Thursday, January 19, 2023

BDTask Sales ERP - Dashboard is not loading in php 8.0+

BDTask Sales ERP - Internal Server Error

Solution :

Enable logs in the file saleserp_v10/application/config/config.php

$config['log_threshold'] = 0;
to
$config['log_threshold'] = 1;
Check error in logs application/logs
if it is
ERROR - 2023-xx-xx xx:xx:xx --> Severity: error --> Exception: Unsupported operand types: string + int /var/www/html/saleserp_v10/application/modules/dashboard/views/home/home.php 452
Update file /var/www/html/saleserp_v10/application/modules/dashboard/views/home/home.php

Change
   
     value='<?php $seperatedData = explode(',', $chart_data); echo html_escape(($seperatedData[0] + 10));?>' name=""

 

to

        value='<?php $seperatedData = explode(',', $chart_data); echo html_escape(((int)$seperatedData[0] + 10));?>' name=""
 Now try again.
Author : Pavitr Kanetkar | No comments:
Labels: , ,

Friday, December 30, 2022

php error - Request entity too large. The requested resource does not allow request data with the post requests or the amount of data provided in the request exceeds the capacity limit

Wordpress - Request entity too large. 

The requested resource does not allow request data with the post requests or the amount of data provided in the request exceeds the capacity limit

Solution : 

Add in apache2.conf

LimitRequestBody 100000000
Update in php.ini
max_input_time = 300
max_execution_time = 300
post_max_size = 512M
upload_max_filesize = 512M

Restart Apache 2

Author : Pavitr Kanetkar | No comments:

Wednesday, December 28, 2022

Scan https Web Application for tls vulnerability using openssl

SSL Labs is the effficient way to find which SSL protocols are enabled on your webserver.

Enter your website url and click on submit

https://www.ssllabs.com/ssltest/

It generated ssl scan report for your web application. You can check tls protocol enable/disable list.

If you want to scan tls protocol version on your local, Run following commands for different versions of tls.

tls 1 and tls 1.1 are vulnerable versions.

openssl s_client -connect app.localhost:443 -tls1
openssl s_client -connect app.localhost:443 -tls1_1
openssl s_client -connect app.localhost:443 -tls1_2
openssl s_client -connect app.localhost:443 -tls1_3

If tls 1 or tls 1.1 is enabled for your webserver but you are not getting results on command line, you need to make configuration changes in your openssl.cnf file.

Take backup of your /etc/ssl/openssl.cnf

sudo cp /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf.bkup

Add this to the beginning of your config file /etc/ssl/openssl.cnf
openssl_conf = default_conf

And then this to the end:
[ default_conf ]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT:@SECLEVEL=1

Now  export path
export OPENSSL_CONF=/etc/ssl/openssl.cnf

Now check again

openssl s_client -connect app.localhost:443 -tls1
openssl s_client -connect app.localhost:443 -tls1_1 

Now it should show enabled tls protocols on command line

You can disable these protocols in your webserver config.

Author : Pavitr Kanetkar | No comments:
Labels: , , , , ,