I think I've tracked it down to the script path for the Javascript using a full stop. I suspect this is being blocked by URL scan.
If in the root web folder it's changed from: scripts/Designit,Gallery/jquery.lightbox-0.5.min.js to scripts/Designit_Gallery/jquery.lightbox-0.5.min.js then the js can be accessed by typing it's path into a browser, but the former (using a .) we receive a URL scan blocked messgage:
No umbraco document matches the url 'http://www.mydomain.com/Rejected-By-UrlScan?~/scripts/Designit.Gallery/jquery.lightbox-0.5.min.js'
I've tried replacing every occurance of Designit.Gallery in all package files and importing that but that fails in the controls section for unkown reasons.
By default, this option is set to 0. If this option is set to 0, URLScan rejects any requests that contain non-ASCII characters. This can prevent certain types of attacks, but it may also block out requests for certain legitimate files, such as files with non-English names.
AllowDotInPath=0
By default, this option is set to 0. If this option is set to 0, URLScan rejects any request that contains multiple periods (.). This prevents attempts to disguise requests for dangerous file name extensions by putting a safe file name extension in the path information or query string portion of the URL. For example, if this option is set to 1, URLScan might permit a request for http://servername/BadFile.exe/SafeFile.htm because it thinks that it is a request for an HTML page, when it is actually a request for an executable (.exe) file with the name of an HTML page in the PATH_INFO area. When this option is set 0, URLScan may also deny requests for directories that contain periods.
However, this maybe considered a security risk so I need convert the package to use underscores for folder names rather than periods (.) throughout. Can anyone help with this? I've tried doing a texual substitution for all files within the package from designit.gallery to designit_gallery and import the package again. It looks OK but it reveals problems with the ascx as it can't find the controls? Can't understand why.
Designit gallery - Umbraco 4.7, not working
Designit http://our.umbraco.org/projects/website-utilities/designit-gallery-package isn't working in 4.7 using IIS6. It fails to use Java script and so the images just appear on a separate page.
I think I've tracked it down to the script path for the Javascript using a full stop. I suspect this is being blocked by URL scan.
If in the root web folder it's changed from: scripts/Designit,Gallery/jquery.lightbox-0.5.min.js to scripts/Designit_Gallery/jquery.lightbox-0.5.min.js then the js can be accessed by typing it's path into a browser, but the former (using a .) we receive a URL scan blocked messgage:
No umbraco document matches the url 'http://www.mydomain.com/Rejected-By-UrlScan?~/scripts/Designit.Gallery/jquery.lightbox-0.5.min.js'
I've tried replacing every occurance of Designit.Gallery in all package files and importing that but that fails in the controls section for unkown reasons.
Any thoughts?
Lea
Ah, ha...
From the URLScan site:http://support.microsoft.com/kb/326444
By default, this option is set to 0. If this option is set to 0, URLScan rejects any request that contains multiple periods (.). This prevents attempts to disguise requests for dangerous file name extensions by putting a safe file name extension in the path information or query string portion of the URL. For example, if this option is set to 1, URLScan might permit a request for http://servername/BadFile.exe/SafeFile.htm because it thinks that it is a request for an HTML page, when it is actually a request for an executable (.exe) file with the name of an HTML page in the PATH_INFO area. When this option is set 0, URLScan may also deny requests for directories that contain periods.
OK, so I've changed urlscan.ini to AllowDotInPath=1 and bingo! All working :) See http://umbgallery.codeplex.com/discussions/259047
However, this maybe considered a security risk so I need convert the package to use underscores for folder names rather than periods (.) throughout. Can anyone help with this? I've tried doing a texual substitution for all files within the package from designit.gallery to designit_gallery and import the package again. It looks OK but it reveals problems with the ascx as it can't find the controls? Can't understand why.
Any help appreciated.
Cheers
Lea
is working on a reply...