Opened 3 years ago
Last modified 3 years ago
#53683 new defect (bug)
Custom HTML Widget fails to save if ‘href’ inside
Reported by: | paullee357 | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 5.7.2 |
Component: | Widgets | Keywords: | close |
Focuses: | Cc: |
Description
My site in development has some odd permission issues. chmod and chown all look great and able to upload images and make other saves. One particular issue that I can narrow down is the custom HTML widget saves great until the moment you add href inside an anchor.
I have a [GIF here]https://keepbastropcountybeautiful.org/wp-content/uploads/href-poison.gif showing how Save works well and fast until the moment I place href=”” inside – then it freezes with spinning and it does not save. Looking at the logs, I do see a 403 returned on the admin-ajax.php . I see 403 returned in other scenarios such as post.php, but not all of the time. With the Custom HTML widget being so specific, what actions happen on save? I'm on 5.7.2 no plugins, 2021 theme
Change History (2)
#2
@
3 years ago
Yes, the server does have a lot of restrictions for inbound and outbound traffic. That is why I'm wondering what routine is being called out while typing inside the Custom HTML widget as it appears to be auto closing brackets, quotes etc and even does error checking if a bracket is not closed. So is one of the error checks to verify that an href is correctly formed or maybe even exists? If so would that make the check an external check for which we are currently blocking.
Hi there, welcome to WordPress Trac! Thanks for the report.
Just noting that I could not reproduce the issue on a clean install. This sounds like an issue triggered by a plugin or some overzealous security rule on the server.
Some similar issues: #25564, #25736, #32571, #33160, #44861, #45368, #48673, #48698, #49766.