[wp-hackers] What would strip $_POST before 'init' runs?
mpwalsh8 at gmail.com
Thu Jul 19 20:20:40 UTC 2012
On Thu, Jul 19, 2012 at 11:02 AM, Hal Burgiss <hal at burgiss.net> wrote:
> On Thu, Jul 19, 2012 at 7:41 AM, Dion Hulse (dd32) <wordpress at dd32.id.au
> > mod_Security itself is a major PITA most of the time, I'm not saying
> > it's useless, but that doesn't make it a pain when you come up against
> > it.
> I agree. I had it installed on our servers, and uninstalled it due to the
> number of false positives and the continual work arounds. In some
> environments, it might be great. The concept is great, but the
> implementation can be problematic.
Based on what I've seen, I agree! Unfortunately sometimes people have no
idea that their hosting provider is even doing this. Having never run into
it before, it took a while for me to sort it out.
I was considering trying to add some jQuery to "encode" the form parameters
so there isn't any chance of a URL being caught but so far I haven't come
up with anything that does anything meaningful. I have managed to flag
when a 403 is caught and added a message so at least it is a little cleaner.
Mike Walsh - mpwalsh8 at gmail.com
More information about the wp-hackers