Incompatible with JetEngine’s Gutenberg blocks

  • Resolved gdeschep

    (@gdeschep)


    4 years, 8 months ago

    Hi Jeff,

    When BBQ Firewall is active, I can’t use some of the JetEngine blocks in the Gutenberg editor, e.g. “dynamic field” or “dynamic terms”.
    When adding such a block, the following error is shown: “The response is not a valid JSON response”.
    The reason appears to be a 403 forbidden response, so I tried disabling the BBQ Firewall and then it works fine.

    I also tested with the 7G Firewall and the same issue occurs.
    After some testing I could nail it down to the following rule:

    RewriteCond %{QUERY_STRING} (((/|%2f){3,3})|((\.|%2e){3,3})|((\.|%2e){2,2})(/|%2f|%u2215)) [NC,OR]

    Commenting out that rule in htaccess solves the issue.

    Since BBQ firewall is based on 7G Firewall I guess BBQ applies this very same rule?

    Here is an example request used by the JetEngine plugin:

    https://mywebsite.com/wp-json/wp/v2/block-renderer/jet-engine/dynamic-field?context=edit&attributes[dynamic_field_source]=object&attributes[dynamic_field_post_object]=name&attributes[dynamic_field_relation_type]=grandparents&attributes[dynamic_field_relation_post_type]=&attributes[dynamic_field_wp_excerpt]=false&attributes[dynamic_excerpt_more]=...&attributes[dynamic_excerpt_length]=&attributes[selected_field_icon_url]=&attributes[field_tag]=div&attributes[hide_if_empty]=false&attributes[dynamic_field_filter]=false&attributes[date_format]=F-j-Y&attributes[num_dec_point]=.&attributes[num_thousands_sep]=,&attributes[num_decimals]=2&attributes[related_list_is_single]=false&attributes[related_list_is_linked]=true&attributes[related_list_tag]=ul&attributes[multiselect_delimiter]=,&attributes[labels_by_glossary]=,&attributes[dynamic_field_custom]=false&attributes[dynamic_field_format]=%s&attributes[checklist_cols_num]=1&attributes[checklist_divider]=false&attributes[zeroise_threshold]=0&attributes[child_path]=&attributes[field_display]=inline&post_id=86&object=6&listing[listing_source]=terms&listing[listing_post_type]=post&listing[listing_tax]=themas&listing[repeater_source]=jet_engine&listing[repeater_field]=&listing[repeater_option]=&_locale=user

    Thanks,

    Guy

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Jeff Starr

    (@specialk)

    4 years, 8 months ago

    Hey Guy, yes I am seeing it. Will get it fixed up in the next plugin update. Thank you for reporting.

    • This reply was modified 4 years, 8 months ago by Jeff Starr.
    Thread Starter gdeschep

    (@gdeschep)

    4 years, 8 months ago

    Hi Jeff, thanks for the confirmation.
    Since the website is currently in development I can temporarily disable it until the new version is out.

    Plugin Author Jeff Starr

    (@specialk)

    4 years, 4 months ago

    Hey @gdeschep, updating BBQ and looking at this. In the request data above, the three dots are blocked:

    ...

    Is that part of the actual request, or did you truncate the data by replacing a chunk of it with the dots?

    • This reply was modified 4 years, 4 months ago by Jeff Starr.
    Plugin Author Jeff Starr

    (@specialk)

    4 years, 4 months ago

    Either way, I can’t remove the three dots from the rules. But you can use the custom BBQ plugin and add the following line:

    $bbq_whitelist_query_string_items = array('\.\.\.');

    That will resolve the reported false positive and allow requests with three dots in the query string. Let me know if any questions about this, glad to help anytime.

    Thread Starter gdeschep

    (@gdeschep)

    4 years, 4 months ago

    Hi @specialk,

    I didn’t truncate anything in the data I posted before, so yes, the request apparently does contain those 3 dots indeed.
    Looking at it in more depth I can see it’s the value for the attribute “dynamic_excerpt_more”, so it seems to me it’s meant for passing the text that should be used by the blocks for displaying a “read more” link.
    Not sure this is a good idea, but anyway, in the end we went with another solution because we had too many issues with the JetEngine plugin.

    But nevertheless a big thank you for following up on this issue!

    Plugin Author Jeff Starr

    (@specialk)

    4 years, 4 months ago

    Thank you, @gdeschep!

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Incompatible with JetEngine’s Gutenberg blocks’ is closed to new replies.