Home › Forums › BulletProof Security Free › Spider Event Calendar WordPress Event Calendar – 403 error
- This topic has 8 replies, 3 voices, and was last updated 10 years, 3 months ago by
AITpro Admin.
-
AuthorPosts
-
Rob Brand
ParticipantI am getting an error with
Spider Event Calendar Plugin with BullettProof activated.You don’t have permission to access /art/wp-content/plugins/spider-event-calendar/front_end/spidercalendarbig.php on this server.
AITpro Admin
KeymasterCheck your BPS Security Log file and post ONLY the error that relates to the Spider Event Calendar/WordPress Event Calendar.
AITpro Admin
KeymasterLet the plugin author know about this coding mistake.
spidercalendarbig.php code line 19. The $wpdb variable has global added to it outside of a function. This can be commented out since global is only intended to be used within a function. Or the code should be wrapped in a new function if that is what is needed.
// let's load WordPress require_once( WP_LOAD_PATH . 'wp-load.php'); global $wpdb;
AITpro Admin
KeymasterUPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.
The Spider Event Calendar has been tested and it uses admin-ajax.php to show events.
1. Add this wp-admin .htaccess bypass / skip rule below to the this wp-admin Custom Code text box: CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES.
2. Click the Save wp-admin Custom Code button.
3. Go to the BPS Security Modes page and activate wp-admin BulletProof Mode.# admin-ajax.php skip/bypass rule RewriteCond %{REQUEST_URI} (admin-ajax\.php) [NC] RewriteRule . - [S=2]
Also another bug that I found in this plugin is that the first calendar you create does not show up in the javascript Calendar insert button dropdown list on the WP WYSIWYG Editor toolbar. The second calendar does show up and you can successfully choose/select it and insert it into pages or posts. Please notify the plugin author about this additional bug/coding problem.
AITpro Admin
KeymasterOne other thing that you should mention to the plugin author is that nowhere does it say that calendars are inserted into pages by clicking the insert calendar button in the pages or posts editor. This help information should be everywhere. Since I logically knew that this is probably what should be done I looked there first. For someone who is not a coder or experienced with WordPress then they would have no idea what to do next.
Brendan Merritt
Participant[Topic has been merged into this relevant Topic]
Trying to view a single day or any other view I get the following error.:
newpaltzvillage.org 403 Forbidden Error Page
If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you.
IP Address: 72.43.178.90
Here is what the log is telling me. I get a 403 error when trying to access any view from the calendar plugin. It seems to be a rule in the .htacess file that is causing it. I need to know how to get around this so the calendar can function.
[403 GET / HEAD Request: November 4, 2014 7:02 pm] Event Code: WPADMIN-SBR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 72.43.178.90 Host Name: rrcs-72-43-178-90.nyc.biz.rr.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://www.newpaltzvillage.org/village-board-agendas-minutes/ REQUEST_URI: /wp-admin/admin-ajax.php?action=spiderbigcalendar_month_widget&theme_id=1&calendar=1&select=month,&date=2014-10&many_sp_calendar=1&cur_page_url=http://www.newpaltzvillage.org/village-board-agendas-minutes/&cat_id&widget=1 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
AITpro Admin
Keymaster@ Brendan Merritt – See the updated wp-admin admin-ajax.php Custom Code skip rule above in this Forum Topic.
Brendan Merritt
ParticipantI cut and pasted the rule in above as suggested but I am still getting the same error. This is the log after applying the rule
[403 GET / HEAD Request: November 7, 2014 2:20 pm] Event Code: WPADMIN-SBR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 71.169.22.237 Host Name: pool-71-169-22-237.pghk.east.verizon.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://www.newpaltzvillage.org/calendar/ REQUEST_URI: /wp-admin/admin-ajax.php?action=spidercalendarbig&theme_id=13&calendar_id=1&ev_ids=4&eventID=4&date=2014-11-6&many_sp_calendar=1&cur_page_url=http://www.newpaltzvillage.org/calendar/&widget=0& QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36
AITpro Admin
KeymasterDid you do ALL of the Custom Code steps? After adding the skip rule did you click the Save wp-admin Custom Code button and then activate wp-admin BulletProof Mode again?
-
AuthorPosts
- You must be logged in to reply to this topic.