Not compatible with Firewall 7G
I tried to use this plugin on a website with the 7G firewall (https://perishablepress.com/7g-firewall/) but it doesn’t work. I spoke with the dev of the 7G firewall and they told me that Admin Column plugin use unsecured characters in URLs. Here is a link they gave me : https://perishablepress.com/stop-using-unsafe-characters-in-urls/
I don’t know how unsecured is it, but I wanted to share it with you.
Thanks.
Thanks for your feedback.
I did some deep digging with the 7G rules applied and this is what we found. Warning, this is quite a technical story ;)
In order to apply smart filtering to the table, we must post the form as a GET request with some parameters. Since Smart Filtering is much more complete than normal filtering where a single drop-down would suffice. Therefore we send a Json string to the URL that is URL encoded, which should be ok for firewalls.
But after some testing, I found that I only get a 403 for some Smart Filters. The difference that would give me a 403 error is when I want to filter a column that has options, so a Select Box in filtering. We send the input type serialized to the URL like “input”=”select”. The 7G ruleset triggers on the word ‘select’ in the URL starting with a quote (single or double). => 'select or "select
I understand that the word ‘select’ might be used for SQL injection, but to say that this phrase alone is ‘insecure’ is not 100% true in my opinion. I would say that the specific rule could be further improved and I would like to discuss this with the developer from the 7G firewall :)
You should be able to use Smart Filtering right now, but you will get a 403 error when you use it for a select field.
You must be logged in to reply to this topic.