[wp-trac] [WordPress Trac] #13090: Widget Update Error
WordPress Trac
wp-trac at lists.automattic.com
Fri Apr 23 02:43:22 UTC 2010
#13090: Widget Update Error
--------------------------+-------------------------------------------------
Reporter: greaterweb | Owner: azaozz
Type: defect (bug) | Status: new
Priority: normal | Milestone: Unassigned
Component: Widgets | Version: 2.9.2
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
A client of mine appears to have surfaced a bug when saving updates to a
widget. This bug was originally discovered through an update to a custom
slider widget I had developed. Further testing has replicated the issue
with other widgets including the basic WordPress text widget.
Turns out widget text (text ''input'' or ''textarea'') cannot contain the
words '''select''' and '''from''', specifically in that order. An error
remains present even if words are inserted between the two such as '''I
selected WordPress as the best software from Automattic'''. Reversing the
order of words will not trigger an error.
== To Replicate ==
Place a text widget in one of your widget areas. Enter the text '''select
from''' in either the title ''input'' or main ''textarea'' box. Hit save
and the circular icon will pop up (as expected), though as the ajax update
fails the icon remains present.
I was still able to replicate the issue even after disabling all plugins
and reverting to the default WordPress theme.
== The Error ==
It seems pretty apparent that we have a bit SQL Injection prevention
kicking in. I have tested this on two separate client sites and did some
ajax debugging with the aid of Firebug. What is odd is one site makes the
request to ''wp-admin/admin-ajax.php'' and gets a ''500 Internal Server
Error''. An identical test on a second site return a ''404 Not Found'' for
the ''wp-admin/admin-ajax.php'' request. Both of these sites reside on the
same web server.
As an additional debugging measure, on the site with the ''500 Internal
Server Error'', I stripped out the entire contents of the ''wp-admin
/admin-ajax.php'' file. The same ''500 Internal Server Error'' is returned
for the ajax request to the blank file. We are choking somewhere before we
actually get to the php file. I'll poke around some javascript next.
I couldn't find a ticket for anything similar and was unable to get anyone
to confirm/replicate in with [http://wordpress.org/support/topic/390575
post in the forums].
Thanks!
-Ron
--
Ticket URL: <http://core.trac.wordpress.org/ticket/13090>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list