[wp-hackers] What would strip $_POST before 'init' runs?

Mike Walsh mpwalsh8 at gmail.com
Sun Jun 3 15:39:10 UTC 2012

On Sun, Jun 3, 2012 at 1:48 PM, Gavin Pearce <Gavin.Pearce at 3seven9.com>wrote:

> > The FireBug net tab is helpful, thanks for pointing my in that
> direction.
> > The problem I am chasing seems to be a 403 Forbidden error which I
> can't figure out the source of.  This one has me  stumped.
> Is the 403 returned when WordPress receives the POST data? What data are
> you posting?
> Do the usual trick of disabling all plugins one-by-one, and switching to
> the default theme first.
> If it doesn't help - certain $_POST keys trigger different behaviours in
> WordPress. $_POST['name'] is one of them, though will usually give you a
> 404 rather than a 403. Try prefixing all POST data with the name of your
> plugin. $_POST['pluginname_name'], $_POST['pluginname_email'] etc. Any
> luck?
> Failing that, make sure you check your .htaccess file and virtual host
> to check you haven't got any strange configurations in there.
> Give a shout if none of the above helps.
> G

I created a simple 'init' hook at priority 0 which does nothing more than
dump the contents of $_SERVER, $_POST, and $_GET.  $_SERVER has a bunch of
REDIRECT_x (where x is one of number variable suffixes) of array elements
including REDIRECT_URL as shown below (with the IP address removed).

    [REDIRECT_STATUS] => 403
    [REDIRECT_URL] => /403.shtml
    [REMOTE_ADDR] => nn.nn.nnn.nnn
    [REMOTE_PORT] => 52560

What I find odd (well, there is a lot odd ...) is the REQUEST_METHOD is
shown as a GET when the form is set up as a POST.  I have admin access to
WordPress and FTP access to the installation but I can't look at how the
server is set up.  The .htaccess file looks fine BUT when I dump phpinfo(),
I can see that eAccellerator is installed.  Could it be the source of the
problem?  Is there any way to turn it off using ini_set() or .htaccess?  I
tried putting ini_set('eaccellerator.enable', 0); in wp-config.php but it
didn't make any difference.


Mike Walsh - mpwalsh8 at gmail.com

More information about the wp-hackers mailing list