A fix for the WordPress Sociable plugin Method Not Implemented error!

In my last post, I mentioned I was hitting an error in my WordPress installation where anytime I tried to save the Sociable settings, I got this error:

Method Not Implemented
POST to /wp-admin/options-general.php not supported.

I dug around a bit further, looking into the error logs on my Apache server and I found this…

[Thu Jun 04 09:48:15 2009] [error] [client ***.***.***.***] ModSecurity: Access denied with code 501 (phase 2). Pattern match "(?:\\b(?:(?:n(?:et(?:\\b\\W+?\\blocalgroup|\\.exe)|(?:map|c)\\.exe)|t(?:racer(?:oute|t)|elnet\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\.exe|echo\\b\\W*?\\by+)\\b|c(?:md(?:(?:32)?\\.exe\\b|\\b\\W*?\\/c)|d(?:\\b\\W*?[\\\\/]|\\W*?\\.\\.)|hmod.{0,40}? ..." at ARGS:site_order. [id "950006"] [msg "System Command Injection. Matched signature <|ping>"] [severity "CRITICAL"] [hostname "*********"] [uri "/wp-admin/options-general.php?page=Sociable"]

That’s a pretty big error, but the important things are:

  • ModSecurity – this is a security error, not a technical error. It spotted something it doesn’t like.
  • Pattern match – that is a big regex. I didn’t want to reverse engineer it (and luckily, I didn’t have to do that), but if it came to it, I would’ve figured what it was seeking.
  • System Command  Injection – the server thought it saw an injection attack and blocked it outright.

Basically, when the Sociable form is sent through post data, some part of the information sent is flagged as a potential injection, and the server rejects the data outright. I saved the sociable page to my computer and set up a .php file to dump post data, then I sent the form to that page. This was so I could see what the post data looked like. This is what I got, after unchecking all of the checkboxes and clearing all text fields:

    [_wpnonce] => c05fbc3c51
    [_wp_http_referer] => /wp-admin/options-general.php?page=Sociable
    [site_order] => BarraPunto|Bitacoras.com|BlinkList|BlogMemes Fr|BlogMemes Sp|blogmarks|Blogosphere News|blogtercimlap|Faves|co.mments|connotea|Current|del.icio.us|Design Float|Digg|Diigo|DotNetKicks|DZone|eKudos|email|Facebook|Fark|Fleck|FriendFeed|FSDaily|Global Grind|Google|Gwar|Haohao|HealthRanker|HelloTxt|Hemidemi|Identi.ca|IndianPad|Internetmedia|Kirtsy|laaik.it|LinkArena|LinkaGoGo|LinkedIn|Linkter|Live|Meneame|MisterWong|MisterWong.DE|Mixx|muti|MyShare|MySpace|MSNReporter|N4G|Netvibes|NewsVine|Netvouz|NuJIJ|Ping.fm|ppnow|PDF|Print|Propeller|Ratimarks|Rec6|Reddit|RSS|Scoopeo|Segnalo|Simpy|Slashdot|Socialogs|SphereIt|Sphinn|StumbleUpon|Symbaloo|Technorati|ThisNext|Tipd|TwitThis|Upnews|Webnews.de|Webride|Wikio|Wikio FR|Wikio IT|Wists|Wykop|Xerpi|YahooBuzz|Yahoo! Bookmarks|Yigg
    [tagline] =>
    [imagedir] =>
    [save] => Save Changes

Whoa! What is that site_order thing in there? That’s a pretty weird looking block of text. Weird enough that it might just be flagged as injection. I started hunting down where that comes from, and identified it in /wp-content/plugins/sociable/sociable.php and removed it. After removing that line, the error stopped showing up! I can no longer change the site order of the social sites, but that’s a small price to pay for being able to save my settings!

To fix this error:

  1. Open /wp-content/plugins/sociable/sociable.php
  2. Find the line that looks like this (it was line 855 for me)
    <input type="hidden" id="site_order" name="site_order"
    value="<?php echo join('|', array_keys($sociable_known_sites))
    ?>" />
  3. Delete it!
  4. Save the file.

That is it. You lose the ability to reorder the sites, but you get past the error. Some apache servers apparently see this post data as an injection attempt and block it, so we just remove this line and it no longer sees this injection attempt.

  1. #1 by Tom on March 3, 2010 - 6:25 pm

    I deleted that line and it worked like a charm!! Thanks.

  2. #2 by Jonny on August 12, 2009 - 6:10 am

    You appear to have the same theme as me and we share the same issue which I cannot yet resolve.
    The sociable icons appear to have blue shadows on them when you hover over them rather than the nice glossy look they should have.
    Any ideas would be greatly appreciated….

  3. #3 by visual77 on July 16, 2009 - 2:27 pm

    The issue is partly with Sociable and partly with the apache module mod_security – it’s a bit trigger happy for filtering content, and rather than just purging content, it throws a fit and dies ungracefully. After I figured out the cause of this problem, I contacted Joost de Valk to let him know about this, but I don’t know if he plans on doing anything about it. I dug around further afterwards and narrowed the exact problem to the Ping link being created. So, if you desperately want to be able to reorder your links, you can just selectively remove the Ping social media link – that ‘ping’ text in a post input is what is freaking mod_security out.

    Personally, I never use mod_security and just make sure all web sites are sufficiently protected, but if you are on a host where you don’t have control of things like that, you can just filter out what mod security is freaking out about and call it a day.

  4. #4 by cyclosity on July 16, 2009 - 12:52 pm

    Great Investigative work there, seriously.

    But it’s pretty annoying error with an arguably BIG sacrifice for fixing it, so when the F are they going to release a patch! Damn!

(will not be published)