Support

Account

Home Forums Add-ons Options Page Options page save redirecting to 404 Reply To: Options page save redirecting to 404

  • I don’t know how to bring this to attention of the ACF developers, but possibly the way they pass the arguments for the Options page could be changed to a more secure method?

    It’s interesting to note that the description of the RuleID is:

    Atomicorp.com UNSUPPORTED DELAYED Rules: Remote File Injection attempt in ARGS (admin.php)

    So, clearly ModSecurity is viewing the way that the Options Page saves URL values as an injection attempt. So, I don’t really want to disable these rules if it is making us vulnerable to a file injection of some sort

    It would be better if ACF could change the way the values are saved. If we use a regular page to save some URL fields, then we don’t run into this problem – only if we use the Options Page. So, clearly it’s possible to save URL values in ACF fields without triggering this injection attempt rule (as is evidenced by a standard page with custom ACF fields being able to save URL values without issue).