I'm working on my wordpress site hosted by a domain (not working in my local environment)
I got the error : "Fatal error: [snuffleupagus][disabled_function] Aborted execution on call of the function 'curl_setopt', because its argument '$option' content (81) matched the rule 'Please don't turn CURLOPT_SSL_VERIFYHOST off.'" in the function based on the cURL.php file.
I downloaded the Cacert.pem file but I don't know where should I put it or should I change something in my cURL.php
Looks like a setting in your hosting, you could try adding this to your themes functions.php
add_filter( 'https_local_ssl_verify', '__return_true' );
https://core.trac.wordpress.org/ticket/50748
It error is caused by a snuffleupagus rule(81) which doesn't allow you to disable the test.
Disabling the rule is a security concern and you show rather update the php code.
You can disable the rule on a cpanel server in /usr/share/cagefs/.cpanel.multiphp/opt/cpanel/ea-php74/root/etc/php.d/20-snuffleupagus.rules.d/default.rules
# Ensure that certificates are properly verified
sp.disable_function.function("curl_setopt").param("value").value("1").allow();
sp.disable_function.function("curl_setopt").param("value").value("2").allow();
# `81` is SSL_VERIFYHOST and `64` SSL_VERIFYPEER
#sp.disable_function.function("curl_setopt").param("option").value("64").drop().alias("Please don't turn CURLOPT_SSL_VERIFYCLIENT off.");
#sp.disable_function.function("curl_setopt").param("option").value("81").drop().alias("Please don't turn CURLOPT_SSL_VERIFYHOST off.");
Related
I have a wordpress site that was running fine with version 5.7.2. Everything was working as expected (as far as I know). Today I upgraded to 5.8 (using the onclick upgrade within wordpress itself). Since then the post.php simply does nothing, it just closes the connection whenever you go to it (this is also the same for post-new.php, uploads.php, user-edit.php user-new.php but not users.php ). I cant find any errors in the apache logs (and I have the error recording turned on in the php.ini, and there is no output in the wordpress debug.log despite having the following settings:
define( 'WP_DEBUG', true );
define( 'WP_DEBUG_LOG', true );
define( 'WP_DEBUG_DISPLAY', true );
in the wp-config.php.
The site itself appears to work as expected, all of the pages and plugins work. I have used the Health Check & Troubleshooting plugin to run the site with all the plugins and themes disabled and this does not address the issue. The issue is not tied to a single client as I can login on different devices and I get the same error.
The error is not just on post.php, but can also be seen by visiting certain admin pages, for example the yoast plugin, whenever try to use the admin pages you get the same error.
After a bit more digging I found the following error in the apache error logs (not the one specific to my vhost)
double free or corruption (out)
free(): invalid next size (fast)
free(): invalid next size (fast)
[Sun Sep 05 22:38:50.226213 2021] [core:notice] [pid 53059] AH00052: child pid 53063 exit signal Aborted (6)
This error would appear any time you load one of the effected pages.
On doing more research I found from here https://github.com/oerdnj/deb.sury.org/issues/622 that having both the php modules for graphicsmagick and imagemagick would cause this memory error. I removed graphicsmagick and everyhing works again.
I want to include a WooCommerce file while running a plugin. Here is the code I am using,
include_once(include( content_url() .'/plugins/woocommerce/includes/wc-core-functions.php'));
This gives me below error,
include(): http:// wrapper is disabled in the server configuration by allow_url_include=0 in /nas/content/staging/squatwolf/wp-content/plugins/wpfront-notification-bar/classes/class-wpfront-notification-bar.php on line 58
I understand its being caused because the content_url function is giving complete url instead of relative url. I also tried,
plugin_dir_url(__FILE__)
but it gives the url of the plugin I am in, not the wordpress plugin directory url.
you want like this : /home/user/var/www/wordpress/wp-content/plugins/?
try $dir = plugin_dir_path( __DIR__ );
I am trying to edit a website I made in Wordpress, but when I go to the example.com/wp-admin/ to get to the Admin,
I get the errors, and so there is no way to go into Wordpress to edit the site.
I even changed the WP Theme back to the default TwentyTen through PHPMyAdmin, but that didn't help.
What can I do? Here is what I get when I try to go to wp-admin page:
Notice: register_uninstall_hook was called incorrectly. Only a static
class method or function can be used in an uninstall hook. Please see
Debugging in WordPress for more information. (This message was added
in version 3.1.) in
/home/content/80/13163980/html/ybk/wp-includes/functions.php on line
3547
Notice: Undefined index: page in
/home/content/80/13163980/html/ybk/wp-content/themes/rt_infuse_wp/functions.php
on line 45
Notice: Undefined index: page in
/home/content/80/13163980/html/ybk/wp-content/themes/rt_infuse_wp/functions.php
on line 55
Warning: Cannot modify header information - headers already sent by
(output started at
/home/content/80/13163980/html/ybk/wp-includes/functions.php:3547) in
/home/content/80/13163980/html/ybk/wp-includes/pluggable.php on line
1178
I just set WP_DEBUG mode to false and that skipped it all and got me to the WP-Admin login page.
Just find the pluggable.php and after <?php please add this ob_start(); and save. That should work.
Warning: Cannot modify header information - headers already sent by
Removing "blank lines" from function.php file and check it now issue is as it is than after check plugin folder >> disable plugin and check
Refresh your Browser, and the original error message Should go away.
I've got an Apache 2.4.7 box with a WordPress 4.1 installation and a plugin added which allows users to add images to comments on pages/posts (https://wordpress.org/plugins/comment-images/). The image upload feature isn't working when Require statements are added to restrict access to the site (it's a development environment so limited access is required).
The image upload actually works with or without Require directives but when the directives are added, the reference to the uploaded image doesn't get saved to WordPress properly.
The error from the log is:
PHP Warning: preg_match_all() expects parameter 2 to be string, object given in /var/www/html/wp-content/plugins/comment-images/class-comment-image.php on line 480
I dumped the object being passed into a file (serialized):
O:8:"WP_Error":2:{s:16:"^#WP_Error^#errors";a:1:{s:8:"http_404";a:1:{i:0;s:12:"Unauthorized";}}s:20:"^#WP_Error^#error_data";a:0:{}}
I outputted the print_debug_backtrace() as well to show the calls. I've had to delete the comment data from the arrays for privacy reasons:
#0 Comment_Image->save_comment_image(63)
#1 call_user_func_array(Array ([0] => Comment_Image Object ([] => 5000000,[] => ,[] => ),[1] => save_comment_image), Array ([0] => 63)) called at [/var/www/html/wp-includes/plugin.php:496]
#2 do_action(wp_insert_comment, 63, stdClass Object ()) called at [/var/www/html/wp-includes/comment.php:1941]
#3 wp_insert_comment(Array ()) called at [/var/www/html/wp-includes/comment.php:2083]
#4 wp_new_comment(Array ()) called at [/var/www/html/wp-comments-post.php:137]
The directives for the <Directory> with the WP install in are (with IPs obfuscated):
AllowOverride All
<RequireAny>
AuthType Basic
AuthName "Restricted Access"
AuthBasicProvider file
AuthUserFile /var/www/.htpasswd
Require valid-user
Require user dev www-data
Require ip xx.xx.xx.xx/xx
Require ip xx.xx.xx.xx
Require local
</RequireAny>
If I add Require all granted (or just remove the Require directives), then the feature works as expected and uploaded images show up. Note Require local is there which as I understand it should cover everything for the local box.
Things I've checked:
Revised the configs in light of Apache 2.4 changes to auth modules and ordering importance etc.
WordPress install folder is recursively chown'ed correctly
Permissions on upload folder are 777'd, but shouldn't matter as the upload always succeeds
Where does this issue lie??
Looks like the plugin does not handle well the fact that your server is unable to download an image on itself.
The warning (class-comment-image.php on line 480) corresponds to this snippet:
$img_url = media_sideload_image( $comment_image_file['url'], $post_id );
preg_match_all( "#[^<img src='](.*)[^'alt='' />]#", $img_url, $matches );
$comment_image_file['url'] = $matches[0][0];
The WP media_sideload_image function uses curl to get the image, and because of your restrictions it does not succeed, and then returns an error object that the preg_match_all function cannot handle.
The data is saved later in the metas; it explains why the reference is not saved even if the upload worked.
Require local probably does not work on your dev server, you may try to replace it with its local address.
I tried adding Require ip <local-ip-of-box> as per johansatge's suggestion. Whilst this didn't doesn't work, it made me think..
The box is in Azure which assigns a floating public IP. Annoyingly, the cURL request was bouncing out and using that public IP - because the domain used for the box wasn't added to the hosts file.
The solution was to add <domain-of-website-on-box> to the loopback (127.0.0.1) entry in /etc/hosts.
my wordpress error log is filling up with this message:
PHP Warning: ini_set() has been disabled for security reasons in
/home/mywebsite/public_html/wp-includes/load.php on line 271
that line reads: ini_set( 'display_errors', 0 );
any suggestions on how to eliminate error warnings?
You are seeing that error because the XMLRPC_REQUEST constant is set to true, which causes WordPress to try and disable error reporting with the following:
if ( defined( 'XMLRPC_REQUEST' ) )
ini_set( 'display_errors', 0 );
Editing core Wordpress files is not recommended. They will be overwritten when you update or autoupdate. The correct way to correct for this is to edit the php.ini file on the server and remove ini_set from the disable_functions directive.
You could also set display_errors to Off, or alternatively change the error_reporting directive as well to prevent warnings from being shown.
error_reporting = E_ERROR
You could also try using the error_reporting() PHP function in wp-config.php to try and disable warnings as well.
// Turn off all error reporting
error_reporting(0);
// Only show errors
error_reporting(E_ERROR);
One other suggestion I have never tried to is to override the php.ini values via .htaccess which may or may not work on your host - see this guide.