Need help getting past mod_secure please!

General Forums Installation & Upgrade
#1

Hi guys,



I'm really stuck trying to install CS 4.02, I keep getting the disable mod_secure error. I'm currently running the newest 3.0 version and I'm trying to install 4.02 on a subdirectory and then use the new import feature to upgrade.



I've tried many things to get past this issue including:


  1. Had my hosting company disable this for my domain. They then suggested:



    “You'll need to check in with the developer - I'm betting it's reading from the system level info output, finding the module active there (which it is) and erroring out for that reason, rather than running any tests to see if it's enabled specifically for this domain, since the return is so immediate. There must be a way around it that they can provide.”



    I'm not sure what they mean by this, maybe someone can make sense of this? I'm not well versed in this stuff.




  2. Someone suggested on another thread:



    "I had a different issue with Globals and was able to resolve it and install it by changing the Globals report to false in validator.php. Check in install/app/installer/validator.php. Line 387 /**
  • Check if ModeSecurity is disabled. PS Mine was reporting Register Globals wrong since the Register Globals were already disabled in the Server"



    I tried messing around with this without any luck. Maybe I'm not finding the right spot?



    I tried editing the php as suggested but I'm not sure I'm making the right changes, because it hasn't worked for me. I tried changing anything mod_secure from “true” to “false” individually with no luck.



    Is this where my answer is?



    _______________________________________________________



    /**
  • Check if ModeSecurity is disabled

    *
  • @return bool true if disabled

    */

    public function isModeSecurityDisabled()

    {

    $checking_result = true;

    ob_start();

    phpinfo(INFO_MODULES);

    $_info = ob_get_contents();

    ob_end_clean();

    if (strpos($_info, 'mod_security') !== false) {

    App::instance()->setNotification('E', App::instance()->t('error'), App::instance()->t('text_mod_security'), true, 'validator');

    $checking_result = false;

    }

    return $checking_result;

    }



    ___________________________________________________________________






  1. Another place suggested adding this to the htaccess:





    SecFilterEngine Off

    SecFilterScanPOST Off

    < /IfModule>



    Unfortunately, this did not work as well.







    As you can see I've been stuck here a while! I'd really appreciate any help!
#2

Hey guys, I finally had the CS-Cart pros help me and this was the solution that helped me:



I replaced this part of the code:

if (strpos($_info, 'mod_security') !== false) {

App::instance()->setNotification('E', App::instance()->t('error'), App::instance()->t('text_mod_security'), true, 'validator');

$checking_result = false;

}



with this one:

/* if (strpos($_info, 'mod_security') !== false) {

App::instance()->setNotification('E', App::instance()->t('error'), App::instance()->t('text_mod_security'), true, 'validator');

$checking_result = false;

}*/



in the install/app/Installer/Validator.php file of your CS-Cart installation.

#3

For 4.2.2,



install/app/Installer/Validator.php



Change the following section:



public function isModeSecurityDisabled()

{

$checking_result = parent::isModeSecurityDisabled();

return $checking_result;

}



To:



public function isModeSecurityDisabled()

{

$checking_result = parent::isModeSecurityDisabled();

return 1;

}

#4

Forcing a function to return a static result is not a solution, it is avoidance. Suggest you get cs-cart to address the problem correctly.

The solution inpost #2 is equally bad by just commenting out the code.