I installed and activated the puzzle a few day ago, and it's very nice I like it a lot but, I started to get a Security violation while editing elements. I was not able to do any change in my gallery anymore until deactivated the puzzle plugin. I post this thread to suggest the developers or somemaster to fix this issue to future releases. Googling on Internet I found that some other users have had the same trouble. Tnanks.
----------------------------------------------
Security Violation
The action you attempted is not permitted.
Back to the Gallery
Error Detail -
Error (ERROR_BAD_PARAMETER) : Controller results are missing status, error, (redirect, delegate, return)
in main.php at line 265 (GalleryCoreApi::error)
in main.php at line 104
in main.php at line 88
System Information
Gallery version 2.3
PHP version 5.2.4 cgi
Webserver Apache
Database mysqli 5.0.51a-log
Toolkits SquareThumb, ImageMagick, Thumbnail, Gd
Operating system Linux boscgi1601.eigbox.net 2.6.29.6 #1 SMP Thu Jul 23 14:20:52 EDT 2009 i686
Browser Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30618)
-----------------------------------
About my gallery:
URL de Gallery = http://fotos.delalibertad.com/main.php
Versión de Gallery = 2.3 núcleo 1.3.0
API = Núcleo 7.54, Módulo 3.9, Tema 2.6, Incrustado en 1.5
Versión de PHP = 5.2.4 cgi
Servidor Web = Apache
Base de Datos = mysqli 5.0.51a-log, lock.system=flock
Braqets
j.mike.rollins
Joined: 2005-11-03
Posts: 27
Posted: Wed, 2009-09-09 02:11
I will definitely look into this. I will need a few days to create my development environment again. I do have a couple of questions: Were you modifying permissions when the problem happened? Do you have some private content on your site and some public content?
newtech
Joined: 2004-08-13
Posts: 83
Posted: Sun, 2010-02-28 04:36
Using Puzzle 2.1
When I click on the puzzle link for a photo I get an error message. When I click on details I get a very long message.
The jest of the message is that puzzle.class cannot be found. It shows the path should be:
Caused by: java.io.IOException: open HTTP connection failed:http://www.mydomain.com/gallery/modules/puzzle/applets/puzzle/class.class
The reason the above path failed is because there is no puzzle/applets/puzzle/class.class.
If you look at the files you listed you will notice that in applets folder there is no puzzle folder. The script is calling for the file class.class to be found in the folder puzzle. There is no class.class file. It appears the script should be calling for puzzle.class in the applets folder.
There is something wrong with the script.
I am using Gallery v2.3
Here is the full error:
load: class puzzle.class not found.
java.lang.ClassNotFoundException: puzzle.class
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.IOException: open HTTP connection failed:http://www.mydomain.com/gallery/modules/puzzle/applets/puzzle/class.class
at sun.plugin2.applet.Applet2ClassLoader.getBytes(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.access$000(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
... 7 more
Exception: java.lang.ClassNotFoundException: puzzle.class
j.mike.rollins
Joined: 2005-11-03
Posts: 27
Posted: Sun, 2010-02-28 21:27
I just installed mysql, apache and gallery 2.3.1.
I installed the puzzle module by changing to the gallery2/modules directory and unzipping the file. After activating the module within gallery2, the module worked fine.
Could you check that all of the files and directories have permissions that allow the web server to read their content? Here is how the permissions are on my install.
I chmod all the files like above and still get error message.
Permissions cannot be the issue.
Why?
Because the error message I am getting is saying the script is looking for puzzle/applets/puzzle/class.class which does not exist.
If you notice the files you listed, you do not have a applets/puzzle folder. I don't either. But the script is looking for that folder.
Does not make sense why your download works and mine don't. It is as if I have a bad file, but downloaded and installed three times.
j.mike.rollins
Joined: 2005-11-03
Posts: 27
Posted: Mon, 2010-03-01 03:15
The gallery server generates a web page that contains a reference to both the image and the java class. These references are inside of an <EMBED> tag. Could you view the HTML source code for the page and post the contents of the <EMBED> tag? In particular, I would like to see the CODE and JAVA_CODEBASE attributes. Also, what web browser are you using?
<PARAM NAME = CODE VALUE = "puzzle.class" >
<PARAM NAME = CODEBASE VALUE = "modules/puzzle/applets" >
<PARAM NAME = "type" VALUE = "application/x-java-applet;version=1.4">
<PARAM NAME = "scriptable" VALUE = "false">
<PARAM NAME = "PUZ_WEBSITE" VALUE="J. Mike Rollins <rollins@CamoTruck.Net>">
<PARAM NAME = "PUZ_XSTYLE" VALUE="0">
<PARAM NAME = "PUZ_NUMX" VALUE="2">
<PARAM NAME = "PUZ_NUMY" VALUE="2">
<PARAM NAME = "PUZ_TYPE" VALUE="1">
<PARAM NAME = "PUZ_SRC" VALUE="http://www.captainphilharris.com/photogallery/d/339-12/DSCF5250.JPG">
<PARAM NAME = "PUZ_RESIZE" VALUE="2">
<COMMENT>
<EMBED
type = "application/x-java-applet;version=1.4" \
CODE = "puzzle.class" \
JAVA_CODEBASE = "modules/puzzle/applets" \
WIDTH = "533" \
HEIGHT = "400" \
PUZ_WEBSITE ="J. Mike Rollins <rollins@CamoTruck.Net>" \
PUZ_XSTYLE ="0" \
PUZ_NUMX ="2" \
PUZ_NUMY ="2" \
PUZ_TYPE ="1" \
PUZ_SRC ="http://www.captainphilharris.com/photogallery/d/339-12/DSCF5250.JPG" \
PUZ_RESIZE ="2" \
scriptable = false \
pluginspage = "http://java.sun.com/products/plugin/index.html#download">
<NOEMBED alt="Your browser doesn't support applets; you should use one of the other upload methods.">
Your browser doesn't support applets; you should use one of the other upload methods.
</NOEMBED>
</EMBED>
j.mike.rollins
Joined: 2005-11-03
Posts: 27
Posted: Tue, 2010-03-02 01:05
I notice two things that are odd. I will discuss the first issue, the second one I will have think about for a while.
What would I do to permit it being downloaded. I set the permissions to 755 like you have. I then changed it to several different permissions with sam results.
j.mike.rollins
Joined: 2005-11-03
Posts: 27
Posted: Tue, 2010-03-02 01:55
There are numerous ways the web server can protect directories. I would recommend reading about .htaccess files and also check if your hosting company provides any tools for protecting directories. Here is a little info http://www.freewebmasterhelp.com/tutorials/htaccess/
newtech
Joined: 2004-08-13
Posts: 83
Posted: Tue, 2010-03-02 04:11
Here is the response I received from server tech support.
Quote:
Here is the error that is being generated in the error log for ntharris
client denied by server configuration: /var/www/public_html/ntharris/html/photogallery/modules/puzzle/applets/puzzle.class
Now obviously that message does not tell us much, but are there any docs that state the server prerequisites or changes that are required
?
j.mike.rollins
Joined: 2005-11-03
Posts: 27
Posted: Tue, 2010-03-02 23:51
Actually, that error message is a little useful. There is a security option in the Apache configuration file called "AllowOveride" that gives users the ability to control some of the security parameters for their sites. Assuming this is permitted, then the following should fix your problem:
* Create a file called ".htaccess" in the root directory of your web server
* The permissions should be set for all users to read: chmod a+r .htaccess
* Put the following text inside this file:
<Files "puzzle.class">
Allow from all
</Files>
Posts: 15
I installed and activated the puzzle a few day ago, and it's very nice I like it a lot but, I started to get a Security violation while editing elements. I was not able to do any change in my gallery anymore until deactivated the puzzle plugin. I post this thread to suggest the developers or somemaster to fix this issue to future releases. Googling on Internet I found that some other users have had the same trouble. Tnanks.
----------------------------------------------
Security Violation
The action you attempted is not permitted.
Back to the Gallery
Error Detail -
Error (ERROR_BAD_PARAMETER) : Controller results are missing status, error, (redirect, delegate, return)
in main.php at line 265 (GalleryCoreApi::error)
in main.php at line 104
in main.php at line 88
System Information
Gallery version 2.3
PHP version 5.2.4 cgi
Webserver Apache
Database mysqli 5.0.51a-log
Toolkits SquareThumb, ImageMagick, Thumbnail, Gd
Operating system Linux boscgi1601.eigbox.net 2.6.29.6 #1 SMP Thu Jul 23 14:20:52 EDT 2009 i686
Browser Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30618)
-----------------------------------
About my gallery:
URL de Gallery = http://fotos.delalibertad.com/main.php
Versión de Gallery = 2.3 núcleo 1.3.0
API = Núcleo 7.54, Módulo 3.9, Tema 2.6, Incrustado en 1.5
Versión de PHP = 5.2.4 cgi
Servidor Web = Apache
Base de Datos = mysqli 5.0.51a-log, lock.system=flock
Braqets
Posts: 27
I will definitely look into this. I will need a few days to create my development environment again. I do have a couple of questions: Were you modifying permissions when the problem happened? Do you have some private content on your site and some public content?
Posts: 83
Using Puzzle 2.1
When I click on the puzzle link for a photo I get an error message. When I click on details I get a very long message.
The jest of the message is that puzzle.class cannot be found. It shows the path should be:
Caused by: java.io.IOException: open HTTP connection failed:http://www.mydomain.com/gallery/modules/puzzle/applets/puzzle/class.class
When I look in the applets folder there is no puzzle subfolder.
The path I show for the puzzle.class should be:
http://www.mydomain.com/gallery/modules/puzzle/applets/puzzle.class
I downloaded puzzle2.1.zip twice with same results.
Posts: 27
I just downloaded the file at http://gallery.menalto.com/files/puzzle2.1.zip
The contents of the file are as follows:
Archive: puzzle2.1.zip
creating: puzzle/
creating: puzzle/applets/
inflating: puzzle/applets/puzzle.class
inflating: puzzle/applets/puzzle.class.bak
creating: puzzle/applets/src/
inflating: puzzle/applets/src/puzzle.java
creating: puzzle/classes/
inflating: puzzle/classes/PuzzleHelper.class
inflating: puzzle/classes/PuzzleHelper.class.bak
inflating: puzzle/MakePuzzle.inc
inflating: puzzle/MakePuzzle.inc.bak
inflating: puzzle/module.inc
inflating: puzzle/module.inc.bak
inflating: puzzle/PuzzleOptions.inc
inflating: puzzle/PuzzleOptions.inc.bak
creating: puzzle/templates/
inflating: puzzle/templates/AlbumDisabled.tpl
inflating: puzzle/templates/MakePuzzle.tpl
inflating: puzzle/templates/MakePuzzleError.tpl
inflating: puzzle/templates/PuzzleOptionsTemplate.tpl
Posts: 83
If you read my post, the java error states that the following path failed:
http://www.mydomain.com/gallery/modules/puzzle/applets/puzzle/class.class
The reason the above path failed is because there is no puzzle/applets/puzzle/class.class.
If you look at the files you listed you will notice that in applets folder there is no puzzle folder. The script is calling for the file class.class to be found in the folder puzzle. There is no class.class file. It appears the script should be calling for puzzle.class in the applets folder.
There is something wrong with the script.
I am using Gallery v2.3
Here is the full error:
load: class puzzle.class not found.
java.lang.ClassNotFoundException: puzzle.class
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.IOException: open HTTP connection failed:http://www.mydomain.com/gallery/modules/puzzle/applets/puzzle/class.class
at sun.plugin2.applet.Applet2ClassLoader.getBytes(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.access$000(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
... 7 more
Exception: java.lang.ClassNotFoundException: puzzle.class
Posts: 27
I just installed mysql, apache and gallery 2.3.1.
I installed the puzzle module by changing to the gallery2/modules directory and unzipping the file. After activating the module within gallery2, the module worked fine.
Could you check that all of the files and directories have permissions that allow the web server to read their content? Here is how the permissions are on my install.
drwxrwxr-x puzzle
drwxrwxr-x puzzle/classes
-rw-rw-r-- puzzle/classes/PuzzleHelper.class
-rw-rw-r-- puzzle/classes/PuzzleHelper.class.bak
-rw-rw-r-- puzzle/MakePuzzle.inc.bak
-rw-rw-r-- puzzle/module.inc
drwxrwxr-x puzzle/applets
-rw-rw-r-- puzzle/applets/puzzle.class.bak
-rwxr-xr-x puzzle/applets/puzzle.class
drwxrwxr-x puzzle/applets/src
-rw-rw-r-- puzzle/applets/src/puzzle.java
-rw-rw-r-- puzzle/module.inc.bak
-rw-rw-r-- puzzle/PuzzleOptions.inc
-rw-rw-r-- puzzle/MakePuzzle.inc
-rw-rw-r-- puzzle/PuzzleOptions.inc.bak
drwxrwxr-x puzzle/templates
-rw-rw-r-- puzzle/templates/MakePuzzleError.tpl
-rw-rw-r-- puzzle/templates/AlbumDisabled.tpl
-rw-rw-r-- puzzle/templates/PuzzleOptionsTemplate.tpl
-rw-rw-r-- puzzle/templates/MakePuzzle.tpl
Posts: 83
I chmod all the files like above and still get error message.
Permissions cannot be the issue.
Why?
Because the error message I am getting is saying the script is looking for puzzle/applets/puzzle/class.class which does not exist.
If you notice the files you listed, you do not have a applets/puzzle folder. I don't either. But the script is looking for that folder.
Does not make sense why your download works and mine don't. It is as if I have a bad file, but downloaded and installed three times.
Posts: 27
The gallery server generates a web page that contains a reference to both the image and the java class. These references are inside of an <EMBED> tag. Could you view the HTML source code for the page and post the contents of the <EMBED> tag? In particular, I would like to see the CODE and JAVA_CODEBASE attributes. Also, what web browser are you using?
Posts: 83
Using Explorer 8.0 and Firefox 3.5.7
<div>
<OBJECT
classid = "clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
codebase = "http://java.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab#Version=1,4,0,0"
WIDTH = "533" HEIGHT = "400" >
<PARAM NAME = CODE VALUE = "puzzle.class" >
<PARAM NAME = CODEBASE VALUE = "modules/puzzle/applets" >
<PARAM NAME = "type" VALUE = "application/x-java-applet;version=1.4">
<PARAM NAME = "scriptable" VALUE = "false">
<PARAM NAME = "PUZ_WEBSITE" VALUE="J. Mike Rollins <rollins@CamoTruck.Net>">
<PARAM NAME = "PUZ_XSTYLE" VALUE="0">
<PARAM NAME = "PUZ_NUMX" VALUE="2">
<PARAM NAME = "PUZ_NUMY" VALUE="2">
<PARAM NAME = "PUZ_TYPE" VALUE="1">
<PARAM NAME = "PUZ_SRC" VALUE="http://www.captainphilharris.com/photogallery/d/339-12/DSCF5250.JPG">
<PARAM NAME = "PUZ_RESIZE" VALUE="2">
<COMMENT>
<EMBED
type = "application/x-java-applet;version=1.4" \
CODE = "puzzle.class" \
JAVA_CODEBASE = "modules/puzzle/applets" \
WIDTH = "533" \
HEIGHT = "400" \
PUZ_WEBSITE ="J. Mike Rollins <rollins@CamoTruck.Net>" \
PUZ_XSTYLE ="0" \
PUZ_NUMX ="2" \
PUZ_NUMY ="2" \
PUZ_TYPE ="1" \
PUZ_SRC ="http://www.captainphilharris.com/photogallery/d/339-12/DSCF5250.JPG" \
PUZ_RESIZE ="2" \
scriptable = false \
pluginspage = "http://java.sun.com/products/plugin/index.html#download">
<NOEMBED alt="Your browser doesn't support applets; you should use one of the other upload methods.">
Your browser doesn't support applets; you should use one of the other upload methods.
</NOEMBED>
</EMBED>
Posts: 27
I notice two things that are odd. I will discuss the first issue, the second one I will have think about for a while.
The web browser must be able to download the applet code. On my web site, the applet code is at http://www.camotruck.net/gallery2/modules/puzzle/applets/puzzle.class If you browse to this URL, the browser will probably ask if you want to save or open the file. This indicates the file can be downloaded. On your site, I suspect the URL is http://www.captainphilharris.com/photogallery/modules/puzzle/applets/puzzle.class I get a 403 Forbidden error when I attempt to download the java applet. This would definitely be a problem. You will need to permit this file to be downloaded.
Posts: 83
What would I do to permit it being downloaded. I set the permissions to 755 like you have. I then changed it to several different permissions with sam results.
Posts: 27
There are numerous ways the web server can protect directories. I would recommend reading about .htaccess files and also check if your hosting company provides any tools for protecting directories. Here is a little info http://www.freewebmasterhelp.com/tutorials/htaccess/
Posts: 83
Here is the response I received from server tech support.
?
Posts: 27
Actually, that error message is a little useful. There is a security option in the Apache configuration file called "AllowOveride" that gives users the ability to control some of the security parameters for their sites. Assuming this is permitted, then the following should fix your problem:
* Create a file called ".htaccess" in the root directory of your web server
* The permissions should be set for all users to read: chmod a+r .htaccess
* Put the following text inside this file:
<Files "puzzle.class">
Allow from all
</Files>