You need to be logged in to post in the forum - Log In
An active JCE Pro Subscription is required to post in the forum - Buy a Subscription
- Support
- Forum
- JCE Editor
- Invalid controller: name='plugin', format=''
Support is currently Online
Official support hours:
Monday To Friday
From 09:00 To 17:00 Europe/London (BST)
From 09:00 To 17:00 Europe/London (BST)
more than a month ago
·
#98979
I installed JCE Editor Pro 2.6.38 - and Image icon with all features is fully OK.
It would be nice to work with v2.7.x
thanks.
It would be nice to work with v2.7.x
thanks.
Please send me a login - https://www.joomlacontenteditor.net/contact/site-login
Just because you're not paranoid doesn't mean everybody isn't out to get you.
more than a month ago
·
#99227
Upgraded to JCE 2.7.7 and both Image Manager Extended and Image Manager no longer work. Receive an "invalid controller" error message. How do I get it working again?
Am using Joomla 3.9.4.
Am using Joomla 3.9.4.
more than a month ago
·
#99229
I went back to 2.6.38 as well and Image Manager is working again.
Thanks for the advice about the "bandaid" while we await a more permanent fix from the JCE wizards.
Thanks for the advice about the "bandaid" while we await a more permanent fix from the JCE wizards.
I would appreciate it if someone could provide me with a login to a site that is experiencing this issue so I can test for a fix. I am not able to reproduce this locally, so I suspect the cause is related to an environment setup (server config or an installed extension)
Please use this form to send the login info -> https://www.joomlacontenteditor.net/contact/site-login
Please use this form to send the login info -> https://www.joomlacontenteditor.net/contact/site-login
Just because you're not paranoid doesn't mean everybody isn't out to get you.
What I have noticed here is that this issue only occurs when accessing the Image Manager or Image Manager Extended, not the File Manager, Media Manager etc.
Also, the error is occurring when Joomla attempts to route the request to the component specified in the URL, and the error displayed indicates that the url, or values in the url, have been altered. This suggests to me that some script on the site or server is making the changes, perhaps something in an htaccess file.
All of this may be the result of a misguided attempt to protect against a very old vulnerability in the Image Manager in JCE 1.5, which is not present in JCE 2.x
Are you aware of any rule in the .htaccess file that might be causing this, or perhaps some other server-side script that could be responsible?
Also, the error is occurring when Joomla attempts to route the request to the component specified in the URL, and the error displayed indicates that the url, or values in the url, have been altered. This suggests to me that some script on the site or server is making the changes, perhaps something in an htaccess file.
All of this may be the result of a misguided attempt to protect against a very old vulnerability in the Image Manager in JCE 1.5, which is not present in JCE 2.x
Are you aware of any rule in the .htaccess file that might be causing this, or perhaps some other server-side script that could be responsible?
Just because you're not paranoid doesn't mean everybody isn't out to get you.
more than a month ago
·
#99250
Thank you, Ryan. I posted login information to your secure site. I hope it helps.
Dear Ryan,
I have the same problem on all my sites at this moment.
I updated to JCE Editor Pro 2.7.9 (Joomla 3.9.5)
Image icon does not work. See attachment harrytalen.jpg ( unfortunately the dutch version)
On the other sites I got error 403. See attachment vliegvlugmeppel_error_403.jpg
I replaced for this moment 2.6.38 on all of my sites except on http://www.harrytalen.nl. At this moment is this my testsite to solve the problem so the other users can go on. I noticed that with 2.6.38 everything is ok with Joomla 3.9.5.
I also like to work with 2.7.9. to use the new updates in the future.
Thanks
I have the same problem on all my sites at this moment.
I updated to JCE Editor Pro 2.7.9 (Joomla 3.9.5)
Image icon does not work. See attachment harrytalen.jpg ( unfortunately the dutch version)
On the other sites I got error 403. See attachment vliegvlugmeppel_error_403.jpg
I replaced for this moment 2.6.38 on all of my sites except on http://www.harrytalen.nl. At this moment is this my testsite to solve the problem so the other users can go on. I noticed that with 2.6.38 everything is ok with Joomla 3.9.5.
I also like to work with 2.7.9. to use the new updates in the future.
Thanks
I replaced for this moment 2.6.38 on all of my sites except on http://www.harrytalen.nl. At this moment is this my testsite to solve the problem so the other users can go on.
@talenhj - Please send me a login to this site - https://www.joomlacontenteditor.net/contact/site-login
Just because you're not paranoid doesn't mean everybody isn't out to get you.
@Ryan: Yes.
Note: I installed the site local with XAMPP and all the updates and then there is not a problem. Everything seems ok.
The difference between the .htaccess on the host and local is the following, but that is already for a longer time, I suppose. I'm not sure.
----------------------------------------------------------------------------------
# These Lines Added By Hosting Company please do not remove
<IfModule mod_suphp.c>
#suPHP_ConfigPath /home/harrytal/public_html
</IfModule>
<Files php.ini>
order allow,deny
deny from all
</Files>
# End of Hosting Company entries
Options -Indexes
<IfModule mod_headers.c>
Header set Connection keep-alive
</IfModule>
------------------------------------------------------------------------------------
Note: I installed the site local with XAMPP and all the updates and then there is not a problem. Everything seems ok.
The difference between the .htaccess on the host and local is the following, but that is already for a longer time, I suppose. I'm not sure.
----------------------------------------------------------------------------------
# These Lines Added By Hosting Company please do not remove
<IfModule mod_suphp.c>
#suPHP_ConfigPath /home/harrytal/public_html
</IfModule>
<Files php.ini>
order allow,deny
deny from all
</Files>
# End of Hosting Company entries
Options -Indexes
<IfModule mod_headers.c>
Header set Connection keep-alive
</IfModule>
------------------------------------------------------------------------------------
There is nothing in your htaccess that is causing this, but I think it may be something the host is doing.
Of the sites I have inspected, this is what I have discovered:
This only affects the Image Manager and Image Manager Extended, ie: urls that contain plugin=imgmanager, eg:
index.php?option=com_jce&task=plugin.display&plugin=imgmanager
index.php?option=com_jce&task=plugin.display&plugin=imgmanager_ext
Editing the urls slightly also produces the error, eg:
index.php?option=com_jce&task=plugin.display&plugin=imgmanager_
and
index.php?option=com_jce&task=plugin.dis&plugin=imgmanager
so from this I suspect that a script somewhere is checking the url for the a specific pattern - that it contains task=plugin.* and plugin=imgmanager*
The Invalid controller error is generated by Joomla when it is unable to load a correct controller file. I am able to generate this error on a normal test site if I remove the option=com_jce part from the url, eg:
index.php?task=plugin.display&plugin=imgmanager
After the pattern is identified in the url, the option=com_jce part is being from the POST or GET data, so Joomla is unable to determine the correct controller to load, and therefore generates the error.
Please speak to your host and ask them if there is anything that could be affecting the url index.php?option=com_jce&task=plugin.display&plugin=imgmanager
Of the sites I have inspected, this is what I have discovered:
This only affects the Image Manager and Image Manager Extended, ie: urls that contain plugin=imgmanager, eg:
index.php?option=com_jce&task=plugin.display&plugin=imgmanager
index.php?option=com_jce&task=plugin.display&plugin=imgmanager_ext
Editing the urls slightly also produces the error, eg:
index.php?option=com_jce&task=plugin.display&plugin=imgmanager_
and
index.php?option=com_jce&task=plugin.dis&plugin=imgmanager
so from this I suspect that a script somewhere is checking the url for the a specific pattern - that it contains task=plugin.* and plugin=imgmanager*
The Invalid controller error is generated by Joomla when it is unable to load a correct controller file. I am able to generate this error on a normal test site if I remove the option=com_jce part from the url, eg:
index.php?task=plugin.display&plugin=imgmanager
After the pattern is identified in the url, the option=com_jce part is being from the POST or GET data, so Joomla is unable to determine the correct controller to load, and therefore generates the error.
Please speak to your host and ask them if there is anything that could be affecting the url index.php?option=com_jce&task=plugin.display&plugin=imgmanager
Just because you're not paranoid doesn't mean everybody isn't out to get you.
I found the issue on my server that is causing this error with all 2.7.* versions of JCE Editor image manager and image manager extended. I have a VPS hosting package at HostDime and there is a rule in the ModSecurity extension on my account that I needed to disable. In my case it is a specific rule covering the Joomla/JCE Image Manager extension.
Here is the rule:
#Joomle JCE [http://www.exploit-db.com/exploits/17734/] -JoeB 2012-08-24
#An exception will need to be added for each verified patched installation
SecRule REQUEST_URI "/+((\?.*)$|index\.php)" deny,phase:2,chain,t:urlDecodeUni,t:normalisePath,t:lowercase,id:10124341
SecRule ARGSption "com_jce" t:urlDecodeUni,t:lowercase,chain
SecRule ARGS:task "plugin" t:urlDecodeUni,t:lowercase,chain
SecRule ARGSlugin "imgmanager" t:urlDecodeUni,t:lowercase
I was able to disable this rule myself because I have full root access to my VPS so I could edit the rules file through the WHM interface.
If you have this issue and don't have access to your hosting environment you will need to contact your hosting provider and ask that they disable this rule for your Joomla installations. Hopefully they will do this for you.
What I don't understand is why this rule doesn't get invoked when I install JCE Editor version 2.6.38? What is different about how the image manager/image manager extended in this version is invoked compared to all the 2.7.* versions? I would love to know this answer...
As an FYI - here is the Apache error log entry that pointed me to the ModSecurity rule that was causing this issue:
[Tue Apr 16 08:35:35.425252 2019] [:error] [pid 25002] [client 71.233.62.157:12205] [client 71.233.62.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "imgmanager" at ARGS : plugin. [file "/etc/apache2/conf.d/modsec_vendor_configs/HOSTDIME/rules/04_vulnerabilities.conf"] [line "966"] [id "10124341"] [hostname "http://www.xxx.com"] [uri "/administrator/index.php"] [unique_id "XLXMFxfT5L0FzdrPvFol7wAAAAA"], referer: https://www.xxx.com/administrator/index.php?option=com_content&view=article&layout=edit&id=119
I hope that this information helps...
Regards,
Mike
Here is the rule:
#Joomle JCE [http://www.exploit-db.com/exploits/17734/] -JoeB 2012-08-24
#An exception will need to be added for each verified patched installation
SecRule REQUEST_URI "/+((\?.*)$|index\.php)" deny,phase:2,chain,t:urlDecodeUni,t:normalisePath,t:lowercase,id:10124341
SecRule ARGSption "com_jce" t:urlDecodeUni,t:lowercase,chain
SecRule ARGS:task "plugin" t:urlDecodeUni,t:lowercase,chain
SecRule ARGSlugin "imgmanager" t:urlDecodeUni,t:lowercase
I was able to disable this rule myself because I have full root access to my VPS so I could edit the rules file through the WHM interface.
If you have this issue and don't have access to your hosting environment you will need to contact your hosting provider and ask that they disable this rule for your Joomla installations. Hopefully they will do this for you.
What I don't understand is why this rule doesn't get invoked when I install JCE Editor version 2.6.38? What is different about how the image manager/image manager extended in this version is invoked compared to all the 2.7.* versions? I would love to know this answer...
As an FYI - here is the Apache error log entry that pointed me to the ModSecurity rule that was causing this issue:
[Tue Apr 16 08:35:35.425252 2019] [:error] [pid 25002] [client 71.233.62.157:12205] [client 71.233.62.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "imgmanager" at ARGS : plugin. [file "/etc/apache2/conf.d/modsec_vendor_configs/HOSTDIME/rules/04_vulnerabilities.conf"] [line "966"] [id "10124341"] [hostname "http://www.xxx.com"] [uri "/administrator/index.php"] [unique_id "XLXMFxfT5L0FzdrPvFol7wAAAAA"], referer: https://www.xxx.com/administrator/index.php?option=com_content&view=article&layout=edit&id=119
I hope that this information helps...
Regards,
Mike
What I don't understand is why this rule doesn't get invoked when I install JCE Editor version 2.6.38? What is different about how the image manager/image manager extended in this version is invoked compared to all the 2.7.* versions? I would love to know this answer...
The url for the Image Manager and Image Manager extended in JCE 2.6.x was
index.php?option=com_jce&view=plugin&plugin=imgmanager
in 2.7.x it is
index.php?option=com_jce&task=plugin.display&plugin=imgmanager
which is closer to the how the Joomla API functions, but matches the last three rules in the mod security rule, which I imagine was designed to detext the url
index.php?option=com_jce&task=plugin&plugin=imgmanager
which was used in JCE 1.5 many years ago.
Just because you're not paranoid doesn't mean everybody isn't out to get you.
I have attempted to address this issue by altering the URL for the Image Manager and Image Manager Extended, so they won't match the mod security rule, or any other similar security mechanism that uses the rules.
You can test this in JCE Pro 2.7.11 Beta 3 - https://www.joomlacontenteditor.net/downloads/editor/pro/development
You can test this in JCE Pro 2.7.11 Beta 3 - https://www.joomlacontenteditor.net/downloads/editor/pro/development
Just because you're not paranoid doesn't mean everybody isn't out to get you.
more than a month ago
·
#99458
Thanks so much, Ryan! It appears you have addressed and abolished the issue. I installed 2.7.11 beta 3 and the Image Manager works beautifully once again!
Appreciate you following through on this and correcting it for us!
Thanks,
Kathi
Appreciate you following through on this and correcting it for us!
Thanks,
Kathi
- Page :
- 1
There are no replies made for this post yet.
Be one of the first to reply to this post!
Be one of the first to reply to this post!