Bug: Orchard admin gui

Topics: Administration, Installing Orchard
Mar 31, 2012 at 3:27 PM

When I develop in localhost, the admin gui is perfectly fine, including the rich mode editing of pages (so I don't have to input all in html).

But after I have deployed to may shared hosting (with filezilla, in binay mode transfer), the gui is all messed up. The rich mode editing is gone, and the list of modules is seen in a list and not grid, with the enable / disable buttons partially showing (upper half).

How can I fix it ?

Coordinator
Apr 1, 2012 at 2:27 AM

Your deployment was probably incomplete. It happens often with FTP. Check your FileZilla logs. WebDeploy works a lot better.

Apr 2, 2012 at 11:57 AM
Edited Apr 2, 2012 at 12:04 PM

I have also deployed it as a zip and then extracted it with websitepanel and the same occurs.

I've checked the logs (in shared hosting) and the problem seems to be URLScan. I have AllowDotInPath=0 and the administrator won't change it.

This must be the problem since I couldn't even delete content pages that I have created or menus.

I have also checked other CMS (Umbraco 5) and it doesn't have this problem but I like Orchard more (it's easier to get something up and running quickly).

Can I help to resolve this issue b/c as it seems, I'm not the only one with the urlscan problem. I'm asking because I'm a computer engineer.

I was thinking to start renaming files so it won't have a dot and also modify the dependencies but if you won't use it, I would have to change this every time a new version is released and it's overkill, even with some scripts.

PS. I can't deploy with WebDeploy (I am not allowed).

PS2 I also think it's a security issue to just allow dots in path so Orchard can work correctly considering other CMS don't have this problem.

Coordinator
Apr 3, 2012 at 1:55 AM

This has been reviewed in the context of Orchard by the very people who built that IIS feature. Orchard blocks almost everything out of the box, so none of the problems that this setting is guarding against apply. Unless you can point to a specific exploit, there is no security risk here.

My advice would be to switch to a more decent hosting company, preferably one that understands and supports Orchard.