[wp-trac] [WordPress Trac] #35838: Customizer Save & Publish fails if /*SQL-COMMAND in text box (only on some hosts)
WordPress Trac
noreply at wordpress.org
Sat Feb 20 02:59:18 UTC 2016
#35838: Customizer Save & Publish fails if /*SQL-COMMAND in text box (only on some
hosts)
--------------------------+------------------------------
Reporter: wpweaver | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Customize | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by voldemortensen):
This is being blocked by mod_security rules. Just looked at the ajax
request in the console and saw the `406 Not Acceptable` response code with
this as the response body:
[[Image(https://cldup.com/wjN4Gq_F3v-3000x3000.png)]]
When I get into the office next week I'll track down which rule and see if
it can be adjust to be secure and allow this, but that seems unlikely.
GreenGeeks must be using, at least partially, the same lists as Bluehost.
> This is possibly not a WP bug, but is still a real issue as plenty of
users have cheap host like BlueHost or GreenGeeks, so I think it needs to
be addressed.
While it's true many people are hosted on Bluehost and GreenGeeks, I don't
think using `/*insert`, `/*delete`, `/*select`, etc is a very common
practice. Seems pretty edge case to me. Either way, I'll dig deeper when I
get to the office. In the mean time, it is possible to use `*insert`, etc
without the leading slash.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35838#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list