WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#34920 closed defect (bug) (invalid)

Failing to save post if this specific code snippet is in it

Reported by: MusicalCreeper01 Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.4
Component: General Keywords:
Focuses: Cc:

Description

For the last week I was unable to post on my site http://icodethings.info, every time I hit save draft or publish, the "wp-admin/post.php" page just said "page not found", and wouldn't save the post.

I thought it might have been a temporary issue with my x10 host, so I waited a couple days and tried again, same issue. After much debugging, disabling plugins, changing themes, etc, I realized the issue was only with that one post, or more specifically, with one port of that post I was trying to save.

I had saved the part of the post that wasn't saving on wordpress, in an OpenOffice document to preserve formatting so I could add it into the post when my site was working again, now I found out that this piece of code in the post was causing the issue:

int main() {
    SetupOLED();
    while (1) {
        DrawOLED();
    }
    return 0;
}

If I remove that code snippet, or more specifically, the main(){} part, then I'm able to update my post fine.

I'm guessing something either isn't being escaped correctly, or there is some kind of php injection happening here.

Change History (9)

#1 @MusicalCreeper01
4 years ago

  • Severity changed from normal to blocker

#2 follow-up: @Ipstenu
4 years ago

  • Keywords close added
  • Resolution set to invalid
  • Severity changed from blocker to normal
  • Status changed from new to closed

This doesn't happen on a localhost install but I can reproduce it on my site running mod_security. This is exactly the sort of error that happens when you have mod_sec running and it sees something it doesn't like :(

#3 @swissspidy
4 years ago

  • Keywords close removed
  • Milestone Awaiting Review deleted

#4 @SergeyBiryukov
4 years ago

  • Summary changed from Failing to save post if this sepcific code snippit is in it to Failing to save post if this specific code snippet is in it

Related: #25564, #25736.

#5 in reply to: ↑ 2 @MusicalCreeper01
4 years ago

Replying to Ipstenu:

This doesn't happen on a localhost install but I can reproduce it on my site running mod_security. This is exactly the sort of error that happens when you have mod_sec running and it sees something it doesn't like :(

So is there a solution? I'm assuming so since you marked it as closed.

#6 follow-up: @Ipstenu
4 years ago

You'd have to read your server logs to see why your system did it. It's probably mod_sec related but not 100% sure since other similar products do similar things. Start by digging into error logs. They should have something related to that post. Mod_sec will tell you which of it's rules were triggered and you can go from there.

#7 in reply to: ↑ 6 @MusicalCreeper01
4 years ago

Replying to Ipstenu:

You'd have to read your server logs to see why your system did it. It's probably mod_sec related but not 100% sure since other similar products do similar things. Start by digging into error logs. They should have something related to that post. Mod_sec will tell you which of it's rules were triggered and you can go from there.

I don't have any access to any of the log files, wish I did, my site is running from a x10hosting fre server. Also I don't quite understand how this could be system related, do you have a link you could point me to with more information as to how this could be caused by the system?

#8 follow-up: @Ipstenu
4 years ago

You can read http://hameedullah.com/whitelisting-wordpress-admin-wp-admin-in-mod_security-to-avoid-404-on-post-save-or-post-preview.html for a more detailed explanation. You can just google "modsecurity 404" and you'll see this happens a lot, and it's not just WordPress.

Since you're on an x10hosting and can't debug the server, there's nothing we can really do. It's not a core issue. If you want to post for support in the forums, go https://wordpress.org/support/forum/how-to-and-troubleshooting#postform :)

That said, since you literally cannot debug, you may just be stuck.

#9 in reply to: ↑ 8 @MusicalCreeper01
4 years ago

Replying to Ipstenu:

You can read http://hameedullah.com/whitelisting-wordpress-admin-wp-admin-in-mod_security-to-avoid-404-on-post-save-or-post-preview.html for a more detailed explanation. You can just google "modsecurity 404" and you'll see this happens a lot, and it's not just WordPress.

Since you're on an x10hosting and can't debug the server, there's nothing we can really do. It's not a core issue. If you want to post for support in the forums, go https://wordpress.org/support/forum/how-to-and-troubleshooting#postform :)

That said, since you literally cannot debug, you may just be stuck.

Ok, thanks for your time and help ;) I'll try to figure out what to do about this, I might just end up switching to some paid hosting that has log access.

Note: See TracTickets for help on using tickets.