[Plugin: Shortcode Exec PHP] I'm getting a Not Found, 404 Error!!!

P.S. I updated five other plugins around the same time and did not experience these issues with any of the other updates. The issues were specific to this plugin.

I’ve solved the problem! It was due to changes in my .htaccess files. In the course of updating half a dozen plugins, I had updated to BulletProof Security Version .46.5, which changed .htaccess in ways that caused the Not Found, 404 Error reported above. I had a feeling that Shortcode Exec PHP would be vindicated! ??

I was just going to look into this.
Thanks for reporting back!

Marcel,

Thanks for a great plugin! I had a feeling this problem wasn’t because of anything your plugin did. I’m glad I can keep on using your plugin, which has become essential for my work. Being able to create custom PHP and JavaScript shortcodes lets me overcome a lot of WordPress limitations!

Thanks again,

Fred

Ok thanks for pointing out that there is some sort of conflict going on. I will put this plugin in testing and see exactly what threat BPS is seeing and why BPS is blocking it. Thanks.

Thank you, Ed! It’s much appreciated. -Fred

@aitpro: let me know if something should be changed to the plugin.

Yep it was just that silly thing. As an afterthought i added the “exec” php function to the explicit filter. I probably did that because every single hacker script i play around with uses the php exec function. it was not a good idea. A prepared statement in MySQL uses EXECUTE so there is really no good reason to block “exec” explicitly. If you want you can either remove “exec” entirely or just for the heck of it add it to the SQL Injection filter (it won’t do anything really there). Anyway protecting a site against “exec” should be done in your php.ini file and not in an .htaccess file anyway so it can be dumped altogether. You will need to remove it from both your Root .htaccess file and your /wp-admin .htaccess file. I will get rid of this altogether in bps .46.6. Thanks.

FYI – in your custom php.ini file you should add exec to your disable_functions directive
…and these php functions as well
disable_functions = system, exec, passthru, shell_exec, show_source, popen, pclose, pcntl_exec

I see these php functions in every single hacker script i play with. ??

Marcel and Ed, on this Thanksgiving Day here in the USA, I am truly thankful for wonderful plugin developers like you. You were both kind enough to respond to my bug report within a matter of hours. That kind of incredible service to the WordPress community makes my job as a web consultant a whole lot easier!

Thanks again,

Fred

I can confirm that I am running the latest BPS and the same exact thing has happened to me as well.

Also, I agree – both the devs are awesome! Thank you both ??

“You will need to remove the word “exec” from both your Root .htaccess file and your /wp-admin .htaccess file.”

And you might as well get rid of “execute” too.

Samara, I used Ed’s fix for BPS, and it cleared the problem right up. Hopefully, it will work just as well for you! -Fred