WordPress.org

Forums

[resolved] [closed] Four Characters that break WordPress (5 posts)

  1. raamdev
    Member
    Posted 7 years ago #

    I tried creating a post with these four characters (without the space) and received a 404 error whenever I tried to preview or save:

    chr (

    I wrote a post about it here on my blog:
    http://blog.raamdev.com/2008/04/03/four-characters-that-break-wordpress/

    I've tried this on three different blogs, including a WP v2.3.3 installation. However, a friend of mine who is running WP v2.3.2 on a different server doesn't have this problem.

    Separating even one character with a SPAN tags fixes the problem, but alone I cannot save the post.

    Any ideas? Does anyone else have this problem?

  2. Ivovic
    Member
    Posted 7 years ago #

    I just tried that on my wp 2.3.3 and it doesn't break, at all.

    chr() is a php function, so I'm guessing you probably have a plugin (that you might use on all your other blogs too) which executes inline php in the posts.

    you could test that theory by trying say... strlen (

    Try disabling all plugins then seeing if the problem goes away.

    Either way, you might want to revise that post on your blog, because clearly you haven't done NEAR enough testing to confirm this as a wordpress problem. The problem is something you're doing (probably plugin-wise, but definitely you not everyone).

  3. raamdev
    Member
    Posted 7 years ago #

    It's not a plugin, as I've already tried turning them all off. I did some Googling and discovered that the Apache mod_security might be doing something because apparently the chr() function is commonly used in exploits.

  4. raamdev
    Member
    Posted 7 years ago #

    CONFIRMED: I tried disabling mod_security for my entire account by adding SecFilterEngine Off to a .htaccess file in my root web path. I was then able to post those four characters without any problem.

    After creating a post containing chr(), I removed the .htaccess file to enable mod_security and as expected the post still displayed fine.

    So, since this is only a problem when submitting a post, and since permanently disabling mod_security isn’t a great idea, I’ll just temporarily disable it in those rare situations when I need to create a post containing chr().

  5. Jeremy Clark
    Moderator
    Posted 7 years ago #

    [Topic closed: Personal attacks are not welcome on the forums]

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.