For the last 12 days I have been unable to do any work on a code page. This page worked well for the last months, but suddenly, if I only hit Enter, error messages would appear in the browser´s console, like this:
TypeError: window.event is undefined
[Learn More]
built-codeEdit.min.js:18:15234Save has failed - please see the failure details below:
Object { name: “PrimaryTaskError”, message: “Document save has failed”, reason: {…}, stack: "a@ https://static.parastorage.com/services/santa/1.2716.16/packages-bin/documentServices/documentServices.min.js:1:873807\nu/p <@ https://static.parastorage.com/services/santa/1.2716.16/packages-bin/documentServices/documentServices.min.js:1:875860\n " }
fs.js:34:461
Error: Server Error
Status: 403Response Text:
utils.js:47:15
Save has failed - please see the failure details below:
Object { name: “PrimaryTaskError”, message: “Document save has failed”, reason: {…}, stack: "a@ https://static.parastorage.com/services/santa/1.2716.16/packages-bin/documentServices/documentServices.min.js:1:873807\nu/p <@ https://static.parastorage.com/services/santa/1.2716.16/packages-bin/documentServices/documentServices.min.js:1:875860\n " }
fs.js:34:461
Error: Server Error
Status: 403Response Text:
utils.js:47:15
TypeError: window.event is undefined
The result was that I could not save any changes: Wix would display a window with an error message that it was unable to save (static.parastorage.com closes the connection on you, Firefox would crash and you could start all over again).There was no way I could fix it. Together with Wix´s Ohad Laufer we started investigating. After a week Ohad wrote me they had a small breakthrough: Wix´s security mechanism flagged my source code as containing SQL-injection. The only problem was: it didn’t and we were stuck.
On Ohad´s advise, I deleted all the code (some 500 lines) and, from a copy, copied and pasted block by block, watching the browser´s console. At one function, boom, there it happened again. I then copied and pasted every individual line from that function and it resulted that it went boom on a line that called a function sleep().
There was nothing wrong with the code. So I Googled the words “sql injection sleep” and found this article: SQL Injection with MySQL SLEEP() | Official Pythian®® Blog
Turns out that SQL has a sleep statement (didn´t know that) which is misused for SQL-injection. So I simply renamed the sleep()-functiion and voila, after 12 days I could save again. The reason for the total lockout was that Wix´s control mechanism is too strict: the keyword sleep was used outside any SQL-scope, but was still flagged as SQL-injection.
So in short: if you run into a similar problem, check your function names (and, possibly, var and const names) for any resemblance with an SQL-command that could be interpreted as SQL-injection (e.g. I would not use DROP either). It will save you weeks of being locked out.
Many thanks to Ohad for being so persistent and helping me every way he could.