And to update: the fix described here does in fact work (just substitute the file name for ‘post.php’ obviously.)
Still seems like a bug, but this is a good enough work-around (I hope). Anyone know what the .htaccess code actually does? 🙂
that does exactly what it says — it disables mod_security when that specifically named file is accessed.
And judging by what you are attempting to post, I’m going to hazard a guess that’s the problem. Especially, if using that didnt produce an Apache 500 error – which would be the normal response to that being used if your server was not using mod_security.
You might want to disable it completely for your admin area, and see if that helps. Note that you can re-enable it after you have posted if you like, or leave it, it doesnt matter.
IF YOU DO NOT HAVE an .htaccess in your wp-admin/ directory:
create a text file on your desktop:
put the following inside it:
<IfModule mod_security.c>
SecFilterInheritance Off
</IfModule>
save the file. name it whatever you want
Upload the file to your wp-admin directory.
Rename the uploaded file to .htaccess (with the .)
IF YOU DO HAVE an .htaccess in your wp-admin/ directory:
Edit it, and add the following:
<IfModule mod_security.c>
SecFilterInheritance Off
</IfModule>
save the new .htaccess
——-
PS: it’s not a bug, btw 🙂
Thanks for the explanation, whooami. It’s working with mod_security off on post.php, so I’ll keep it turned on for the rest of it, at least for now.
I know that what I was posting would a challenge for any script attempting to parse it – I know it’d cause me a few nightmares, but come now, isn’t this what the code tags are meant for?
I thought they were meant to escape anything within the pasted code/output.
I still maintain that it’s an inevitability which WordPress doesn’t cope with, and gives a very ungraceful error – it is a bug. I won’t be the last person to try and paste in Cisco router output and when met with the same error (which doesn’t describe anything useful) I doubt I’ll be the last person to find it frustrating.
Youre confusing apples with oranges..
mod_security and wordpress have nothing to do with one another .. the code tags works exactly as they should, and what they do has no impact on mod_security.
It isnt a bug — because its not a wordpress issue as no amount of escaping (within reason) is going to circumvent what mod_security reacts to within a given http_post
For instance, if mod_security doesnt allow for an http_post that contains the word “.htaccess” how might that be escaped in order to circumenvent m_s? (and that is a very real possibility on a good deal of default mod_security setups) And how would WP know to escape that word, if it even could?
If you find mod_security to be more trouble than its worth disable site-wide and be done with it.
Lastly, while there __have been__ a good deal of other issues …
http://wordpress.org/support/topic/130745?replies=2
…that probably do need addressing as far as how wp triggers mod_security, WHY should wp developers concern themselves with learning the ins and outs of something such as m_s just so the word “.htaccess” can be posted? What about the next word, and the next, and the next.
I use approximately 3-400 lines of mod_security specific code on my own site — how many words/strings am I catching?
Ok, I see what you’re getting at now – I apologise.
Thanks for the explanation 🙂
