- Priority: 0
- Status: Closed
- Theme: Alysum
-
Assigned To:
Fred
- Private: No
- Open Date: 01.06.23, 12:11
- Opened by: Piero
- Closed by: Fred
- Closed on: 08.06.23, 23:14
- Reason: Closed
- Comment: Glad to help!
Ticket #24735 - Search sidebar does not work - POST vs GET
Hello,
I just migrated a website from another server; the server root location changed, and I updated it both in the database and in a json file in the theme path.
However, the search function (accessed through a magnifier icon which slides in the right sidebar titled Search) returns an error in the console when I start typing:400 (Bad Request)
This is a sample url that’s called with POST:
/module/pkelements/search?s=butt&sidebar=1&page=1&limit=5&orderby=position&orderway=desc
(no extra payload in the POST body)
which returns a 400 error; however, if I try to GET the same url, the backend returns a proper json.
Assuming it may have been due to my PHP version, I tried and reproduced the error on php 8, php 7.4, php 7.2.
I tried logging to locate the issue, but it must be high-level as nothing under /modules/pkelements is called when POST is used; and I can easily trace the code if GET is used.
Please advise
Comments
the config file I updated is /config/themes/alysum/shop1.json
Hi, Piero.
1. Please update credentials in your profile https://support.promokit.eu/myprofile to access to your Back-office
2. You don’t have to edit that file because it’s generated automatically and that’s not a reason of your problem
Hi Fred, I have updated the data… my technician Riccardo will continue the conversation.
Have you modified Promokit Widgets files? For some reason search is not working at all now
Hi, I’m not sure what Widgets are;
besides a few error log lines in modules/ps_mbo/ps_mbo.php which I used to track down the issue, these are the files I changed:
- config/defines.inc.php
- app/config/parameters.php
- config/themes/alysum/shop1.json
This last one I found a few days after I migrated the server, by searching the filesystem for the old path, as an editor wasn’t working in the backend. The file is owned by the website user and its permissions are 644.
I have just tried to set the whole site to 777, and the search still doesn’t work.
So I went back to the logs, looking for more clues: and there they were:
so ultimately the problem is that the POST call to /module/pkelements/search” returns prematurely, and ModSecurity considers this a Critical security risk due to this rule (in /etc/modsecurity/modsecurity.conf:62):
SecRule REQBODY_ERROR "!@eq 0" \ "id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"For the time being, I am leaving the site without ModSecurity2 (we have backups
Are you the developer of this module? I want to get this fixed at the soonest, I don’t like running on lower security, plus I don’t know Prestashop so I don’t really know what to monitor.
Hi, Piero.
Prestashop recommends to disable it in case of problems like you have https://docs.prestashop-project.org/v.8-documentation/v/english/user-guide/configuring-shop/shop-parameters/traffic/seo-and-urls
This case is also solved and the ticket can be closed