Weird dashboard that seems locked down

couldn’t find a thread talking about such a problem so I post it. Never know …
This is on a self hosted emoncms (9.8.8) with all latest modules
I started to build a dashboard and as a precaution I always save it …
I had several dials on it and a few battery icons . Started to add a header to mark what was what and there during a save … ERROR : Couldn’t save Dashboard. undefined and from there on, it is impossible to add, delete, select or move anything on it. It is frozen … Toolbox opens but nothing you can do and when you go back into normal mode … the footer is on top and not on the bottom of the page …

left it as is and started another dashboard and there I was able to construct what I wanted …

only error I get account level (not emoncms.log)

[22-Jul-2017 08:35:18 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/wouters/public_html/emon/Modules/user/user_model.php:119) in /home/wouters/public_html/emon/index.php on line 220

digging server side I found this in mod security (not sure there is a relation between both since disabling this rule didn’t solve the problem)

Request: POST /emon/dashboard/setcontent.json
Action Description: Access denied with code 403 (phase 2).
Justification: Pattern match “(?i)([<\xef\xbc\x9c]script[^>\xef\xbc\x9e][>\xef\xbc\x9e][\s\S]?)” at ARGS:content.

the mod sec rule is as follows

SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/* “(?i)([<<]script[^>>][>>][\s\S]?)”
“id:212000,msg:‘COMODO WAF: XSS Filter - Category 1: Script Tag Vector||%{tx.domain}|%{tx.mode}|2’,phase:2,capture,block,setvar:‘tx.xss_points=+%{tx.points_limit4}’,setvar:‘tx.points=+%{tx.points_limit4}’,logdata:‘Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}’,ctl:auditLogParts=+E,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:utf8toUnicode,t:removeNulls,rev:3,severity:2,tag:‘CWAF’,tag:‘XSS’”

In general that error message is caused by characters at the top of a page of HTML code. i.e located in the code before the actual HTML definition. I’ve been bitten by that one, and every time it was extraneous text at the top of the page, or located before an HTML or PHP declaration on the page.

If page “A” is linked or included on page “B” it can give the appearance that page B is at fault when the error is actually on page A.

Ok that I do understand, so somehow there is some code included from who knows where

will try to digg some deeper but not to sure where it can come from since another dashboard is using the same modules with no error … Murphy where do you hide this time :thinking:

Here’s some info that may help you track it down.

From the article:
How can you find out where the premature output occured?

The header() warning contains all relevant information to locate the problem cause:

Warning: Cannot modify header information - headers already sent by (output started at /www/usr2345/htdocs/auth.php:52) in /www/usr2345/htdocs/index.php on line 100

Here “line 100” refers to the script where the header() invocation failed.

The “output started at” note within the parenthesis is more significant. It denominates the source of previous output. In this example it’s auth.php and line 52. That’s where you had to look for premature output.


Going by the example above, it appears the place to check is:

/home/wouters/public_html/emon/Modules/user/user_model.php:119  (i.e line 119 of that particular file.)

There’s lots more info in the article.
The error can be caused by whitespace which makes it even harder to track down.

Good hunting!

1 Like