WordPress.org

Make WordPress Core

#43198 closed defect (bug) (invalid)

Error saving widgets with html code - ModSecurity active - in some host services

Reported by: attosoftonline Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.9.2
Component: Widgets Keywords:
Focuses: Cc:
PR Number:

Description

Hello.

Problem: When I go into the administration panel at Apearance - Widgets, and want to add a text box to a sidebar, the box saves just plain text, not accepting it with html content. When the save button is pressed, nothing happens, the process having no end.

Answer from my host service:

"I'm asking you to modify your site with the ModSecurity module deactivated.
You can disable this module from the cPanel interface, the section called "ModSecurity"

Recently, WordPress changed their platform without considering that the new site editing methods are not safe and easy to explode, resulting in many situations where it violates multiple ModSecurity rules."

Maybe a similar problem is related here:

https://hameedullah.com/whitelisting-wordpress-admin-wp-admin-in-mod_security-to-avoid-404-on-post-save-or-post-preview.html

Change History (1)

#1 @welcher
10 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

@attosoftonline thank you for the ticket and welcome to trac!.

This looks to be a server-side configuration issue and out of the control of WordPress core.

Recently, WordPress changed their platform without considering that the new site editing methods are not safe and easy to explode, resulting in many situations where it violates multiple ModSecurity rules."

Is there specific issue/update you're referring to? Without some indication of an issue, there is no direction to be taken.

Closing this for but please feel free to reopen if I have misunderstood or missed something!

Note: See TracTickets for help on using tickets.