chore: apply review suggestions

Author: theseion

Diff for: plugins/wordpress-rule-exclusions-before.conf

@@ -497,33 +497,32 @@ SecRule REQUEST_FILENAME "@unconditionalMatch" \
     ver:'wordpress-rule-exclusions-plugin/1.0.1'"
 
 
-# Operator @unconditionalMatch is used instead of a SecAction because of a bug
-# in ModSecurity v3 which prevents SecActions to be removed using ctl action.
-# _wp_original_http_referer and referredby are used by the "Classic-Editor" plugin.
+# `_wp_original_http_referer` and `referredby` are used by the "Classic-Editor" plugin.
 # While we usually don't support plugins, this plugin restores previously existing
 # core functionality.
-SecRule REQUEST_FILENAME "@unconditionalMatch" \
+SecRule &ARGS_NAMES:_wp_original_http_referer|&ARGS_NAMES:referredby "@gt 0" \
     "id:9507355,\
-    phase:1,\
+    phase:2,\
     pass,\
     t:none,\
     nolog,\
     ctl:ruleRemoveTargetById=920273;ARGS:_wp_original_http_referer,\
-    ctl:ruleRemoveTargetById=931130;ARGS:_wp_original_http_referer,\
     ctl:ruleRemoveTargetById=932235;ARGS:_wp_original_http_referer,\
     ctl:ruleRemoveTargetById=932236;ARGS:_wp_original_http_referer,\
     ctl:ruleRemoveTargetById=942120;ARGS:_wp_original_http_referer,\
     ctl:ruleRemoveTargetById=942430;ARGS:_wp_original_http_referer,\
     ctl:ruleRemoveTargetById=942431;ARGS:_wp_original_http_referer,\
     ctl:ruleRemoveTargetById=942432;ARGS:_wp_original_http_referer,\
     ctl:ruleRemoveTargetById=920273;ARGS:referredby,\
-    ctl:ruleRemoveTargetById=931130;ARGS:referredby,\
     ctl:ruleRemoveTargetById=932235;ARGS:referredby,\
     ctl:ruleRemoveTargetById=932236;ARGS:referredby,\
     ctl:ruleRemoveTargetById=942120;ARGS:referredby,\
     ctl:ruleRemoveTargetById=942430;ARGS:referredby,\
     ctl:ruleRemoveTargetById=942431;ARGS:referredby,\
     ctl:ruleRemoveTargetById=942432;ARGS:referredby,\
+    ctl:ruleRemoveTargetById=920273;ARGS_NAMES:_wp_original_http_referer,\
+    ctl:ruleRemoveTargetById=920273;ARGS_NAMES:referredby,\
+    ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
     ver:'wordpress-rule-exclusions-plugin/1.0.1'"
 
 

Diff for: tests/regression/wordpress-rule-exclusions-plugin/9507355.yaml

@@ -15,13 +15,16 @@ tests:
               Host: localhost
               User-Agent: OWASP CRS test agent
               Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Content-Type: application/x-www-form-urlencoded
             port: 80
-            method: GET
+            method: POST
             version: "HTTP/1.1"
             uri: /wp-admin/post.php
-            data: referredby=https://website.xyz/wp-admin/edit.php?s=user&post_status=all&post_type=post&action=-1&m=0&cat=0&post_format&paged=1&action2=-1
+            data: referredby=https%3A%2F%2Fwebsite.xyz%2Fwp-admin%2Fedit.php%3Fs%3Duser%26post_status%3Dall%26post_type%3Dpost%26action%3D-1%26m%3D0%26cat%3D0%26post_format%26paged%3D1%26action2%3D-1
           output:
-            no_log_contains: id "932235"
+            no_log_contains: |-
+              id "920273"|id "932235"|id "932236"|id "942120"|id "942430"|id "942431"|id "942432"
+
   - test_title: 9507355-2
     desc: Create new post with classic editor (`_wp_original_http_referer`)
     stages:
@@ -32,10 +35,12 @@ tests:
               Host: localhost
               User-Agent: OWASP CRS test agent
               Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Content-Type: application/x-www-form-urlencoded
             port: 80
-            method: GET
+            method: POST
             version: "HTTP/1.1"
             uri: /wp-admin/post.php
-            data: _wp_original_http_referer=https://website.xyz/wp-admin/edit.php?s=user&post_status=all&post_type=post&action=-1&m=0&cat=0&post_format&paged=1&action2=-1
+            data: _wp_original_http_referer=https%3A%2F%2Fwebsite.xyz%2Fwp-admin%2Fedit.php%3Fs%3Duser%26post_status%3Dall%26post_type%3Dpost%26action%3D-1%26m%3D0%26cat%3D0%26post_format%26paged%3D1%26action2%3D-1
           output:
-            no_log_contains: id "932235"
+            no_log_contains: |-
+              id "920273"|id "932235"|id "932236"|id "942120"|id "942430"|id "942431"|id "942432"