[4.5.5]: Redactor not allowing parenthesis

[Liv-Tarot]

What happened?

Description

This issue does not happen ALL the time, but it has happened multiple times across 2 of my craft sites and I was finally able to record the issue (recording included below). I am using a redactor in my template on two separate sites, and there are times where content editors try to add text that includes parentheses (ex: "Developing a desktop geographic information system tool (GIS) to help...") but they are unable to save the text unless the parentheses are removed. They are given an error "Your changes could not be stored" until the parentheses are removed. The fact that this only happens some of the time tells me that it isn't a settings issue with the redactor, since any settings should be applied 100% of the time.

Steps to reproduce

https://watch.screencastify.com/v/S2CmPCPzMgi8kIkXBJq8

Expected behavior

Text should include parentheses without error

Actual behavior

"Your changes could not be stored" error when parentheses are included in text.

Craft CMS version

Craft Pro 4.5.5

PHP version

8.1.18

Operating system and version

Linux 4.14.311-233.529.amzn2.x86_64

Database type and version

MySQL 5.7.12

Image driver and version

Imagick 3.7.0 (ImageMagick 6.9.10-97)

Installed plugins and versions

• Redactor: 3.0.4
• Redactor FA List: 2.0.1

[Liv-Tarot]

UPDATE:
This issue happens under the following settings:

• redactor fields (with or without HTML purify)
• multi line and single line plaintext fields (with or without HTML purify)
• matrix fields with:
  • Single line plaintext (no purify)
  • Redactor fields (no purify)

Redactor plugin version: 3.0.4
redactor config settings JSON:

{
  "buttons": [
    "html",
    "formatting",
    "bold",
    "italic",
    "unorderedlist",
    "orderedlist",
    "link",
    "image",
    "video",
    "clips"
  ],
  "plugins": [
    "table",
    "video",
    "clips",
    "arrowlink",
    "twocolumn"
  ],
  "linkNewTab": true,
  "toolbarFixed": true,
  "formattingAdd": {
    "lead-p": {
      "title": "Lead paragraph",
      "api": "module.block.format",
      "args": {
        "tag": "p",
        "class": "lead"
      }
    }
  },
  "formatting": [
    "p",
    "lead-p",
    "h2",
    "h3",
    "h4",
    "h5"
  ],
  "clips": [
    ["Primary Button", "<a href=\"#\" class=\"button button--primary\">Button Link</a>"]
  ]
}

Results of trying to save after this error appears:
CONSOLE ERROR: POST - 403 Forbidden

{
    "message": "Request failed with status code 403",
    "name": "AxiosError",
    "config": {
        "transitional": {
            "silentJSONParsing": true,
            "forcedJSONParsing": true,
            "clarifyTimeoutError": false
        },
        "transformRequest": [
            null
        ],
        "transformResponse": [
            null
        ],
        "timeout": 0,
        "xsrfCookieName": "XSRF-TOKEN",
        "xsrfHeaderName": "X-XSRF-TOKEN",
        "maxContentLength": -1,
        "maxBodyLength": -1,
        "env": {
            "FormData": null
        },
        "headers": {
            "Accept": "application/json, text/plain, */*",
            "Content-Type": "application/x-www-form-urlencoded",
            "X-Requested-With": "XMLHttpRequest",
            "X-Registered-Asset-Bundles": "f3074136,22e517a2,aee7f8dc,e505ffd6,6b4d7555,e5e48399,bb2f10a0,815d39ea,fc0bc163,1ccab40d,1e21896b,54698ee0,b842675b,1c3c9add,4b1fd285,d8d08e47,8f00ce04,8768f48b,cf3018d6,e1c4acb7,360f86e3,13344846,e7a608a5,e55787b7,b143120,71a89c5e,e7c1329,76719e06,7ca18ed1,92d8701,15a36a51",
            "X-Registered-Js-Files": "",
            "X-CSRF-Token": "cmTsLT_I1of83hNYTTPxe1k5jN8p-uM07xMQBueukdOqKSOgKlDRgPhYZvtQw5sLah6ab-HcemqA87xjGZED5VOMTUGVx_FWOpoixMzFeWDkCGLzn27Avel_6-acrqje83bKdJx6cmm15_hw_OzsUghkt4vTLZWG1sV3zTbzP-6510mpx5TMSLZSnvGj6qQtJ4D3UbNKMI4VZqm_tLazXGAuA6QKLQu0h2GYjHmDWEhP18T668NGbJdyPOb4hG8Cw2GlrzwPeqxX1ulMW7eViwZ482HdZb0rdvCkwmIDokSmqaFLVYZpBsevW_Tb2E6K0a6Wy--WRf9Br0oXWoffrBLEtY07Oy7axOtOpdOnsUX1brtdgfS7AvGOpKYjjjvxvpSyyBpf_MZgiw=="
        },
        "cancelToken": {
            "promise": {},
            "_listeners": []
        },
        "data": "CRAFT_CSRF_TOKEN=cmTsLT_I1of83hNYTTPxe1k5jN8p-uM07xMQBueukdOqKSOgKlDRgPhYZvtQw5sLah6ab-HcemqA87xjGZED5VOMTUGVx_FWOpoixMzFeWDkCGLzn27Avel_6-acrqje83bKdJx6cmm15_hw_OzsUghkt4vTLZWG1sV3zTbzP-6510mpx5TMSLZSnvGj6qQtJ4D3UbNKMI4VZqm_tLazXGAuA6QKLQu0h2GYjHmDWEhP18T668NGbJdyPOb4hG8Cw2GlrzwPeqxX1ulMW7eViwZ482HdZb0rdvCkwmIDokSmqaFLVYZpBsevW_Tb2E6K0a6Wy--WRf9Br0oXWoffrBLEtY07Oy7axOtOpdOnsUX1brtdgfS7AvGOpKYjjjvxvpSyyBpf_MZgiw%3D%3D&elementId=273442&siteId=1&fresh=1&title=&action=elements%2Fapply-draft&redirect=4997d543739b63f6659c8bf787afeeb0e1bc5c5bfcaacc0c9aa3544ab76582bchttps%3A%2F%2Fwww.chesapeakebay.net%2Fcms%2Fentries%23&typeId=2&slug=&parentId=&authorId=&authorId=118&enabled=1&fields%5Bblurb%5D=%3Cp%3EView%20documents%20from%20past%20Strategy%20Review%20System%20(SRS)%20cycles%20below.%3C%2Fp%3E&modifiedDeltaNames[]=fields[blurb]&draftId=6075&draftName=First%20draft&visibleLayoutElements%5Be327299f-f053-40a5-bd8e-ae6810a1b3cc%5D%5B%5D=49418f48-af88-4ead-b912-29efe14c91c4&visibleLayoutElements%5Be327299f-f053-40a5-bd8e-ae6810a1b3cc%5D%5B%5D=efc3c40b-d9f1-4567-a97c-d290f9ca7cd2&visibleLayoutElements%5Be327299f-f053-40a5-bd8e-ae6810a1b3cc%5D%5B%5D=d8eef692-ff92-49f2-ab04-1f31a07e10f4&visibleLayoutElements%5Be327299f-f053-40a5-bd8e-ae6810a1b3cc%5D%5B%5D=21c9fd06-9477-4bdd-baa8-6b3cd1e8ee8f&visibleLayoutElements%5Be327299f-f053-40a5-bd8e-ae6810a1b3cc%5D%5B%5D=b0faaad0-d2f4-41e5-bed1-9ccd700862ef&visibleLayoutElements%5Be6fb2dff-ef99-4560-b310-1f93138f7360%5D%5B%5D=2d6ad3d8-5b30-4a2f-b9be-8e8ca6a6627f&visibleLayoutElements%5Be6fb2dff-ef99-4560-b310-1f93138f7360%5D%5B%5D=b6bd7012-89cf-4308-aa86-c91a6fc25b37&visibleLayoutElements%5Be6fb2dff-ef99-4560-b310-1f93138f7360%5D%5B%5D=bbfc4eb1-8456-4185-abf8-37fb18234e73&visibleLayoutElements%5Be6fb2dff-ef99-4560-b310-1f93138f7360%5D%5B%5D=d24e5e49-0514-43a9-93f9-77fff0354a1a&visibleLayoutElements%5Be6fb2dff-ef99-4560-b310-1f93138f7360%5D%5B%5D=9f196c56-afd4-44f4-83e7-8b6622aac412&visibleLayoutElements%5Be6fb2dff-ef99-4560-b310-1f93138f7360%5D%5B%5D=b7a2c4f6-7740-4f7d-a548-b49b5b8e39ba&visibleLayoutElements%5B10eb3275-23dc-4096-8126-b77dbc6abe3a%5D%5B%5D=cd27a635-3f13-402b-96dc-99235ac839fc&visibleLayoutElements%5B10eb3275-23dc-4096-8126-b77dbc6abe3a%5D%5B%5D=a0fe1a16-0bc4-4153-986e-bf54163a0645&visibleLayoutElements%5B10eb3275-23dc-4096-8126-b77dbc6abe3a%5D%5B%5D=8012368e-73da-4940-9669-f3c3c260c15c&visibleLayoutElements%5B10eb3275-23dc-4096-8126-b77dbc6abe3a%5D%5B%5D=2d521601-976d-4f40-bdec-3b9dee8df48b&visibleLayoutElements%5B10eb3275-23dc-4096-8126-b77dbc6abe3a%5D%5B%5D=bd563028-2213-46be-83c9-32eded19ab7f&selectedTab=tab01--content&action=elements/save-draft",
        "method": "post",
        "url": "https://www.chesapeakebay.net/index.php?p=cms%2Factions%2Felements%2Fsave-draft",
        "params": {
            "v": 1701102462416
        }
    },
    "code": "ERR_BAD_REQUEST",
    "status": 403
}

NETWORK:
In the network response, the parenthesis are not encoded

[Liv-Tarot]

Update: The parenthesis only seem to be a problem when they are copy/pasted in from another source. Sometimes this bug does not happen immediately upon pasting into the entry. Sometimes it also happens when editors return to an entry that originally had saved pasted parenthesis and they try to make a change. No matter what the change is (manual write or copy/paste, parenthesis involved or not), the error is thrown and all of the parenthesis in the text need to be removed in order for the entry to save again.

[danbrellis]

Updating for anyone following- this issue has been resolved.

It turns out it was an issue with WAF rules on the hosting side. The text that was being blocked was "...System (...)" the word 'system' followed by an open and closed parenthesis. This triggered the PHPHighRiskMethodsVariables_BODY rule we had from AWS because it matched the system() PHP function pattern. We disabled that rule and the entries save fine.

This issue can be closed.