I've recently upgraded from WordPress 2.0.4 to 2.0.5, and was wondering if what I've encountered is a known bug: I tried to post an article on my WordPress-driven test site containing the following content (it was a code snippet):
I've been using MarsEdit 1.1.2 for posting without problems, but this time I got an error stating that I couldn't post because the server reported a 503 error.
So I checked my web server error.log file, and noticed that quite a few strings (including "system") are blocked (I've removed my site info as it is a private test server):
[error] [client A.B.C.D] mod_security: Access denied with code 503. Pattern match "(echo( |\\\\(|\\\\').*\\\\;|chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\\\\(.*\\\\)\\\\;" at POST_PAYLOAD [severity "EMERGENCY"] [hostname "www.BAR.FOO"] [uri "/xmlrpc.php"]
Is this a known issue that will be fixed in an upcoming WordPress release? I've worked around it by substituting a numeric character entity for the s's in "system," but it'd be good to know if there is (or will be) a better fix.