Email Override Issues

-- HikaShop version -- : 6.4.0
-- Joomla version -- : 6.1.0
-- PHP version -- : 8.4
-- Browser(s) name and version -- : Firefox 149.0.2
-- Error-message(debug-mod must be tuned on) -- : Forbidden You don't have permission to access this resource.

In reviewing my email overrides, I have run into two issues.

1. I am unable to save changes to any of them or even click on the Cancel button without getting a "You don't have permission to access this resource." error. I checked file and folder permissions and those look proper. I have to download the files via FTP, edit them and upload to get around this issue.
2. When trying to "See Modifications", while using the dark theme, the text is unreadable. The dark theme is not being applied. I have to switch to light theme so see them.

nicolas wrote: It's likely an issue with a security mechanism on your server which blocks the request.

nicolas wrote: Regarding the See modifications popup display in dark mode, that's something we fixed in HikaShop 6.4.1, which we just released yesterday. It displays like this now: i.imgur.com/oSfJVLw.png

Regarding the email history, I'm not able to reproduce the issue:
i.imgur.com/0SqZBQM.png

I turned off RSFirewall's active scanner and disabled all of its plugins. Still I get the Forbidden error.

Changing to the default backend CSS fixed the theming issue with the Emails "See Modifications". However, I still see the issue with the email log page.

I found these examples in the error log file for my IP address. Clicking on the Save button is one issue. I am surprised about getting Forbidden error just clicking on the Cancel button. I would think that would just be a simple forward back to the Emails page.

[Fri Apr 17 14:27:09.897114 2026] [:error] [pid 2121134:tid 140379192526592] [client ***:63232] [client ***] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\bunion\\\\b.{1,100}?\\\\bselect\\\\b.{1,100}?php.{1,100}?(?:passthru|serialize|system|eval|create_function|create_function|preg_\\\\w+|exec|shell_exec ?(?:\\\\(|\\\\: ?'?))|select.{1,100}?(?:php|perl).{1,100}?into outfile|reg_replace ?\\\\()" at ARGS:data[mail][preload]. [file "/etc/httpd/modsecurity.d/modsec/10_asl_rules.conf"] [line "279"] [id "380025"] [rev "7"] [msg "Atomicorp.com WAF Rules: SQL injection with PHP/PERL payload"] [data "reg_replace("] [severity "CRITICAL"] [tag "SQLi"] [tag "RCE"] [hostname "***.com"] [uri "/administrator/index.php"] [unique_id "***"], referer: https://***/administrator/index.php?option=com_hikashop&ctrl=email&task=edit&mail_name=payment_notification
[Sun Apr 19 21:39:53.032960 2026] [:error] [pid 3353928:tid 140379167348480] [client ***:18442] [client ***] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\bunion\\\\b.{1,100}?\\\\bselect\\\\b.{1,100}?php.{1,100}?(?:passthru|serialize|system|eval|create_function|create_function|preg_\\\\w+|exec|shell_exec ?(?:\\\\(|\\\\: ?'?))|select.{1,100}?(?:php|perl).{1,100}?into outfile|reg_replace ?\\\\()" at ARGS:data[mail][preload]. [file "/etc/httpd/modsecurity.d/modsec/10_asl_rules.conf"] [line "279"] [id "380025"] [rev "7"] [msg "Atomicorp.com WAF Rules: SQL injection with PHP/PERL payload"] [data "reg_replace("] [severity "CRITICAL"] [tag "SQLi"] [tag "RCE"] [hostname "***.com"] [uri "/administrator/index.php"] [unique_id "***"], referer: https://***/administrator/index.php?option=com_hikashop&ctrl=email&task=edit&mail_name=order_admin_notification

I was able to get our webhost to whitelist us. So, I can now use that functionality without error.

If you want to track down that theming issue with the email log, attached are some examples. It affects some emails and not others and then only if using Dark theme. They all look fine in Light theme.

Thanks for figuring out that it is a email template issue. Is there a default for that other than None?

Must have been quite some time ago, if that is the case. Got it ironed out now. Thanks.