Shoot in foot
Running a website/server with mod_security turned on is all fine and dandy, but in the end it doesn’t seem to be much more than a few hardcoded pattern-checks, like fopen. (I realize that it’s really more than that, but that’s the part I tripped over.) And as it happens, I use fopen() in one of the static pages, to read a file (with statistics) that is updated regularly. Not a problem, as long as I don’t try to edit the page. Hrm.
Ok, so while I’m working on these pages (finally getting around to fixing some problems that I ran into after the upgrade to WP 2.0), that check is turned off, and when I hope I’m done, I’ll turn it back on.
Sheesh. 