before. So if your tagline here is meant to be true, I recommend you save the condescension when talking to frustrated users.

Last edited by TabulaRetina (2021-05-15 14:40:12)

Offline

 

#5 2021-05-15 15:11:02

TabulaRetina
Member
2016-05-11
17

Re: Single Edit mode 403

Here is the console trace when I try to save the page in Firefox.

POST    http://[my domain]/admin.php?page=batch_manager&mode=unit
Status    403 Forbidden
Version    HTTP/1.1
Transferred    1.44 KB (1.20 KB size)
Referrer Policy    strict-origin-when-cross-origin

So it sounds like a potential CORS problem. Once again, saving a single photo works fine. It's only when mode=unit that a 403 results. I've been going through the code and nothing is obvious, nor do there appear to be any permissions issues on the files on my host. I would think if it were a permissions issue on a base file then no saving would work.

I'll try the page in another browser since Firefox is especially sensitive to CORS issues. If it works there then that's the cause.

EDIT: It throws a 403 in Edge as well. So it's not just Firefox. Could still be CORS of course, but it's not restricted to one browser.

Last edited by TabulaRetina (2021-05-15 15:14:32)

Offline

 

#6 2021-05-15 16:03:21

Zentalquabula
Member
2014-05-10
208

Re: Single Edit mode 403

Works for me. What are your permissions for batch* in the admin folder?

-rwxr-xr-x 1 www-data www-data 20543 Jan 22 17:13 batch_manager_global.php
-rwxr-xr-x 1 www-data www-data 22586 May 14 16:17 batch_manager.php
-rwxr-xr-x 1 www-data www-data  6914 Jan 22 17:13 batch_manager_unit.php

Offline

 

#7 2021-05-15 17:47:50

erAck
Only trying to help
2015-09-06
1396

Re: Single Edit mode 403

> trigger the a**l-retentives in future?
> Awesome passive-aggressive tone, by the way.
> I've been developing software for decades
> I recommend you save the condescension

Awesome. Thank you for telling that you do not want my help so I won't waste time on this.

I just asked what exactly you were doing where because I did not understand. You king of condescension.


Running Piwigo at https://erack.net/gallery/

Offline

 

#8 2021-05-15 17:58:18

Zentalquabula
Member
2014-05-10
208

Re: Single Edit mode 403

Offline

 

#9 2021-05-15 18:09:20

TabulaRetina
Member
2016-05-11
17

Re: Single Edit mode 403

Zentalquabula wrote:

Works for me. What are your permissions for batch* in the admin folder?

-rwxr-xr-x 1 www-data www-data 20543 Jan 22 17:13 batch_manager_global.php
-rwxr-xr-x 1 www-data www-data 22586 May 14 16:17 batch_manager.php
-rwxr-xr-x 1 www-data www-data  6914 Jan 22 17:13 batch_manager_unit.php

Same values here. As I say, it's only the "unit" save that fails. Every other kind of save works fine. So I don't think it's a file permission issue, unless one of the pages invoked by the "unit" save has an issue. Is there an include file that only that page uses?

This worked on my host two versions ago. It broke in the previous version. Absolutely nothing changed in my environment, and I updated Piwigo the way I always do (through the upgrade link inside the program admin interface). Something changed recently in the release that broke this for me. Maybe only for me, or maybe I'm the only person posting about it. But I'd love for the Piwigo team to tell me what they changed either in batch_manager_unit.php or in one of the files loaded by that page that would cause such a specific 403 denial.

Offline

 

#10 2022-02-21 18:06:43

geori
Member
2022-02-21
2

Re: Single Edit mode 403

I've hit the same problem (Piwigo 11.5.0) as described. Save works elsewhere but not from Single Edit from Bulk Edit. Looks like the last activity here was May last year. Is there a fix?

Offline

 

#11 2022-02-21 19:09:54

TabulaRetina
Member
2016-05-11
17

Re: Single Edit mode 403

No, it's only gotten worse. Not only has this not been fixed, but now when I try to save metadata on an Album (such as changing its name) I also get the error page. Basically the application is continually decaying into uselessness.

I followed the suggestion here a while back to put the application behind an SSL certificate, and that did sod-all to fix it. The developers have the attitude that if it works on their setup then c'est la vie for everyone else. I've pointed out to them before that their page routing code has assumptions in it which will cause it to break under various configurations, but again, they can't be bothered to address that. Once I find a replacement for Piwigo that I can migrate all my existing gallery data into, I'll be on it in a heartbeat.

I've given up on expecting the developers to address this, or even to respond. And experience has shown that even if they do respond, it will just be to put the blame back on the users. I say this not only as a user, but as a developer who creates applications for public use and who addresses all user concerns. Part of a dying breed, clearly.

Offline

 

#12 2022-02-22 10:48:50

geori
Member
2022-02-21
2

Re: Single Edit mode 403

Thanks for the quick response. I've already got an SSL cert on the site, so that's not going to make a difference.

If anyone else can help - steps to reproduce:

  1. In Admin, go to Batch Manager and select a set of images to work on
  2. Select 'single mode'
  3. Make any change to any of the data for an image
  4. Select 'Submit'
  5. Browser returns a 403 errors 'Access to this resource on the server is denied' and changes are not saved

I encounter the same problem on the Configuration -> General tab: attempting to Save Settings returns the same 403 error. (Workaround I use is to edit these settings directly in the DB.)

Instance info:

Piwigo 12.2.0
Operating system: Linux
PHP: 7.3.33
MySQL: 10.3.32-MariaDB-log-cll-lve
Graphics Library: ImageMagick 7.1.0-2

Offline

 

Board footer

Powered by FluxBB

github twitter newsletter Donate Piwigo.org © 2002-2022 · Contact