Support » Plugin: NinjaFirewall (WP Edition) - Advanced Security » DOCUMENT_ROOT variable in HTTP request

  • Resolved cebln


    Rule 510
    POST /wp-admin/post.php – DOCUMENT_ROOT variable in HTTP request – [POST:WooCommerceEventsTicketTheme = / /wp-content/uploads/fooevents/themes/rocko]

    It has to do with the Plugin “FooEvents for WooCommerce” and stops a shop manager from being able to save a freshly duplicated product in WooCommerce.

    Funny, I could not even find an occurrence of the string “DOCUMENT_ROOT” FooEvents plugin folder files.

    Is this rule so important with modern PHP 7+ and how can I switch the rule #510 off (not in the rules selector options) without switching off too much?
    Is this part of this option “Block localhost IP in GET/POST request”?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author nintechnet


    It is “Block the DOCUMENT_ROOT server variable in HTTP request” in the advanced firewall policies section. You can disable it, that’s fine.
    DOCUMENT_ROOT is a variable populated by your server, not a string, hence you won’t find it in the code.

    OK thank you,I deactivated that setting now.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘DOCUMENT_ROOT variable in HTTP request’ is closed to new replies.