Home Forums General Issues Weird bug with relationship field and double quotation mark


Weird bug with relationship field and double quotation mark

  • Hi all,

    I’ve defined a custom form which I’m using on the backend of my wordpress site in a plugin options page via acf_form()

    The form has a couple of relationship fields filtered to show products with 2 different category taxonomies, these relationship fields have search fields for users to quickly filter the products to find what they are looking for.

    All works fine, except that when type a double quote mark into the search field, the response is a 403 error. Every other character seems fine. The weird thing is that this only occurs on my webserver, not on my local development site.

    So my initial thought is that this is some kind of security thing on the server, maybe SQL injection protection going on?

    Here’s a screenshot of the request from Firefox dev console:

    Example request

    Any ideas?

  • Just answering my own question here… it was hitting a ModSec rule on the server that is in place to protect from a XSS vulnerability in a plugin called Modern Events Calendar Lite plugin 4.2.1 for WordPress – which I don’t use so server guys have disabled rule and it works now!

    Hope this helps someone else sometime!

  • @abhiriscott – sorry, don’t know the answer to that, I guess an insecure form in that particular plugin I mentioned but I can’t be specific.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.