Bad Request: Unable to save edited templates/emails/ or send emails

More
5 years 5 months ago #71317 by rkenley
rkenley created the topic: Bad Request: Unable to save edited templates/emails/ or send emails
I am a new user. Everything is working fine, except I can't edit the templates or use the email functions. I have built a survey and tested it. I just can't invite users or change the template.

With email, I cannot save any changes to the default. When I click save, I get:
"Bad Request
Your browser sent a request that this surver could not understand
Cleint sent malformed Host header"

I get the same error if I try to save a change to a template (actually I copied the template OK, but can't save changes to the copy).

I have opened up write access to tmp and upload directories (and subdirectories) in case that was the problem - no change.

I also can't send email. I get the same error:
"Bad Request
Your browser sent a request that this server could not understand.
Client sent malformed Host header"

I have searched for a thread on this, but to no avail.

My system is 1.91+ (upgraded using the patch for comfortable upgrade)
My server (Linux, hosted) complies with the minimum requirements.

Any ideas?

Please Log in to join the conversation.

More
5 years 5 months ago #71321 by Steve01
Steve01 replied the topic: Aw: Bad Request: Unable to save edited templates/emails/ or send emails
Hello,

perhaps something went wrong with the upgrade. You could try to install a clean installation of LimeSurvey to check if this solves the problem or not.

An other problem could be the upload of the LimeSurvey installation. Did you upload the files via FTP and was binary mode enabled? (See docs.limesurvey.org/Installation#Upload_...s_to_your_web_server )

If the header is malformed it might also be an idea to check what's wrong with the header (e.g. using a web development toolbar like Firebug to check what headers where sent).

Mit freundlichen Grüßen/Best regards,

Stefan Gohlke
LimeSurvey Team

Please Log in to join the conversation.

More
5 years 5 months ago #71324 by rkenley
rkenley replied the topic: Aw: Bad Request: Unable to save edited templates/emails/ or send emails
Thanks.
The software is an internal install managed by my host - it is auto generated. I installed 1.91 and that did not work. I then uninstalled and reinstalled. Same problem.Then I upgraded to 1.91+ to no avail.
I will investigate Firebug - but I am starting to wonder if I should do a clean install myself and remove the in-built install.

Please Log in to join the conversation.

More
5 years 5 months ago #71358 by rkenley
rkenley replied the topic: [SOLVED] Re: Aw: Bad Request: Unable to save edited templates/emails/ or send
Problem solved.
The problem was security on the server, as follows:
______________________
We have identified the problem with ausi.com.au and have fixed it.

Our security on the server was detecting a Cross-site scripting (XSS)
attack.

This was caused because the developers of the software, LimeSurvey were
sending plain HTML in forms making the form submission look like an XSS
attack.

We have added your site ausi.com.au to the whitelist for the rules that
were blocking LimeSurvey.

Please Log in to join the conversation.

More
5 years 5 months ago #71617 by Mazi
Mazi replied the topic: [SOLVED] Re: Aw: Bad Request: Unable to save edited templates/emails/ or send

rkenley wrote: Our security on the server was detecting a Cross-site scripting (<a href=' docs.limesurvey.org/tiki-index.php?page=...al+settings#Security '>XSS</a>)
attack.

This was caused because the developers of the software, LimeSurvey were
sending plain HTML in forms making the form submission look like an <a href=' docs.limesurvey.org/tiki-index.php?page=...al+settings#Security '>XSS</a>
attack.

We have added your site ausi.com.au to the whitelist for the rules that
were blocking LimeSurvey.

Please open a bug report for this at our Bugtracker so our developer can have a look (though I doubt this is a real problem because no one has reported that before).


Best regards/Beste Grüße,
Dr. Marcel Minke
(Limesurvey Head of Support)
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)survey-consulting.com'"

Please Log in to join the conversation.

More
3 years 5 months ago - 3 years 5 months ago #103158 by mascarpone
mascarpone replied the topic: Bad Request: Unable to save edited templates/emails/ or send emails
Dear all,

Searching these keywords I came across this old discussion and wondered if this could have ties with the problem I am currently encountering with 2.05 on potential security problems linked to corss-site scripting.

Just linking the 2 discussions in case solutions have already been provided.

The other topic is accessible here:

www.limesurvey.org/fr/forum/installation...uild-131022?start=10
Last Edit: 3 years 5 months ago by mascarpone.

Please Log in to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now