If you go back to the settings page again do you get the same error? A 412 error code sounds like your web server hiccuped, I’ve never encountered it before.
Yes, it is completely repeatable. I have tried deactivating and reactivating the plug-in several times, which got rid of the “old version” message, but the “412 Error” persists. Also tried with Firefox, Chrome and IE browsers.
The full text of the error message is:
——————–
412 Error
Your request got filtered out due to possible security issues.
One or more things in your request were suspicious (defective request header, invalid cookies, bad parameters)
If you think you did nothing wrong:
try again with a different browser
avoid any evil characters inside the request url
If you are the owner of the website, you can consider revising the rules of the mod_security module or turning it off from your Web Hosting Control Panel.
Mod_Security can be a royal PITA. I am not sure how to replicate it or what Mod_Security isn’t happy about. Is there anything logged in your Web Hosting Control Panel?
To be clear, every time you visit the Email Users settings page you get a 412 error or does it only happen when you try to save the settings?
The warning message would have nothing to do with it, it is just HTML content.
It only happens when I try to Save Settings.
I turned on error logging in my Web Hosting Control Panel, tried Saving again, and got the following error:
[Tue Oct 08 23:50:17 2013] [error] [client 50.174.45.26] File does not exist: /services/users/f794cd92-f260-4a95-9cca-85cd7bcd778a/stillwatr/www/stillwaterclub.org/wordpress/wp-content/themes/atahualpa3710/images/favicon/swc-favicon.ico
[Tue Oct 08 23:50:17 2013] [error] [client 50.174.45.26] File does not exist: /services/users/f794cd92-f260-4a95-9cca-85cd7bcd778a/stillwatr/www/stillwaterclub.org/wordpress/wp-content/themes/atahualpa3710/images/favicon/swc-favicon.ico
[Tue Oct 08 23:50:47 2013] [error] [client 50.174.45.26] ModSecurity: 50.174.45.26 Access denied with code 412 (phase 2). detected SQLi using libinjection fingerprint ‘sonos’ at ARGS:mailusers_default_subject [file "/services/mod_security-rules/11_asl_adv_rules.conf"] [line "67"] [id "341245"] [rev "6"] [msg "Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)"] [data "sonos"] [severity "CRITICAL"] [uri " [hostname "stillwaterclub.org"]"]/wordpress/wp-admin/options.php
ModSecurity doesn’t like the default subject string which has percent signs in it which also happen to be wildcard characters in SQL. It appears that your ModSecurity thinks the default subject is an attemped SQL injection. This is the default subject:
[%BLOG_NAME%] A post of interest: "%POST_TITLE%"
As a test, take all of the percent characters (%) out, I bet the warning goes away.
Removed all the “%” characters from the Default Subject line, and the error went away when I save the settings.
That is exactly what I would have expected. Unfortunately there isn’t much I can do about your server configuration thinking the keyword substitution is a potential SQL injection. You may want to check with your hosting provider and see if they have any suggestions for this sort of issue.