[Resolved] I can not create an archive page for a taxonomy and archives don't work properly

[Author]

Posts

[kostasT]

I am trying to:
I have a custom taxonomy named "Markets" and I want to create an archive for it. As you can see in the following video the create archive process is not working. I can not create the archive on the first try and afterwards, I can not update the page. Moreover, I notice that in the existing taxonomies archives, Toolset does not display the posts or custom post items within the loop. These archives work fine in the front end.

Link to a page where the issue can be seen:
The new archive page:
hidden link

Example of an existing archive with the problem:
hidden link
It works on the frontend
hidden link

See the screen recording here:
hidden link

[Waqar]

Hi,

Thank you for contacting us and I'd be happy to assist.

I couldn't reproduce this behavior on a test website, so it looks like something specific to your website is involved.

There are some errors and warnings showing in the browser's console when viewing the WordPress Archives editor screens.

To troubleshoot this, I'll suggest the following steps:

1. Please make sure that WordPress, active theme, and plugins are all updated to the latest versions. Currently, WordPress is not the latest version.

2. The website's 'Tagline' is not set at WP Admin -> Settings -> General and one of the errors in the browser's console is about that empty value. It is better to set some text as the tagline.

3. It would be interesting to test this with all non-Toolset plugins disabled and a default theme like Twenty Twenty-One.

If it's fixed, you can start adding the disabled items, one by one, to narrow down to a possible conflicting one.

4. In case the issue still persists, I'll need your permission to download a clone/snapshot of the website, to investigate this on a different server.

I hope this helps and please let me know how it goes.

regards,
Waqar

[kostasT]

Thank you for the reply. I will do actions 1 and 2 and I will keep you informed about the result.

[kostasT]

Hi,

I updated WordPress and I set the site tagline. These changes didn't solve the problem. I used the developer tools and I noticed that there were problems with the Toolset scripts. In particular, 403 errors:
------
Failed to load hidden link
resource: the server responded with a status of 403 ()
Failed to load hidden link
resource: the server responded with a status of 403 ()
------

I check the server's Web Application Firewall and I found a lot of errors like the following:
[Sun Jun 11 13:29:38.565849 2023] [:error] [pid 15650:tid 140345656448768] [client 2a02:85f:f56c:a300:486c:d2c8:7929:46be:60818] [client 2a02:85f:f56c:a300:486c:d2c8:7929:46be] ModSecurity: Warning. Pattern match "(?i:(?:\\\\sexec\\\\s+xp_cmdshell)|(?:[\\\\x22'`\\xc3\\x82\\xc2\\xb4\\xc3\\xa2\\xc2\\x80\\xc2\\x99\\xc3\\xa2\\xc2\\x80\\xc2\\x98]\\\\s*?!\\\\s*?[\\\\x22'`\\xc3\\x82\\xc2\\xb4\\xc3\\xa2\\xc2\\x80\\xc2\\x99\\xc3\\xa2\\xc2\\x80\\xc2\\x98\\\\w])|(?:from\\\\W+information_schema\\\\W)|(?:(?:(?:current_)?use ..." at ARGS:loop.item_template. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/013_i360_1_generic.conf"] [line "163"] [id "77211650"] [msg "IM360 WAF: Detects MSSQL code execution and information gathering attempts||MVN:ARGS:loop.item_template||MV:<div class=\\"wp-block-toolset-views-view-template-block wpv-block-loop-item php-to-be-replaced-with-shortcode\\" data-toolset-views-view-template-block=\\"1\\"><!-- wp:kadence/infobox {\\"uniqueID\\":\\"_dc9052-ce\\",\\"containerBackground\\":\\"#ffffff\\",\\"containerBackgroundOpacity\\":1,\\"containerHoverBackground\\":\\"#fbfaf8\\",\\"containerHoverBackgroundOpacity\\":1,\\"containerBorder\\":\\"#f3ede1\\",\\"containerHoverBorder\\":\\"#ee2c3c\\",\\"containerBorderWidth\\":[1,1,1,1],\\"containerBorderRadius\\":8 [hostname "staging.targetanalysis.gr"] [uri "/wp-json/toolset-views/v1/views/3557"] [unique_id "ZIWiEgR3WHn7JOkSlHzQ5gAAAUs"], referer: hidden link
[Sun Jun 11 13:29:38.586699 2023] [:error] [pid 15650:tid 140345656448768] [client 2a02:85f:f56c:a300:486c:d2c8:7929:46be:60818] [client 2a02:85f:f56c:a300:486c:d2c8:7929:46be] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "<!--" at ARGS:general.view_template. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/07_XSS_XSS.conf"] [line "56"] [id "212340"] [rev "5"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||staging.targetanalysis.gr|F|2"] [data "Matched Data: <!-- found within ARGS:general.view_template: <div class=\\x22wp-block-toolset-views-wpa-editor\\x22><!-- wp:uagb/section {\\x22classMigrate\\x22:true,\\x22align\\x22:\\x22full\\x22,\\x22block_id\\x22:\\x225bd2c389\\x22,\\x22bottomPadding\\x22:0,\\x22bottomMargin\\x22:30,\\x22contentWidth\\x22:\\x22full_width\\x22,\\x22innerWidth\\x22:1200,\\x22backgroundType\\x22:\\x22color\\x22,\\x22backgroundColor\\x22:\\x22var(\\x5cu002d\\x5cu002dast-global-color-5)\\x22,\\x22borderStyle\\x22:\\x22\\x22,\\x22borderWidth\\x22:\\x22\\x22,\\x22ov..."] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "staging.targetanalysis.gr"] [uri "/wp-json/toolset-views/v1/views/3557"] [unique_id "ZIWiEgR3WHn7JOkSlHzQ5gAAAUs"], referer: hidden link

I disable the firewall and the problem is partially solved. The existing archives work properly. However, the new archive (for markets) was created but there are problems with the blocks that display the archive's contents. In the beginning, I used the Kadence Infobox. It had 2 problems. The image was shown in the backend but it wasn't shown in the frontend. The styling of the block worked in the backend but not in the frontend. Afterwards, I used the Toolset container block, heading and image. This solution also had problems, as although it was shown correctly in the backend, in the frontend the heading and the image were shown outside the container. You can see the problems here (in this example, I added both blocks for you to see the problems):
hidden link

The archive page in the WordPress administration is here:
hidden link

Now, the firewall is on, so in the administration, the archive page doesn't work properly. However, you can see the problem in the frontend.

Please check the 403 errors in the backend and tell me if you want to disable the firewall again. Please also check the problems with the blocks.

[Waqar]

Thank you for sharing this update.

The error 403 means that your server/firewall is blocking or restricting specific REST API requests and scripts, confusing them with malicious code.

For the course of this investigation can you keep the firewall disabled and then recreate the affected archive again? It would be a good idea also to test this website's clone on a different server to see if the issue persists there. It can be a localhost server too and Toolset's recommended server requirements and configuration information is available at:
https://toolset.com/toolset-requirements/

Once it is disabled, please let me know and I'll check the affected archives again. Right now, I still see many 403 errors in the console of the archive editor page.

[kostasT]

Hi,

I disabled the firewall.

[Waqar]

Thank you for waiting.

In the archive 'Archive for Markets' ( used for hidden link ), I noticed that the Toolset's 'Container' block had the option 'Make the entire container a link' enabled.

And inside that block, there is a 'Heading' block, which was set to show the post link.

By HTML standards, it is not valid to nest one link inside another link and most modern browsers try to fix this on their own by changing the markup/code accordingly.
( ref: https://stackoverflow.com/a/13054959 )

For this reason, whenever the option "Make the entire container a link" is enabled in a container block, it is better to avoid any other links inside the containing blocks.

I've changed that heading block to show the 'Post title' instead and the layout for that block is fixed now.
( screesnhot: hidden link )

I hope this helps and let me know if you have any follow-up questions.

[kostasT]

Hi,

Thanks for solving the container problem. However, the other problems are still there:

1) The firewall treats specific Toolset scripts as malware and blocks them. I can't disable the firewall on the production site.

2) The kadence infobox doesn't load the dynamic image. Although it is loading in the backend when I add the dynamic image, it is not displayed in the frontend. And it is not shown in the backend either. Moreover, the infobox's styling doesn't work on the frontend.

3) The grid layout in the archive results is broken as you can see here: hidden link

[Waqar]

Thanks for writing back.

1) This staging website is using the 'MalCare' plugin. Are you using the same on the production website too, to manage the firewall?

In the firewall utilities, there are usually options available to control the exceptions. You can consult their official support and documentation to see how the files from the Toolset plugins can be included in the exception of the safe files list.

2 & 3) To troubleshoot these points, I'll need your permission to download a clone/snapshot of the website. This will help us debug this in more depth.

[kostasT]

Hi,

1) We have the MalCare plugin but Toolset is stopped by the hosting provider Web Application Firewall (ModSecurity). We can add exceptions. Which files should add? Not that this is something that happened during the latest update of Toolset, so maybe you should debug your files.

2) You have permission to download a clone/snapshot of the website.

[Waqar]

1) To get started, you can add the firewall exceptions for these two paths:

{yourwebsite.com}/wp-json/toolset-views/*
{yourwebsite.com}/wp-content/plugins/toolset-blocks/*

Note: For the correct format, you can consult the MalCare plugin's official support and documentation.

2) Thank you for the permission and I've downloaded the website's clone.

I'll be performing some tests and will share the findings, as soon as this testing completes.

[kostasT]

Hi,

I will try to solve the problem with the firewall and I will wait for your solution to the 2nd problem.

[kostasT]

Hi,

Is there any progress?

[Waqar]

Hi,

Thank you for waiting as I had an unusually busy forum queue before the weekend.

Just wanted to let you know that I'm working on this and will share the findings with you today.

Thank you for your patience.

regards,
Waqar

[Waqar]

Thank you for waiting and here are my findings.

In the archive 'Archive for Markets', there were some CSS code conflicts arising from the styles loaded from the Kadence blocks and Toolset blocks.

I've included the following updated custom CSS code in that archive's custom CSS section and both the image and the layout issue with the 'Info Box' block is fixed now.

.uagb-column__inner-wrap p{
display: block !important;
}

.tb-grid-column .wp-block-toolset-views-view-template-block {
height: auto !important;
}

.tb-grid-column .wp-block-toolset-views-view-template-block .kadence-info-box-image-intrisic {
height: auto !important;
}