False positive: comparison operator in post content | WordPress.org

Resolved MrBrian
(@mrbrian)

10 years, 2 months ago

An author was trying to publish a story and didn’t know why he was being blocked – he copy pasted some HTML into the post i’m guessing. All because there’s a | in an ID variable?

Firewall log:
02/Mar/16 16:58:02 #7705376 high 257 174.88.43.1 POST /wp-admin/post.php - SQL injection (comparison operator #2)

Code in post triggering firewall:
<img id="252785_mceSrc|https://thenypost.files.wordpress.com/2015/12/bern.jpg?quality=100&strip=all&w=664&h=441&crop=1" class="" src="https://thenypost.files.wordpress.com/2015/12/bern.jpg?quality=100&strip=all&w=664&h=441&crop=1" alt="" width="598" height="397" />

https://wordpress.org/plugins/ninjafirewall/

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author nintechnet
(@nintechnet)

10 years, 2 months ago

This code is not blocked by the firewall.

Thread Starter MrBrian
(@mrbrian)

10 years, 2 months ago

Hmmm… well not sure what is triggering the firewall then. Here’s the log entry, it’s triggered like 20 times (wordpress doing auto-saves):
[1456937402] [0.26786] [xxxxxxx.com] [#1452135] [257] [2] [xx.xx.xx.xx] [403] [POST] [/wp-admin/admin-ajax.php] [SQL injection (comparison operator #2)] [POST:data = 96074 post 13 Is Populism Bad for the Economy? <img class=”alignnone” src=”https://thenypost.files.wordpress.com/2015/12/bern.jpg?quality=100&strip=all&w=664&h=441&crop=1″ …]

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘False positive: comparison operator in post content’ is closed to new replies.

2 replies
2 participants
Last reply from: MrBrian
Last activity: 10 years, 2 months ago
Status: resolved