id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
13090	Widget Update Error	greaterweb	azaozz	"A client of mine appears to have surfaced a bug when saving updates to a widget. This bug was originally discovered through an update to a custom slider widget I had developed. Further testing has replicated the issue with other widgets including the basic WordPress text widget.

Turns out widget text (text ''input'' or ''textarea'') cannot contain the words '''select''' and '''from''', specifically in that order. An error remains present even if words are inserted between the two such as '''I selected WordPress as the best software from Automattic'''. Reversing the order of words will not trigger an error.


== To Replicate ==
Place a text widget in one of your widget areas. Enter the text '''select from''' in either the title ''input'' or main ''textarea'' box. Hit save and the circular icon will pop up (as expected), though as the ajax update fails the icon remains present.

I was still able to replicate the issue even after disabling all plugins and reverting to the default WordPress theme.


== The Error ==
It seems pretty apparent that we have a bit SQL Injection prevention kicking in. I have tested this on two separate client sites and did some ajax debugging with the aid of Firebug. What is odd is one site makes the request to ''wp-admin/admin-ajax.php'' and gets a ''500 Internal Server Error''. An identical test on a second site return a ''404 Not Found'' for the ''wp-admin/admin-ajax.php'' request. Both of these sites reside on the same web server.

As an additional debugging measure, on the site with the ''500 Internal Server Error'', I stripped out the entire contents of the ''wp-admin/admin-ajax.php'' file. The same ''500 Internal Server Error'' is returned for the ajax request to the blank file. We are choking somewhere before we actually get to the php file. I'll poke around some javascript next.

I couldn't find a ticket for anything similar and was unable to get anyone to confirm/replicate in with [http://wordpress.org/support/topic/390575 post in the forums]. 

Thanks!

-Ron"	defect (bug)	closed	normal		Widgets	2.9.2	normal	invalid