WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#33160 closed defect (bug) (worksforme)

Saving Post redirects to 404 page when php $_GET variable in post body

Reported by: dominicme Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.2.3
Component: Posts, Post Types Keywords:
Focuses: administration Cc:

Description

I am getting a 404 page after attempting to save as draft or publish. This is on a clean installation with no plugins or themes. This only happens on a remote hosting server and not on a local Linux server. The reason why I am reporting this as a bug is because text in the post should not be interpreted as code or cause a 404 error regardless of the environment. I am on Linux shared hosting running the following:

Apache Version 2.2.29
PHP Version 5.4.41
MySQL Version 5.6.23

What could possibly cause a 404 error due to text in the post body? It does not matter if "$_GET" is entered into visual or code view or if it is surrounded or not by any characters. Theme seems to be irrelevant. There is at least another 1 post that does not have $_GET line but still results in 404 when saving. Both posts were either saved or published before 404 errors started occurring. There is about a 2 month gap (from now minus 1 week) during which the issue was introduced. Looking forward to any insight into this.

Thank you.

Change History (5)

#1 follow-up: @MikeHansenMe
5 years ago

I am not able to reproduce this. Can you reproduce it without any plugins and using a default theme?

#2 follow-up: @markjaquith
5 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to worksforme
  • Status changed from new to closed

Hey @dominicme, thanks for the report!

It really sounds like the fault of mod_security, an Apache module some hosts run that blocks requests with certain "suspicious" text. Definitely not anything in WordPress core, and not really something we can work around. I'd contact your host.

Last edited 5 years ago by markjaquith (previous) (diff)

#3 in reply to: ↑ 1 @dominicme
5 years ago

Replying to MikeHansenMe:

I am not able to reproduce this. Can you reproduce it without any plugins and using a default theme?

I did 2 clean installs on a subdomain, nothing changed with default theme and still same issue. Is there anything I can try to narrow this issue down? I just don't understand why any text in the post body would cause this issue.

#4 in reply to: ↑ 2 @dominicme
5 years ago

Replying to markjaquith:

Hey @dominicme, thanks for the report!

It really sounds like the fault of mod_security, an Apache module some hosts run that blocks requests with certain "suspicious" text. Definitely not anything in WordPress core, and not really something we can work around. I'd contact your host.

Will contact the host, thanks for the info. It's a very annoying issue, shouldn't WordPress provide an error of some sort if mod_security is on?

#5 @dominicme
5 years ago

I have contacted the host and they disabled the mod_sec rule for my IP but the issue persists. I will ask them to double check and verify that the rule was disabled but perhaps it's something else? After I hit save I get redirected to "http://site.com/wp-admin/post.php" with 404 error message and an extra dot after all other content if that matters at all. Is there troubleshooting steps I can take to narrow the search down?

Edit:

Here's the log showing the error:

78.18.xxx.xxx - - [01/Aug/2015:22:08:16 +0200] "POST /wp-admin/post.php HTTP/1.1" 404 32031 "http://xxx.com/wp-admin/post.php?post=1386&action=edit" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko"
Last edited 5 years ago by dominicme (previous) (diff)
Note: See TracTickets for help on using tickets.