The area you are attempting to access is forbidden sec2

Last post 06-05-2011, 11:36 PM by HighConcept. 2 replies.
Sort Posts: Previous Next
  •  06-04-2011, 2:02 AM 67805

    The area you are attempting to access is forbidden sec2

    I recently transferred a working CuteEditor php installation intact into a new code base, on the same server, in a parallel directory to the old.
     
    When trying to browse an image library, I get the error message:
     
    The area you are attempting to access is forbidden sec2
     
    I found where this error was being thrown, and put in debug statements which demonstrated that the variable $CESecurity (below) indeed did not match SESSION['CESecurity'], which was empty.
     
    CESecurity: MzAwfDEwMDAwfDEwMDB8MTAwMHwxMDAwfC9VcGxvYWRzfC9VcGxvYWRzfC9VcGxvYWRzfC9UZW1wbGF0ZXN8L1VwbG9hZHN8dHJ1ZXx0cnVlfHRydWV8dHJ1ZXwuanBnLC5qcGVnLC5naWYsLnBuZ3wuYXZpLC5tcGcsLm1wZWcsLm1wMywud2F2LC53bXZ8LnR4dCwuZG9jLC5wZGYsLnppcCwucmFyLC5hdmksLm1wZywubXBlZywuanBnLC5qcGVnLC5naWYsLnBuZywuaHRtfC5odG1sLC5odG18ZW4tZW58fHx8fHxmYWxzZXw=, SESSION['CESecurity']:
     
    I noted other threads reporting a similar error, but they did not prove helpful.  This problem was an unfortunate shock, as this new software is on a deadline...
     
     

    Steve Johnson
    U.S.Coast Guard Auxiliary
  •  06-05-2011, 9:53 PM 67814 in reply to 67805

    Re: The area you are attempting to access is forbidden sec2

    Hi HighConcept,
     
    Please open file "\cuteeditor_files\Configuration\Security\Default.config"
     
    Find section below. Ensure than the path is correct and your site have the write/read permisson of it.
     
    <security name="ImageGalleryPath">/Uploads</security>
     
    Regards,
     
    Ken
  •  06-05-2011, 11:36 PM 67820 in reply to 67814

    Re: The area you are attempting to access is forbidden sec2

    Hi, Ken,
     
    I'm way beyond that.
     
    Other threads on this error say that it is due to a bug in CuteEditor that if the calling application is using Session Names, that one has to patch a session_name("MySession") into two routines: include_CuteEditor.php and dialogs/Include_Security.php.
     
    I did that with a static session name, and it cured the problem.  The only hitch is that in our application, a single user of the system (and CuteEditor) may move through several different contexts working with our application, and each context gets a unique session name that is stored in a variable.  That is, a user might edit some content in CuteEditor in one context, with one session name, and then two minutes later, edit some other content in a different context, with a totally different session name.  I know what that session name is, because I generate it uniquely, and I can put it into a variable.
     
    Unfortunately, my tests have shown that there is no variable or global I can set in PHP that survives into these two routines.
     
    That is, in the following code from include_CuteEditor.php, which works if my session happens to have that name, cannot be used, because my session name could be anything at any time, not just  'USCGAux1141205'. Two minutes from now, it might be USCGAux1141007.
     
    error_reporting(E_ALL ^ E_NOTICE);
    session_name("USCGAux1141205");
    if(!isset($_SESSION)) session_start();
    class CuteEditor
    {
    I need to be able to write something like:
     
    error_reporting(E_ALL ^ E_NOTICE);
    session_name($CURRENT_SESSION_NAME);
    if(!isset($_SESSION)) session_start();
    class CuteEditor
    {
    to be able to pass in a variable for the session name,or even
      session_name($GLOBAL['my_current_session_name']);
     
    But  none of this works, because both of those variables turn out to be unset by the time I get into that part of the CuteEditor code. I know, because I hacked some debug code into each routine, and checked.
     
    CuteEditor needs the following feature:
     
      $editor->session_name = $my_session_name
     which then propagates throughout the entire CuteEditor code as required.
     
    What I need specific help on, from someone who knows the code intimately, is, what do I need to do to get my session name variable to show up in the two routines above where it is needed? How much and what code do I have to hack?
     
    Sincerely,
    Steve Johnson
     
     
       

    Steve Johnson
    U.S.Coast Guard Auxiliary
View as RSS news feed in XML