WordPress.org

Support

Support » Plugins and Hacks » [Resolved] Bad Query Strings funcrion breaks scripts

[Resolved] Bad Query Strings funcrion breaks scripts

  • Scolpy
    Member

    @xxxyonixxx

    Hey,

    I found that the function “Bad Query Strings” under “Firewall” breaks scripts in some conditions.
    For example, if you’ll use in the “Visual Composer” plugin you’ll see that the plugin isn’t work at all when this function is enabled(and also cause to the whole WordPress core to not such as the scripts that let you change editors between Visual to Text)

    http://wordpress.org/extend/plugins/all-in-one-wp-security-and-firewall/

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Peter Petreski
    Member

    @peter-petreski

    Hi,
    I just wanted to clarify exactly what you mean –
    are you saying that when editing a post or page, you cannot change between the “Visual/Text” tabs when “Bad Query Strings” are enabled?

    If possible can you please provide any more info which may help us to reproduce this problem?

    Scolpy
    Member

    @xxxyonixxx

    Indeed. but not in normal condition.
    I found this cause to break Visual Composer(premium plugin) and now I found that this also cause to break scripts in Social Stickers plugin, as I explained this issue here:
    http://wordpress.org/support/topic/the-plugin-break-the-widgets-scriptv202?replies=7

    Plugin Author mra13
    Participant

    @mra13

    Those plugins are using query parameters that are in our bad query rules as *bad*. Obviously there is going to be the chance of some false positive, meaning those plugins are not doing anything wrong in this instance. But that doesn’t mean we can just remove those rules because then that compromises the security on another site where the users are not using those plugins.

    If we remove those rules then there is no point of having that feature in the first place anyway. So instead of affecting everyone’s site, it is best if you turn off the bad query rule firewall feature on your site.

    Scolpy
    Member

    @xxxyonixxx

    I know that, but my question is if you can add some exclude list to this function?

    ramonjosegn
    Participant

    @ramonjosegn

    I think the solution is the plugin should be working how Wordfence plugin, you only select a protection nivel (low, standard, high protection or atack protection) and the rules are automatically apply by the level of security selection

    Plugin Author mra13
    Participant

    @mra13

    @Scolpy, adding exclude list is a good suggestion. We will keep that in mind.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘[Resolved] Bad Query Strings funcrion breaks scripts’ is closed to new replies.