Assigning Review form in OJS 3.0.2

HI. We installed upgrade 3.0.2 and have problems assigning review form to the reviewer. How do I do it? I already activated the form.

Hi @LeaVrecko,

The review form is attached to the review when you assign the reviewer. Watch for a control to select the form when you choose the reviewer.

Regards,
Alec Smecher
Public Knowledge Project Team

Hi.
Thank you so much for your help. It works fine now.
Regards, Lea

HI, we also just installed the latest version (hosted) to set up a journal. but not having much luck across the platform for most tasks. The main one right now is how to actually assign a reviewer? Im expecting to see as editor the submitted article for consideration, and a direct way to both have the 1st rotund reviewer advise if worthy of the journal, and a direct way to assign an article to a reviewer? neither function seem to be there with the initially submitted article

Also, is the a sect of online or documents that are for the most recent version of the PKP OJS (July 2017), as the current docs and file online seem to be vastly different and unhelpful. hence why I’m here at this forum,

Hi @nintiblue

Have you take a look here: https://www.gitbook.com/book/pkp/ojs3/details
Does that help?

Best,
Bozana

Hi,
I’ve read through the online documentation. I created a sample form for reviewing, and activated it.
There is just one section created, and one section editor assigned to it. The submission is assigned to that section.
When I go to the “Review” tab into a particular submission, I see no buttons on the right-hand side of the page such as “Request revisions” or any other means to have a reviewer assigned to the submission.

Am I doing something wrong?

Thanks in advance for your help.

I attach images.

Regards,
Juan
submissions

review

Hi @jascanio

From the screenshot, the participants grid on the right, it seems like there is no editor assigned to that submission.
As what role are you logged in?
You can use the link “Add” in the participants grid to assign an editor i.e. that section editor to that submission. Then this section editor should see some buttons on the right, above the participants grid: “Send to Review”, “Accept and Skip Review” and “Decline Submission”. Then the section editor can press the button “Send to Review” which should lead him/her to the review stage/tag, where other possibilities (decision buttons on the right) and “Reviewers grid” (for reviewer assignment) are available.

Actually I wonder how is it possible that the submission is not automatically assigned to that section editor, if that is the only editor in the system i.e. if he/she is assigned to that section… :open_mouth:

Best,
Bozana

Hi @bozana,
Thanks for your reply.
I’m the site administrator. I’ve assigned the following roles to my self:

  • Journal Editor
  • Section Editor
  • Journal Manager

When I click “Add” I get a modal window form. I can see the form, but on the top part of it there’s a “loading…” message which remains that way loading actually nothing, despite I wait for minutes.

See attached image

Can you thyink what the problem could be?

Thanks in advance for your help.

Regards,
Juan
add-participant

Hi @jascanio

Could you watch your PHP error logs when using the “Add” participants function? – It seems like an error occurs…

Best,
Bozana

Hi @bozana,
Thanks for your reply.
I’ve tried to assign someone by “Add participant”.
I’ve checked my error.log file. Last lines include the following

========================
[Mon Oct 09 18:53:35 2017] [error] [client 83.36.160.133] PHP Warning: assert(): Assertion failed in /home/ull.es/2f/revistas/webpages/lib/pkp/controllers/grid/notifications/NotificationsGridCellProvider.inc.php on line 150, referer: http://revistas.webs.ull.es/index.php/qurriculum/submissions
[Mon Oct 09 18:53:35 2017] [error] [client 83.36.160.133] PHP Fatal error: Call to a member function getLocalizedTitle() on a non-object in /home/ull.es/2f/revistas/webpages/lib/pkp/controllers/grid/notifications/NotificationsGridCellProvider.inc.php on line 152, referer: http://revistas.webs.ull.es/index.php/qurriculum/submissions
[Mon Oct 09 18:54:12 2017] [error] [client 83.36.160.133] PHP Warning: assert(): Assertion failed in /home/ull.es/2f/revistas/webpages/lib/pkp/controllers/grid/notifications/NotificationsGridCellProvider.inc.php on line 150, referer: http://revistas.webs.ull.es/index.php/scientia-insularum/submissions
[Mon Oct 09 18:54:12 2017] [error] [client 83.36.160.133] PHP Fatal error: Call to a member function getLocalizedTitle() on a non-object in /home/ull.es/2f/revistas/webpages/lib/pkp/controllers/grid/notifications/NotificationsGridCellProvider.inc.php on line 152, referer: http://revistas.webs.ull.es/index.php/scientia-insularum/submissions
[Mon Oct 09 18:54:22 2017] [error] [client 83.36.160.133] PHP Warning: assert(): Assertion failed in /home/ull.es/2f/revistas/webpages/lib/pkp/controllers/grid/notifications/NotificationsGridCellProvider.inc.php on line 150, referer: http://revistas.webs.ull.es/index.php/scientia-insularum/workflow/index/6/1
[Mon Oct 09 18:54:22 2017] [error] [client 83.36.160.133] PHP Fatal error: Call to a member function getLocalizedTitle() on a non-object in /home/ull.es/2f/revistas/webpages/lib/pkp/controllers/grid/notifications/NotificationsGridCellProvider.inc.php on line 152, referer: http://revistas.webs.ull.es/index.php/scientia-insularum/workflow/index/6/1
[Mon Oct 09 18:54:42 2017] [error] [client 83.36.160.133] ModSecurity: Access denied with code 403 (phase 2). Pattern match “\\bselect\\b.{0,40}\\buser\\b” at REQUEST_FILENAME. [file “/etc/modsecurity/modsecurity_crs_41_sql_injection_attacks.conf”] [line “68”] [id “959514”] [rev “2.2.0”] [msg “Blind SQL Injection Attack”] [data “select/user”] [severity “CRITICAL”] [tag “WEB_ATTACK/SQL_INJECTION”] [tag “WASCTC/WASC-19”] [tag “OWASP_TOP_10/A1”] [tag “OWASP_AppSensor/CIE1”] [tag “PCI/6.5.2”] [hostname “revistas.webs.ull.es”] [uri “/index.php/scientia-insularum/$$$call$$$/grid/users/user-select/user-select-grid/fetch-grid”] [unique_id “Wdu34sGRdpAAABF9CyQAAAAK”]

============================

Can you think what the problem could be?

Thanks in advance for your reply.
Regards
Juan

Seems to be related to Apache mod_security. There is a username or maybe even a user bio entry that is triggering mod_security rules in your server with Pattern match “\\bselect\\b.{0,40}\\buser\\b” meaning that there is a string somewhere with the words SELECT and USER close to each other. Those are seen as sql command by the mod_security rules.

Hi,
Thanks for your reply.
How can I find such a string withing my database?

Thanks in advance for your help.

Regards,
Juan

Hi,

Looking at this more closely, it could even be that the url /index.php/scientia-insularum/$$$call$$$/grid/users/user-select/user-select-grid/fetch-grid is triggering mod_security.

If you are using a database management tool phpmyadmin, you could try tracking the data down by doing a simple search:
45 pm

In any case, the server mod_security settings are not working like they are supposed to. Only your service provider can change the settings, so you should contact them.

Hi @ajnyga,
Thanks for your reply.
I’ve searched with your suggested terms and found 3 matches.
They are in the email_templates_default_data table.
When I hit “Browse” link next to the table name in the search results list I get an
Error in Processing Request message
Error code: 403
Error text: Forbiden
As displayed in the attached image
error-403-accesing-table

Any further advice?
Thanks
Regards,
Juan

Hi,

Probably mod_security is causing that as well. It does not matter what application you use, the same mod_security rules apply to both OJS and phpmyadmin.

The only viable solution is to contact you service provider and tell them that mod_security is getting triggered by the data in that database table (and maybe also by the request url mentioned above).

I am not an expert in mod_security issues. Maybe @asmecher could have better pointers.

Hi @jascanio,

@ajnyga is right, I’m afraid – you’ll need to tweak the mod_security rule to stop it from interfering with both phpMyAdmin and OJS. There’s usually a security log associated with mod_security that’ll give you the information you need to identify the problem rule, and in my experience, hosting providers are often willing to selectively disable or tweak those rules (though they may not enjoy it).

Regards,
Alec Smecher
Public Knowledge Project Team