Quote Originally Posted by Techiant View Post
Oh gosh! After smashing my head against this for several hours, I decided to just extensively test ajax.php and log every step. It turns out the issue was that I was setting my method as my_method which in ajax.php was failing at line 51:
PHP Code:
if (!isset($_GET['act'], $_GET['method']) || !preg_match('/^[a-zA-Z0-9]+$/'$_GET['act']) || !preg_match('/^[a-zA-Z0-9]+$/'$_GET['method'])) 
I feel super dumb for not paying attention to that regex for $_GET['method'] but relieved that finally made the connection :)
Didn't spend quite the same amount of time; however, have found this narrowly applied section of code causes unnecessary issues with other ajax plugins/code. Haven't a clue why an underscore wasn't factored into an allowed character affecting the filename, the class name, and any associated class method. Sure, PSR-1 might be a reason to address/remove it for the class name, but for existing code that wasn't subject to the unrelated issues of arrays and such, it unnecessarily breaks things.

I'm working on reporting the issue in github since it was already somewhat identified as an issue against the original PR but no closure/further reference provided. I'm also trying to find a post asking about use of an associated plugin so I could report to them that no, as written the plugin code has to be modified because of the oversanitization applied in ZC 2.1.0.

Fun part moving forward will be how to support updates to the plugin because now some files have to be modified, renamed *and* "deleted" while some only need modification just to handle this new unnecessary requirement.