[wp-hackers] What would strip $_POST before 'init' runs?

Mike Walsh mpwalsh8 at gmail.com
Thu Jul 19 20:20:40 UTC 2012


On Thu, Jul 19, 2012 at 11:02 AM, Hal Burgiss <hal at burgiss.net> wrote:

> On Thu, Jul 19, 2012 at 7:41 AM, Dion Hulse (dd32) <wordpress at dd32.id.au
> >wrote:
>
> > mod_Security itself is a major PITA most of the time, I'm not saying
> > it's useless, but that doesn't make it a pain when you come up against
> > it.
> >
>
> I agree. I had it installed on our servers, and uninstalled it due to the
> number of false positives and the continual work arounds.  In some
> environments, it might be great. The concept is great, but the
> implementation can be  problematic.
>
>
Based on what I've seen, I agree!  Unfortunately sometimes people have no
idea that their hosting provider is even doing this.  Having never run into
it before, it took a while for me to sort it out.

I was considering trying to add some jQuery to "encode" the form parameters
so there isn't any chance of a URL being caught but so far I haven't come
up with anything that does anything meaningful.  I have managed to flag
when a 403 is caught and added a message so at least it is a little cleaner.

-- 
Mike Walsh - mpwalsh8 at gmail.com


More information about the wp-hackers mailing list