JavaScipt cannot be used in Elementor when NinjaFirewall is active

  • Resolved rabeit

    (@rabeit)


    12 months ago

    I have several WordPress sites with the same problem.

    If NinjaFirewall is activated, then no changes can be saved in the Elementor in which a Javascript is saved.

    Example:

    I have created a website with the Elementor and can also save it normally. However, if I add an HTML element to the page with only the content “”, I get a server error (403 Forbidden) when I try to save the page.
    The following then appears in the firewall log:

    CRITICAL POST /wp-admin/admin-ajax.php – Cross-site scripting – [POST:actions = {“save_builder”:{“action”:”save_builder”,”data”:{“status”:”publish”,”elements”:[{“id”:”ff7a02b”,”elType”:”container”,”isInner”:false,”isLocked”:false,”settings”:{},”elemenPOST /wp-admin/admin-ajax.php – Cross-site scripting – [POST:actions = {“save_builder”:{“action”:”save_builder”,”data”:{“status”:”autosave”,”elements”:[{“id”:”ff7a02b”,”elType”:”container”,”isInner”:false,”isLocked”:false,”settings”:{},”elements”:[{“id”:”0…]ts”:[{“id”:”0c…] –

    WordPress and its plugins are on the latest version.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Thread Starter rabeit

    (@rabeit)

    Correction:
    ..with only the content “< script></ script>”..

    a HTML element with an empty JS.

    Plugin Author nintechnet

    (@nintechnet)

    Are you the administrator while editing the post?
    If you are, there’s likely a PHP sessions issue as the firewall will relies on them to whitelist the admin. Go to NinjaFirewall > Dashboard, and check for errors and warnings.
    If you aren’t, you can disable the security rule with the Rules Editor: NinjaFirewall > Security Rules > Rules Editor.

    Thread Starter rabeit

    (@rabeit)

    Yes, I work as an administrator.
    The dashboard page says the following:

    Admin user -> You are whitelisted by the firewall.
    User session -> It seems that the user session set by NinjaFirewall was not found by the firewall script.

    Plugin Author nintechnet

    (@nintechnet)

    It seems that the user session set by NinjaFirewall was not found by the firewall script.

    This is the reason why you are blocked: you have an issue with PHP sessions. Check your PHP error log for anything related to “session” and, if any, paste the result here.

    Thread Starter rabeit

    (@rabeit)

    The following error message has appeared in the PHP error log:

    Got error ‘PHP message: PHP Warning: session_start(): open(/var/www/vhosts/main-domain.de/tmp/sess_xxxxxxxxxxx, O_RDWR) failed: No such file or directory

    After creating the missing TMP directory on the webhostig, the warning from NinjaPW disappeared from the dashboard.

    Several WordPress instances are running on the same web hosting account:
    /var/www/vhosts/main-domain.com/wp-domain-1.com/wp
    /var/www/vhosts/main-domain.com/wp-domain-2.com/wp
    /var/www/vhosts/main-domain.com/wp-domain-3.com/wp
    etc

    Can it cause problems?

    Plugin Author nintechnet

    (@nintechnet)

    You may have to create the session folder for each domain. You can test PHP sessions with that script: https://nintechnet.com/share/wp-session.txt

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘JavaScipt cannot be used in Elementor when NinjaFirewall is active’ is closed to new replies.