[wp-trac] [WordPress Trac] #16940: Prevent 403 errors in Press This
WordPress Trac
noreply at wordpress.org
Fri Feb 21 16:27:10 UTC 2014
#16940: Prevent 403 errors in Press This
--------------------------+-----------------------------
Reporter: scribu | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: Press This | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
--------------------------+-----------------------------
Comment (by aubreypwd):
After discovering that applying this patch *seems* to do nothing other
than replacing `/` with `\/` which gets you `/`, I landed on
http://stackoverflow.com/questions/14215419/mod-security-exception-rule-
for-url-as-parameter that seems to show that passing a url via a parameter
is not fun for `mod_security`
When I looked at what's happening in the patch (
http://jsfiddle.net/4s4Xb/4/ ) it appears that what actually get's sent to
the parameter is `\/`, an escaped `/`. This causes, I think, the parameter
to not be a URL, but be something like a URL.
So what we end up passing from JS to the URL is
`?u=http:\/\/fiddle.jshell.net\/_display\/` or
`?u=http%3A%2F%2Ffiddle.jshell.net%2F_display%2F` which works when press-
this.php processes it, see https://cloudup.com/cqDbBglTWO4
I did some
[Googling](https://www.google.com/search?btnI=&q=press+this+404+error#q=press+this+404+wordpress&tbs=qdr:y)
and this has come up recently in some blogs, etc, so it might still be an
issue with some people.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/16940#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list