• Priority: 0
  • Status: Closed
  • Theme: Alysum
  • Assigned To: Fred
  • Private: No
  • Open Date: 01.06.23, 12:11
  • Opened by: Piero
  • Closed by: Fred
  • Closed on: 08.06.23, 23:14
  • Reason: Closed
  • Comment: Glad to help!

Ticket #24735 - Search sidebar does not work - POST vs GET

I just migrated a website from another server; the server root location changed, and I updated it both in the database and in a json file in the theme path.

However, the search function (accessed through a magnifier icon which slides in the right sidebar titled Search) returns an error in the console when I start typing:400 (Bad Request)

This is a sample url that’s called with POST:


(no extra payload in the POST body)

which returns a 400 error; however, if I try to GET the same url, the backend returns a proper json.

Assuming it may have been due to my PHP version, I tried and reproduced the error on php 8, php 7.4, php 7.2.

I tried logging to locate the issue, but it must be high-level as nothing under /modules/pkelements is called when POST is used; and I can easily trace the code if GET is used.

Please advise


Piero 01 Jun 2023, 12:14

the config file I updated is /config/themes/alysum/shop1.json

Fred 02 Jun 2023, 13:18

Hi, Piero.
1. Please update credentials in your profile https://support.promokit.eu/myprofile to access to your Back-office
2. You don’t have to edit that file because it’s generated automatically and that’s not a reason of your problem

Piero 02 Jun 2023, 23:27

Hi Fred, I have updated the data… my technician Riccardo will continue the conversation.

Fred 03 Jun 2023, 16:49

Have you modified Promokit Widgets files? For some reason search is not working at all now

Piero 05 Jun 2023, 16:23

Hi, I’m not sure what Widgets are;
besides a few error log lines in modules/ps_mbo/ps_mbo.php which I used to track down the issue, these are the files I changed:

- config/defines.inc.php
- app/config/parameters.php
- config/themes/alysum/shop1.json

This last one I found a few days after I migrated the server, by searching the filesystem for the old path, as an editor wasn’t working in the backend. The file is owned by the website user and its permissions are 644.

I have just tried to set the whole site to 777, and the search still doesn’t work.

So I went back to the logs, looking for more clues: and there they were:

ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "63"] [id "200002"] [msg "Failed to parse request body."] [data "JSON parser error: parse error: premature EOF\\x0a"] [severity "CRITICAL"] [hostname "www.sensishop.net"] [uri "/module/pkelements/search"] [unique_id "ZH3tXpeS6p9VLy1j5qnbMQAAAA4"], referer: https://www.sensishop.net/34-anelli-fallici
ModSecurity: JSON parser error: parse error: premature EOF\n [hostname "www.sensishop.net"] [uri "/module/pkelements/search"] [unique_id "ZH3tXmgIiTuF4utP8114IwAAAAI"], referer: https://www.sensishop.net/34-anelli-fallici

so ultimately the problem is that the POST call to /module/pkelements/search” returns prematurely, and ModSecurity considers this a Critical security risk due to this rule (in /etc/modsecurity/modsecurity.conf:62):

SecRule REQBODY_ERROR "!@eq 0" \
"id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"

For the time being, I am leaving the site without ModSecurity2 (we have backups :-)

Are you the developer of this module? I want to get this fixed at the soonest, I don’t like running on lower security, plus I don’t know Prestashop so I don’t really know what to monitor.

Fred 05 Jun 2023, 18:26
Piero 08 Jun 2023, 23:12

This case is also solved and the ticket can be closed