429 Too Many Requests

rimey57
(@rimey57)

8 years, 3 months ago

I installed Contact Form 7 in my WordPress. However when I add or edit my Form, “Security Error” popup, and nothing got save. Upon scanning WordPress’s plugins folder, this warning come from Better YOURLS. Once I disable Better YOURLS, everything works fine again.

Viewing 4 replies - 1 through 4 (of 4 total)

moongear
(@moongear)

8 years, 2 months ago
I, too, am getting the “Security Error” message when creating a new post with certain custom post types. Disabling Better YOURLS resolves the issue.

So far:
- Advanced Ads
- Chimpy
Some advice on debugging this would be greatly appreciated.
ShabuShabu
(@shabushabu)

8 years, 2 months ago

We are also getting this security error when trying to save an ad with Advanced Ads. After disabling Better YOURLS it works though.
moongear
(@moongear)

8 years, 2 months ago
I ran this down.

The problem is Better YOURLS does not know when it is unable to paint the META box on a particular admin post type page. When it is unable, the INPUT field does not exist. When the script does wp_verify_nonce the var better_yourls_nonce $_POST var is bad (because it does not exist).

On that condition, it throws an error. You will find this on about line #129 of class-better-yourls-actions.php. I resolved this by doing a return instead of die().
```
protected function _generate_post_on_save( $post_id ) {

		// Make sure we are originating from the right place.
		if (
			! isset( $_POST['better_yourls_nonce'] ) || // WPCS: input var ok.
			! wp_verify_nonce( $_POST['better_yourls_nonce'], 'better_yourls_save_post' ) // WPCS: input var ok. Sanitization ok.
		) {
		    return; // Do nothing.
			wp_die( esc_html__( 'Security Error', 'better-yourls' ) );
		}
```
For some reason, the dev of YOURLS is evaluating if the $_POST var is set OR if wp_verify_nonce fails at the same time. This does not make sense. The latter test would always require the $_POST to be set. The dev should evaluate whether or not the $_POST is set then if it is evaluate it using wp_verify_nonce; not both at the same time.
- This reply was modified 8 years, 2 months ago by moongear.
- This reply was modified 8 years, 2 months ago by moongear.
- This reply was modified 8 years, 2 months ago by moongear.
Axel13
(@axel13)

7 years, 11 months ago

Confirming the security error…

I use the plugin on a multisite (Yes, it works like a charm, Chris, tnx!). First I saw “Security Error” at the bottom of the “At Glance” widget in the dashboard of the main site. The <div class="sub"></div> had disappeared too, or at least that section was not styled.

I just updated a bunch of plugins and didn’t have time to look for the cause. Then I created a new site as a new user to test something and none of the admin screens were available in the new site…

Then I found this topic, deactivated Better YOURLS: problem solved.

Activating the plugin again, however, and creating another site, does not reproduce this error.

Moongear, I don’t think it’s ok to resolve the error like this. You basically interrupt the validation, so yeh, it does not die. Yet I would assume it is not what causes the error, especially since the same method, with OR, can also be found in the codex.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Security Error’ is closed to new replies.