couldn’t find a thread talking about such a problem so I post it. Never know …
This is on a self hosted emoncms (9.8.8) with all latest modules
I started to build a dashboard and as a precaution I always save it …
I had several dials on it and a few battery icons . Started to add a header to mark what was what and there during a save … ERROR : Couldn’t save Dashboard. undefined and from there on, it is impossible to add, delete, select or move anything on it. It is frozen … Toolbox opens but nothing you can do and when you go back into normal mode … the footer is on top and not on the bottom of the page …
left it as is and started another dashboard and there I was able to construct what I wanted …
only error I get account level (not emoncms.log)
[22-Jul-2017 08:35:18 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/wouters/public_html/emon/Modules/user/user_model.php:119) in /home/wouters/public_html/emon/index.php on line 220
digging server side I found this in mod security (not sure there is a relation between both since disabling this rule didn’t solve the problem)
Request: POST /emon/dashboard/setcontent.json
Action Description: Access denied with code 403 (phase 2).
Justification: Pattern match “(?i)([<\xef\xbc\x9c]script[^>\xef\xbc\x9e][>\xef\xbc\x9e][\s\S]?)” at ARGS:content.
the mod sec rule is as follows
SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/* “(?i)([<<]script[^>>][>>][\s\S]?)”
“id:212000,msg:‘COMODO WAF: XSS Filter - Category 1: Script Tag Vector||%{tx.domain}|%{tx.mode}|2’,phase:2,capture,block,setvar:‘tx.xss_points=+%{tx.points_limit4}’,setvar:‘tx.points=+%{tx.points_limit4}’,logdata:‘Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}’,ctl:auditLogParts=+E,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:utf8toUnicode,t:removeNulls,rev:3,severity:2,tag:‘CWAF’,tag:‘XSS’”