Hi again @tzemaitis,
Please remove/comment Options -ExecCGI line from the /uploads/forminator/.htaccess file. Then add the following mu-plugin to help, so that the rule won’t be added in the future.
<?php
add_filter( 'forminator_upload_root_htaccess_rules', 'wpmudev_remove_htaccess_rules', 10, 1 );
function wpmudev_remove_htaccess_rules( $rules ) {
if ( ! empty( $rules ) ) {
$rules = str_replace('Options -ExecCGI', '', $rules);
}
return $rules;
}
You can find more information below on how to use mu-plugins.
https://wpmudev.com/docs/using-wordpress/installing-wordpress-plugins/#installing-mu-plugins
https://ww.wp.xz.cn/support/article/must-use-plugins/
Please note that you need to perform both removing the line from .htaccess file and adding mu-plugin. Please let us know if it helps.
Kind regards,
Zafer
Thread Starter
TZAL
(@tzemaitis)
Hi Zafer
Thanks, that worked.
Before we close this can I check a few thinsg?
- Will this now stop it from happening again?
- Do we need to keep this in place forever?
- What caused it?
- Will a future Forminator update mean we can remove it?
- If so, how will I know?
All shades of the same question but hope you can advise accordingly.
Many thanks, Tony
Hi @tzemaitis
I’m glad it worked!
As for your questions:
Will this now stop it from happening again?
It should. It is expected to prevent this from happening again and so far it seems to do so in our tests (and similar reports).
Do we need to keep this in place forever?
As of now – yes; until the permanent/full fix is included in the plugin.
What caused it?
It is related to security. The “Options -ExecCGI” option tells webserver to not allow execution of CGI scripts from that folder so basically it is a security measure in case e.g. somebody would find a way to upload some malicious CGI (.cgi, .pl, often also .php and some other types) scripts there. It should not affect CSS but apparently in case of some setups/servers it does break loading of those scripts. Why exactly – I’m not able to tell myself. Our Forminator Team is investigating such cases.
Will a future Forminator update mean we can remove it?
Yes but at this point I don’t know when yet. It’s being investigated to identify all possible reasons and find a code solution (that will also maintain increased security) and I don’t have ETA.
If so, how will I know?
Keep an eye, please, on the changelog for the plugin:
https://ww.wp.xz.cn/plugins/forminator/#developers
and upon updates’ releases look there for changes such as e.g. “500 error on style”, “Colors and fonts not displaying correctly”, “style not loaded with 500 internal server error” and similar.
Once you see it, try removing the code that you added, make change to form appearance and save it, clear cache and check the form. If the issue doesn’t occur again – it means the fix is there already (you can also ask us for confirmation here).
Kind regards,
Adam
Thread Starter
TZAL
(@tzemaitis)
Hi Adam
Great answers thanks.
Last question – does the fix create a security weakness?
Regards, Tony
HI @tzemaitis
If you a) don’t allow users to upload “executable” files/scripts and so on via the Forminator form and any other way though the site and b) your server is maintaining basic security practices in general – it shouldn’t be much of an issue.
Best regards,
Adam
I have same problem – looks fine in preview but changes not carrying through on publication. I overcame it by adding the customised css actually in Forminator settings, to in-theme customisations – with a few ‘important’ statements to override ‘flat’ settings. Hope this helps people – shouldn’t be necessary!
-
This reply was modified 2 years, 7 months ago by
Muette.
Hi @tzemaitis,
Could you please open a new thread with us with the URL to the page where you have the issue, so that we could have a better idea?
Please use the following URL to open a new thread:
https://ww.wp.xz.cn/support/plugin/forminator/#new-topic-0
Kind Regards,
Nithin
