Гость
16 Янв 2014 14:55

This is a continuation of the "Looking for help with import" issue from last year, but with a little more investigation. The Server is Apache.

Trying to import a file. On one site we are successful. In the other site (different host) we are not. Same import file. On the second site we do not see the message: "Data has been parsed successfully. Please proceed to the next step!"

We do see the file successfully uploaded on both sites.

Looking at the import.php code, I see there are messages that are generated during the process. How can I get those messages displayed? I have searched on this site for the answer but was unsuccessful (PS, I am Joomla novice and this is the first PHP code I've looked at).

Последние изменения: 07 Март 2014


Sergey
Total posts: 13,748
17 Янв 2014 00:48

You are saying that the same CSV file works on one server and does not no the other? And file successfully uploaded to the server in both cases?

Then I can only check it if you give me admin access and attach file that you try to import.


Гость
17 Янв 2014 11:34

Yes, that is correct. Here is the site.

Derrick had already set you up as super user. Username: sergey. Let me know if you need the password reset.

I've attached the file, and one from the previous thread which was reported to be successful on another site:


Гость
17 Янв 2014 11:35

Sergey,

I have included the info in a private post.


Гость
17 Янв 2014 15:37

Sergey,

I've changed your password to "cobaltguru" in case you don't remember the previous one. Thanks.

Bill


Sergey
Total posts: 13,748
19 Янв 2014 23:21

Here is what I found

Looks like you have some sort of htaccess protection and import script cannot access JSON file with information.


Гость
20 Янв 2014 13:59

Sergey,

Here is our .htaccess file.

I'm guessing this is the section where the 'tmp' directory gets forbidden.

Disallow front-end access for certain Joomla! system directories

RewriteRule ^(includes/js/.*)$ - [L]

RewriteRule ^(|includes|language|logs|tmp|libraries/joomla|libraries/phpmailer|libraries/phputf8|libraries/simplepie)/.*$ index.php [F,L]

Here is an excerpt from Joomla's security file page that seems to do the same thing.

Disallow front-end access for certain Joomla! system directories

RewriteRule ^includes/js/ - [L]

RewriteRule ^(cache|includes|language|libraries|logs|tmp)/ - [F]


Гость
20 Янв 2014 14:13

Sergey,

Followup,

I removed the tmp file from the .htaccess file and was able to import successfully! Looks like that was it. Thanks for your help.

Not sure if this opens up a serious security breach or not.

Cheers,

Bill


Sergey
Total posts: 13,748
20 Янв 2014 23:51

Not sure if this opens up a serious security breach or not.

Нщг can place htaccess file inside tmp folder and protect. But I do not think there is something unsafe in having tmp folder accessible unless you main htaccess disallow any .php file from any location except index.php


Гость
06 Март 2014 20:23

We have moved the site to another host, which happens to be the host where we first encountered the initial problem. That host does not provide access to the .htaccess file via cPanel or Filezilla. We have contacted them and after some discussion they agreed to modify the .htaccess file.

They are using the standard Joomla .htaccess language for their clients, so I am surprised that more users of the Import module have not had this problem.

Is it possible to change the name of the directory that Cobalt uses for import to one that is not on the protected list?


Sergey
Total posts: 13,748
07 Март 2014 07:27

For example what directory?

From security perspective, tmp is the best directory. It is opened anyway. So you ahve to protect it. Cobalt import may be absolutely sure it will get access to upload a file there.

I am not to critic, but that is simply not acceptible not give access to htaccess. What if you want to insert extra security protection there from difefren well known exploits? Should you wait til they agree?

The hole purpose of .htaccess is to give every domain user to manage Apache beaviour without accessing main configuration file. I do not see any sense to disable it.

Работает на Cobalt