Content Box Not Editable

  • Affected Version
    WoltLab Suite 3.1

    For all Pages and Boxes the Contents box appears empty and I'm unable to edit it.


    The data that should be in there is still present on the site but I'm now unable to change any of it.


    For example, on the Dashboard I've got information live on the site but the Content Box is showing empty and it can't be selected.

    This has occurred within the last week.


    Have I flipped a setting somewhere or is something bigger going on?

  • I have discovered that, although the boxes are all empty to begin with, we can edit them but the text is white so it appears as if nothing is being entered.


    However:

    The issue exists for all editor boxes across the site (e.g. users cannot make forum posts)

    The editor header is not visible for all editor boxes

    • Official Post

    Hello,


    This looks like some kind of JavaScript error is preventing the initialization of the editor. Please double check any recently installed plugins that interact with the editor.


    You can try opening the developer tools of your browser (Right click, inspect/inspect element) and open the "Console" tab. Then reload the page and look for errors that pop up, these provide a good indication of what happens. Look for the top most errors because those are most likely the root cause.

  • I've not recently installed any plugins but I've done as you suggested and got these:


    Editor page when creating a thread


    Editing the Dashboard


    I found a redactor 2 folder in my js/3rd Party folder that was last updated in Jan 2019.


    Do I need to remove that?

    • Official Post

    Please: Do not touch any files directly EVER. The editor is part of the software.


    The message at the very top is most likely what causes your issue. At the right side of the line should be a file name and line number indicator. Click on it and provide a screenshot of the code that shows up, that should provide enough context to identify the cause.

  • Ok, here is the full view when creating a thread. This includes the warnings too.


    and here is editing the dashboard


    Thank you for your help.

    • Official Post

    Uh, this doesn't look good. The browser complains about the redactor.combined.min.js containing an unexpected character.


    If I open the file https://wigangames.club/js/3rdParty/redactor2/redactor.combined.min.js in the browser I see this:

    JavaScript
    <?php"),e=e.replace("\x3c!--?","<?"),e=e.replace("?--\x3e","?>"),r.remove(),e},cleanMsWord:function(e){e=e.replace(/<!--[\s\S]*?-->/g,"") (more JS code here)


    This looks like the upper two thirds of the file are just missing. Also, the <?php is correct at this place, it is part of a replacement in JavaScript and enclosed in a string.


    Please replace the file contents with the contents for your version: https://raw.githubusercontent.…/redactor.combined.min.js

  • Success! That's cracked it, thank you.


    Mostly anyway - I'm still having trouble with Firefox on the Mac, which is somehow managing to see the old code despite me clearing cookies and cache, but I can live with that.


    I also took a look at redactor.js in the same location at it also appears to have the same issue.


    redactor.js in live


    redactor.js in a separate clean install (I was preparing for nuclear scenario)


    Should I replace the copy in live for this too?

    • New
    • Official Post

    Should I replace the copy in live for this too?

    Yes, but this file is only loaded when running in debug mode, hence this is not really a concern.


    It is still weird that both files got cut of at the logically same location. This looks more like a pattern to me, such as a "dumb" algorithm to clean up malicious files? Can you please check back with the hosting company / system administrator if there is anything that actively scans and "cleans up" files that look like they're compromised. And if yes, turn it off, because it is apparently flawed.

  • Found another example of the same thing (identified it by the same timestamp as the others - 10th Sep 16:12)

    https://wigangames.club/js/3rdParty/redactor2/plugins/WoltLabClean.js


    I should note that, while I don't recall exactly, this was around the time/day I installed the 3.1.23 update.


    I imagine that if this was the cause you would have heard a lot more noise, so it's probably just a coincidence, but it seems worth pointing out just in case.


    I've not found any other files with the same timestamp so it looks like this should be all of it. Interestingly it's only Redactor files that have been affected.


    Anyway - thank you again for your help. I was completely lost with this one so you've really saved me. I'll give the hosting company a shout to see if they can shine any light on what's happened.


    Cheers


    Andrew

    • New
    • Official Post

    I should note that, while I don't recall exactly, this was around the time/day I installed the 3.1.23 update.

    With computers there is no such thing as a coincidence. While this is unrelated to the update itself, I assume that the files were detected as "new" and then scanned for potentially malicious code. It is telling that all 3 files are cut off before the first occurrence of <?php in its content.

  • Got a reply back from the hosting company...

    Quote

    We use a firewall on all our servers which we will not disable for security reasons.

    Your developer shouldn't use code 64

    I've no idea what that means but the site is working fine once again so perhaps I'll just need to be aware of the possibility of this happening again with a future update. At least I know what to look out for now.


    Thanks Alexander

    • New
    • Official Post

    I've no idea what that means

    Me neither.


    A firewall is something that controls network traffic, what this has to do with modified files is beyond my imagination. Also what "code 64" is remains a mystery, that lacks quite a lot of context.


    You really have to appreciate the level of nonsense you get from the support of hosting companies these days. It would be funny if it wouldn't (a) hold you back from resolving the issue and (b) wasting the time of both of us.