Support » Plugin: BulletProof Security » [Plugin: BulletProof Security] Commenting Error on Buddpress Forum

  • Resolved sweetmelody

    (@sweetmelody)


    Once a comment is posted to a (Buddypress) forum topic, the following error message displays:

    Forbidden
    
    You don't have permission to access /groups/vegetarian-helpdesk/forum/topic/TEST/ on this server.
    
    Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

    The error can be removed by turning on the Default Mode.

    Please help, thank you!

    http://wordpress.org/extend/plugins/bulletproof-security/

Viewing 15 replies - 1 through 15 (of 48 total)
  • Plugin Author AITpro

    (@aitpro)

    What type of Forum setup do you have Group Forums or Site Wide Forums? Please post the query string so i can see what might be blocked in the query string. This is not occurring on my test site/testing.

    This forum contains 1 topic and 1 reply, and was last updated by buddypress 1 second ago.

    the query string is this: /forum/forumtest/#post-25
    and i had no problems posting a reply or comment or anything else. There was an older issue/conflict with adding replies and comments in previous versions of BuddyPress, but it was fixed.

    So you must have some other issue going on. post the URL to your website and forum where the issue is occuring.

    I’m using discussion forum, powered by bbPress. After posting this comment I will email the login details to you.

    website
    forum link

    Thanks for helping.

    Plugin Author AITpro

    (@aitpro)

    Please do not send a WordPress Dashboard Admin login account to me. If you are talking about a Forum Subscriber login then that is fine.

    Plugin Author AITpro

    (@aitpro)

    Ok this is an old query string problem that was occurring on older versions of BuddyPress. In BuddyPress version 1.6.1 this coding issue was fixed so i am not sure why this is occurring on your website if you have BuddyPress 1.6.1 installed.

    Here is the problem. in this reply link below the query string is mangled and is a known security vulnerability – /?#post-47 is bad news.
    vegeangel.com/groups/vegetarian-recipes/forum/topic/spaghetti-bolognaise/?#post-47

    See this thread for why that mangled query string is bad news >>> http://wordpress.org/support/topic/plugin-bulletproof-security-buddypress-and-403?replies=31

    If you want to temporarily allow this bad query string than you will need to comment out this very important security filter, which i obviously do not recommend doing. 😉

    add a pound sign in front of the RFI/XSS security filter below.

    #RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]

    I agree, I’m not putting the risky filter.

    You have tried BP 1.6.1 on your site and looks fine? Do you think this is related to the Genesis Connect plugin?

    I’m using Studiopress theme so I need to connect the theme to BP with the plugin.

    Thanks.

    Plugin Author AITpro

    (@aitpro)

    Yes, the coding glitch in BuddyPress was fixed in version 1.6.1 – the problem was that for some reason query strings were getting mangled ONLY on page 1 of comment replies and page 2 comment replies were fine. my hunch is that you have installed some additional BuddyPress plugin or additional feature that hooks into BuddyPress 1.6.1 and that additional plugin or feature does not have the updated/corrected code.

    If the Genesis Connect plugin is hooking into BuddyPress then yes it is possible, but very doubtful. What you should be looking at is any direct additional BuddyPress plugins or features that would be overriding the BuddyPress 1.6.1 coding by hooking into BuddyPress.

    If Studiopress is hooking into BuddyPress and it is using the old code then this is much more likely the problem. Try switching to the default BuddyPress Theme either on your Live site or if you cannot afford to do this on your Live site then install another test site in another folder.

    Plugin Author AITpro

    (@aitpro)

    Also is there any chance that you BuddyPress version is not actually really 1.6.1? Have you tried reinstalling BuddyPress?

    This is a really a pain. 🙁

    1. Tried to deactivate all plugins except BP, GC and BPS but still the same. I have another site with GC installed and works fine. Conclusion: GC not a problem.

    2. BP is 1.6.1 but haven’t try to reinstall it as I can’t figure out how to do it safe.

    Sigh…

    Plugin Author AITpro

    (@aitpro)

    Yeah be very, very careful when doing anything with BuddyPress like re-installing it – back up everything before doing anything. And only do a re-installation as a last resort. I found a couple of gnarly issues the hard way in the previous version of BuddyPress when i did an uninstall of BuddyPress. I got a white screen of death and it completely wiped out a couple of my testing websites. I think whatever issues were going on in the last version or two have now been fixed, but don’t take any chances. 😉

    ok so how about switching to the default BuddyPress Theme? Have you tried that yet? Or maybe before trying that you should contact the StudioPress folks and see if they have come across this problem before.

    Plugin Author AITpro

    (@aitpro)

    I think you need to install a test site in another folder under your Hosting account at this point so that you can isolate the exact problem area, which is looking more and more like a Genesis Connect / BuddyPress conflict.

    Install a new test WordPress site, install BuddyPress and use the default BuddyPress Theme, then test comment replies and look at the query strings.

    they should look like this
    /members/#comment-4

    if you see this then there is a problem
    /?#post-47

    next install Genesis Connect

    query strings should look like this
    /members/#comment-4

    if you see this then there is a problem
    /?#post-47

    Just sent a help request to Studiopress forum, will update you on this issue as soon as a reply is received.

    * haven’t try to do a test site before, hence decided to go for a easy adventure first.

    Thank you!

    Help!

    Received a reply from studio that I should contact my webhost for this matter as any query string which causes a 403 is neither from WP nor BP but from my webserver.

    So, I when to seek help from my webhost and they say:

    This problem was being caused by your "BULLETPROOF SECURE .HTACCESS" file. I switched this file from the bulletproof .htaccess to the default wordpress .htaccess and the error went away. I did not delete the old file, it is still present at MYSITE/.htaccess_old so you can put it back and troubleshoot which lines are causing the buddypress to break.

    What should I do now? The problem is not solved and my site is not protected by BPS. Please help, thank you!

    Plugin Author AITpro

    (@aitpro)

    Well at this point i think you are just going to have to activate BulletProof Mode for your root folder and comment out this security filter below.

    #RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]

    Somehow the new BuddyPress coding/file that handles this old bug is not working on your particular website. I think something did not update correctly when you upgraded to BuddyPress 1.6.1 on your website because your website is still using the old BuddyPress coding that has this old problem in it.

    What about the > MYSITE/.htaccess_old? Do I have to rename it to MYSITE/.htaccess before activating Bulletproof Mode?

    Once the BPS is activated, should I try to test the default BP theme first? I’m trying to avoid the use of the filter.

    Thanks.

    Plugin Author AITpro

    (@aitpro)

    You can either rename it or just delete it and create a new .htaccess file from within BPS.

    To be honest with you what i see is that this is not a procedural, DIY or customization issue. Something is either corrupted or did not get updated in the BuddyPress 1.6.1 upgrade on your particular website. I seriously doubt (total hail mary longshot) that this is a caching plugin problem – a caching plugin has somehow cached an the old BuddyPress files/coding – but you can rule that out by deleting your caching plugin’s cache.

    If it were me this is what i would do.
    Download a copy of your BuddyPress plugin folder to your computer.
    Download the latest version of the BuddyPress plugin.
    Manually upload the BuddyPress plugin folder and overwrite your existing BuddyPress plugin folder.

Viewing 15 replies - 1 through 15 (of 48 total)
  • The topic ‘[Plugin: BulletProof Security] Commenting Error on Buddpress Forum’ is closed to new replies.