Here is a strange one for you. Open up WordPress, and make a new post. Into this post put the words:
Then the word:
Watch WordPress puke all over itself.
This is a very strange bug. Both words must appear in that order with no other letters between them, but you can have line-breaks between them and it still happens. What on earth is going on here?
The problem surfaced when I tried to edit this old post. I saw a typo I wanted to correct, so I edited the post and hit save, which led to the Bizzare error:
The precondition on the request for the URL /twentysidedtale/wp-admin/post.php evaluated to false.
Halfway down the page I quote Lileks, and that quote contains the deadly words. It took me a long, long time to figure out what the problem was. Obviously I wrote that post in an earlier version of WordPress that doesn’t have this bug, and now that I’ve upgraded I can’t edit the post without removing those words. I spent a long time removing secitions of the post until I had isolated the offending words.
One guess is that the phrase “de1ete from” is getting misunderstood or misused as part of a command to mySQL. Still, that really shouldn’t happen.
FURTHER NOTE: I’m using WP 2.0.2 and I have the fancy-pants editor turned off.
The Best of 2018
I called 2018 "The Year of Good News". Here is a list of the games I thought were interesting or worth talking about that year.
A Lack of Vision and Leadership
People fault EA for being greedy, but their real sin is just how terrible they are at it.
The story of me. If you're looking for a picture of what it was like growing up in the seventies, then this is for you.
I Was Wrong About Borderlands 3
I really thought one thing, but then something else. There's a bunch more to it, but you'll have to read the article.
Shamus Plays LOTRO
As someone who loves Tolkein lore and despises silly MMO quests, this game left me deeply conflicted.
9 thoughts on “WordPress Bug?”
*blink* It does, in fact, sound as though it’s passing that as a command to MySQL instead of properly encoding it as just more blob data, doesn’t it?
I’ll pass on the testing of this myself, but, wow.
You might try some other simple mysql commands. “Select from” would be a (risk-free) one to test.
“Precondition failed” sounds like an Apache error, not a PHP error. My guess is that there’s some filtering in .htaccess to prevent SQL injection, and it’s triggering on those keywords.
Let’s see: select * from
Okay, maybe not.
Yeah, select seems fine. But you can’t use the magic words in a comment.
mod_security is cautiously blocking any vaguely suspicious data, that’s all. Apparently, putting “SecFilterEngine off” into .htaccess disables it.
Ð˜Ñ‰Ñƒ Ñ€Ð°Ð±Ð¾Ñ‚Ñƒ Ð² ÐœÐ¾ÑÐºÐ²Ðµ Ð¸Ð»Ð¸ Ð² ÐœÐž, Ð¼ÐµÐ½Ñ Ð¸Ð½Ñ‚ÐµÑ€ÐµÑÑƒÑŽÑ‚ Ð´Ð¾Ð»Ð¶Ð½Ð¾ÑÑ‚Ð¸: ÐºÑƒÑ€ÑŒÐµÑ€ 19 Ð»ÐµÑ‚. Ð·/Ð¿ Ð¾Ñ‚ 17 000 Ñ€. Ñ‚ÐµÐ». 89160741974 Ð’Ð°ÑÐ¸Ð»Ð¸Ð¹
Thanks for joining the discussion. Be nice, don't post angry, and enjoy yourself. This is supposed to be fun. Your email address will not be published. Required fields are marked*
You can enclose spoilers in <strike> tags like so:
<strike>Darth Vader is Luke's father!</strike>
You can make things italics like this:
Can you imagine having Darth Vader as your <i>father</i>?
You can make things bold like this:
I'm <b>very</b> glad Darth Vader isn't my father.
You can make links like this:
I'm reading about <a href="http://en.wikipedia.org/wiki/Darth_Vader">Darth Vader</a> on Wikipedia!
You can quote someone like this:
Darth Vader said <blockquote>Luke, I am your father.</blockquote>