WordPress.org

Forums

BulletProof Security
[resolved] Commenting Error on Buddpress Forum (49 posts)

  1. sweetmelody
    Member
    Posted 2 years ago #

    Once a comment is posted to a (Buddypress) forum topic, the following error message displays:

    Forbidden
    
    You don't have permission to access /groups/vegetarian-helpdesk/forum/topic/TEST/ on this server.
    
    Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

    The error can be removed by turning on the Default Mode.

    Please help, thank you!

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    What type of Forum setup do you have Group Forums or Site Wide Forums? Please post the query string so i can see what might be blocked in the query string. This is not occurring on my test site/testing.

    This forum contains 1 topic and 1 reply, and was last updated by buddypress 1 second ago.

    the query string is this: /forum/forumtest/#post-25
    and i had no problems posting a reply or comment or anything else. There was an older issue/conflict with adding replies and comments in previous versions of BuddyPress, but it was fixed.

    So you must have some other issue going on. post the URL to your website and forum where the issue is occuring.

  3. sweetmelody
    Member
    Posted 2 years ago #

    I'm using discussion forum, powered by bbPress. After posting this comment I will email the login details to you.

    website
    forum link

    Thanks for helping.

  4. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Please do not send a WordPress Dashboard Admin login account to me. If you are talking about a Forum Subscriber login then that is fine.

  5. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Ok this is an old query string problem that was occurring on older versions of BuddyPress. In BuddyPress version 1.6.1 this coding issue was fixed so i am not sure why this is occurring on your website if you have BuddyPress 1.6.1 installed.

    Here is the problem. in this reply link below the query string is mangled and is a known security vulnerability - /?#post-47 is bad news.
    vegeangel.com/groups/vegetarian-recipes/forum/topic/spaghetti-bolognaise/?#post-47

    See this thread for why that mangled query string is bad news >>> http://wordpress.org/support/topic/plugin-bulletproof-security-buddypress-and-403?replies=31

    If you want to temporarily allow this bad query string than you will need to comment out this very important security filter, which i obviously do not recommend doing. ;)

    add a pound sign in front of the RFI/XSS security filter below.

    #RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
  6. sweetmelody
    Member
    Posted 2 years ago #

    I agree, I'm not putting the risky filter.

    You have tried BP 1.6.1 on your site and looks fine? Do you think this is related to the Genesis Connect plugin?

    I'm using Studiopress theme so I need to connect the theme to BP with the plugin.

    Thanks.

  7. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Yes, the coding glitch in BuddyPress was fixed in version 1.6.1 - the problem was that for some reason query strings were getting mangled ONLY on page 1 of comment replies and page 2 comment replies were fine. my hunch is that you have installed some additional BuddyPress plugin or additional feature that hooks into BuddyPress 1.6.1 and that additional plugin or feature does not have the updated/corrected code.

    If the Genesis Connect plugin is hooking into BuddyPress then yes it is possible, but very doubtful. What you should be looking at is any direct additional BuddyPress plugins or features that would be overriding the BuddyPress 1.6.1 coding by hooking into BuddyPress.

    If Studiopress is hooking into BuddyPress and it is using the old code then this is much more likely the problem. Try switching to the default BuddyPress Theme either on your Live site or if you cannot afford to do this on your Live site then install another test site in another folder.

  8. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Also is there any chance that you BuddyPress version is not actually really 1.6.1? Have you tried reinstalling BuddyPress?

  9. sweetmelody
    Member
    Posted 2 years ago #

    This is a really a pain. :(

    1. Tried to deactivate all plugins except BP, GC and BPS but still the same. I have another site with GC installed and works fine. Conclusion: GC not a problem.

    2. BP is 1.6.1 but haven't try to reinstall it as I can't figure out how to do it safe.

    Sigh...

  10. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Yeah be very, very careful when doing anything with BuddyPress like re-installing it - back up everything before doing anything. And only do a re-installation as a last resort. I found a couple of gnarly issues the hard way in the previous version of BuddyPress when i did an uninstall of BuddyPress. I got a white screen of death and it completely wiped out a couple of my testing websites. I think whatever issues were going on in the last version or two have now been fixed, but don't take any chances. ;)

    ok so how about switching to the default BuddyPress Theme? Have you tried that yet? Or maybe before trying that you should contact the StudioPress folks and see if they have come across this problem before.

  11. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    I think you need to install a test site in another folder under your Hosting account at this point so that you can isolate the exact problem area, which is looking more and more like a Genesis Connect / BuddyPress conflict.

    Install a new test WordPress site, install BuddyPress and use the default BuddyPress Theme, then test comment replies and look at the query strings.

    they should look like this
    /members/#comment-4

    if you see this then there is a problem
    /?#post-47

    next install Genesis Connect

    query strings should look like this
    /members/#comment-4

    if you see this then there is a problem
    /?#post-47

  12. sweetmelody
    Member
    Posted 2 years ago #

    Just sent a help request to Studiopress forum, will update you on this issue as soon as a reply is received.

    * haven't try to do a test site before, hence decided to go for a easy adventure first.

    Thank you!

  13. sweetmelody
    Member
    Posted 2 years ago #

    Help!

    Received a reply from studio that I should contact my webhost for this matter as any query string which causes a 403 is neither from WP nor BP but from my webserver.

    So, I when to seek help from my webhost and they say:

    This problem was being caused by your "BULLETPROOF SECURE .HTACCESS" file. I switched this file from the bulletproof .htaccess to the default wordpress .htaccess and the error went away. I did not delete the old file, it is still present at MYSITE/.htaccess_old so you can put it back and troubleshoot which lines are causing the buddypress to break.

    What should I do now? The problem is not solved and my site is not protected by BPS. Please help, thank you!

  14. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Well at this point i think you are just going to have to activate BulletProof Mode for your root folder and comment out this security filter below.

    #RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]

    Somehow the new BuddyPress coding/file that handles this old bug is not working on your particular website. I think something did not update correctly when you upgraded to BuddyPress 1.6.1 on your website because your website is still using the old BuddyPress coding that has this old problem in it.

  15. sweetmelody
    Member
    Posted 2 years ago #

    What about the > MYSITE/.htaccess_old? Do I have to rename it to MYSITE/.htaccess before activating Bulletproof Mode?

    Once the BPS is activated, should I try to test the default BP theme first? I'm trying to avoid the use of the filter.

    Thanks.

  16. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    You can either rename it or just delete it and create a new .htaccess file from within BPS.

    To be honest with you what i see is that this is not a procedural, DIY or customization issue. Something is either corrupted or did not get updated in the BuddyPress 1.6.1 upgrade on your particular website. I seriously doubt (total hail mary longshot) that this is a caching plugin problem - a caching plugin has somehow cached an the old BuddyPress files/coding - but you can rule that out by deleting your caching plugin's cache.

    If it were me this is what i would do.
    Download a copy of your BuddyPress plugin folder to your computer.
    Download the latest version of the BuddyPress plugin.
    Manually upload the BuddyPress plugin folder and overwrite your existing BuddyPress plugin folder.

  17. sweetmelody
    Member
    Posted 2 years ago #

    Okay, will work on the corrupted issue after the security shield is back on line.

    I have just deleted the .htaccess_old, in order to create a new .htaccess from within BPS, do I need to to click both 'create default.htaccess File' and 'create secure.htaccess File'?

  18. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    I click both buttons just so i don't make a mistake. That choice is entirely up to you, but it is better to safe then sorry.

  19. sweetmelody
    Member
    Posted 2 years ago #

    No good, reinstalled BP and the problem remains. :(

    forum post

  20. sweetmelody
    Member
    Posted 2 years ago #

    Switched to default BP theme and deactivated GC but the situation ain't improving too.

  21. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Ok well i guess this is going to remain an unsolved mystery of where that coding glitch/bug is coming from so you will just have to comment out the BPS security filter so that it no longer blocks this malformed query string. ;)

    I wonder if something like this is happening - any individual forums created prior to BuddyPress 1.6.1 will still use the old query string coding? they only way that would be possible is if the old forum links, etc are stored in your database and not processed from the BuddyPress coding itself. Very unlikely, but i cannot think of anything else besides maybe some sort of caching or Cloud issue where the old files or data is being cached or stored.

  22. sweetmelody
    Member
    Posted 2 years ago #

    Tried to reply to an old forum post but same error, sigh...

    Not going to include the filter as it's risky, hope BP1.6.2 comes early and solves the problem.

    Many thanks.

  23. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    The coding issue has been solved in BuddyPress 1.6.1. I have personally verified this on a testing website. I have followed up with several people who were experiencing this problem with older BuddyPress versions and all of them have confirmed that installing BuddyPress 1.6.1 has solved this old issue. So maybe installing BuddyPress 1.6.2 will solve this issue on your site or maybe whatever problem is occurring on your website will continue to happen even after installing BuddyPress 1.6.2.

    I should have mentioned trying to Debug the code. You can try these things below and maybe it will point out/pinpoint the problem area on your website.

    Add these 3 Constants to your wp-config.php file.

    // turns WP Debug on
    define('WP_DEBUG', true);
    // logs errors to the wp error log
    define('WP_DEBUG_LOG', true);
    // will display any errors in your browser
    define('WP_DEBUG_DISPLAY', true);

    You would also want to check your website's php error log for any errors.

    You would also want to check your Server logs for any errors.

    Also i don't think you tried this recommendation i made.
    Create a new WordPress Installation (new website) under your Hosting Account and install BuddyPress 1.6.1 and test everything.

  24. sweetmelody
    Member
    Posted 2 years ago #

    Managed to open 'Error Logs' and found some suspicious errors (though incapable to manage them):

    WordPress database error Multiple primary key defined for query ALTER TABLE wp_bb_term_relationships ADD PRIMARY KEY (object_id, term_taxonomy_id) made by require('wp-blog-header.php'), require_once('wp-includes/template-loader.php'), do_action('template_redirect'), call_user_func_array, bp_template_redirect, do_action('bp_template_redirect'), call_user_func_array, bp_screens, do_action('bp_screens'), call_user_func_array, groups_screen_group_forum, bp_forums_get_topic_id_from_slug, do_action('bbpress_init'), call_user_func_array, bp_forums_load_bbpress, bp_bb_dbDelta
    
    Duplicate key name 'term_id_taxonomy' for query ALTER TABLE wp_bb_term_taxonomy ADD UNIQUE KEY term_id_taxonomy (term_id, taxonomy) made by require('wp-blog-header.php'), require_once('wp-includes/template-loader.php'), do_action('template_redirect'), call_user_func_array, bp_template_redirect, do_action('bp_template_redirect'), call_user_func_array, bp_screens, do_action('bp_screens'), call_user_func_array, groups_screen_group_forum, bp_forums_get_topic_id_from_slug, do_action('bbpress_init'), call_user_func_array, bp_forums_load_bbpress, bp_bb_dbDelta
    
    PHP Fatal error:  Call to undefined function  bp_current_user_can() in wp-content/plugins/buddypress/bp-core/bp-core-template.php on line 728
    
    PHP Fatal error:  Call to undefined function wp-content/plugins/buddypress/bp-core/bp-core-template.php on line 728
    
    PHP Parse error:  syntax error, unexpected $end in wp-content/plugins/buddypress/bp-members/bp-members-functions.php on line 1296
    
    PHP Warning:  array_key_exists() [<a href='function.array-key-exists'>function.array-key-exists</a>]: The first argument should be either a string or an integer in wp-includes/cache.php on line 537
    
    PHP Warning:  array_key_exists() [<a href='function.array-key-exists'>function.array-key-exists</a>]: The first argument should be either a string or an integer in wp-includes/cache.php on line 537

    1. Are the above data enough for troubleshooting? Do I still need to add the 3 constants to wp-config.php? If yes, where should I open the error logs?
    2. Yes, I didn't create a new WP installation and install the latest BP for a test as I'm having zero skill in this. However, I have other WP sites with BP1.6.1 plus BPS installed (under the same webhost) and have no forum commenting problem.

  25. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    ok what this looks like to me is that the upgrade to BuddyPress 1.6.1 did not install all the files successfully. I do not know if you can manually replace the BuddyPress plugin files, but that is what i would try to do.

    Make a Backup of the BuddyPress plugin folder, then download the BuddyPress plugin to your computer and manually upload it to your website.

  26. sweetmelody
    Member
    Posted 2 years ago #

    Yes, I did download the BP1.6.1 plugin files and replace the old ones. Let me try to search for other replacement method then. Thanks.

  27. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Since i am not a BuddyPress expert then you should contact the BuddyPress folks about what the correct/best procedure is to replace/reinstall BuddyPress. Also check the BuddyPress Forum as this may already be documented there.

  28. sweetmelody
    Member
    Posted 2 years ago #

    Checked with GC support and was told that the above was the correct way to reinstall BP. Hence, created another thread in BP forum to seek further help but haven't received any reply yet.

    Meanwhile, is it wrong to click 'replace all' in Filezilla while transferring the new files to the site? Thank you.

  29. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Yep you could be waiting a very long time to hear anything from a BuddyPress forum post (a month or more) because BuddyPress is now over 1.2 Million downloads. You will find an answer much quicker by doing Google searches until you find the answer you are looking for.

    If you have made a backup of your files and you want to overwrite the existing files then yes "replace all" is probably what you want to use to overwrite files.

  30. sweetmelody
    Member
    Posted 2 years ago #

    But I have nothing to search since it's the correct way to reinstall BP. Help...

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags