Support Forum

Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
general-topic
Access Denied and Nonce error
Avatar
BSABantam
UK
Member
Free Members
sp_UserOfflineSmall Offline
Mar 5, 2017 - 9:12 am

Looking at the Error Log there are usually a few instances of 'Nonce Error', sometimes connected with PM's, but always when moving a Member between User Groups. It gets generated every time. Along with the Error there is always an 'Access Denied' pop-up when the Member move is made.

The action is completed successfully and confirmation displayed followed by the pop-up. It appears the problem is not with the actual move but in updating the display. Dismissing the pop-up and refreshing the display by clicking the 'Usergroups' tab shows the change has taken place.

This occurs using a full WP/SP Admin account and I have tried the operation after clearing the Browser cache and using a different Logon using just an SP Admin account but the result is the same.

Doesn't seem to have any impact on the Forum in general but reporting it as requested in the Error Log header.

Screenshot1.pngImage Enlarger

Screenshot2.pngImage Enlarger

Avatar
Yellow Swordfish
Glinton, England
SP Master
sp_UserOfflineSmall Offline
Mar 5, 2017 - 11:16 am

Curious. I have just made 3 user moves from different groups and am unable to make it error or fail.

The failure of the nonce check is not actually an error of course. We log it as an error just so we can see it happened but actually it is because of the nonce timeout that WordPress builds in to each nonce - random security key. Refreshing the whole admin from the WP menu down the side automatically creates a new nonce which is why you get straight back into the admin.

I will do some more tests later to see if I can replicate the issue but no luck so far... but there again - my nonce was fresh so a while yet for the timeout to kick in.

andy-signature.png
YELLOW
SWORDFISH
Avatar
BSABantam
UK
Member
Free Members
sp_UserOfflineSmall Offline
Mar 5, 2017 - 8:28 pm

OK, thanks for looking into it, I will just add that what I have detailed above happens under the Members Forum Profile (not in WP Admin) and it's exactly the same whether I have just logged in or been logged in for hours.

Avatar
Mr Papa
Simi Valley, CA
SP Master
Free Members
sp_UserOfflineSmall Offline
Mar 6, 2017 - 2:03 am

any security plugins or server side (such as mod_security) that might be blocking some urls with query args it doesn like?

Avatar
Yellow Swordfish
Glinton, England
SP Master
sp_UserOfflineSmall Offline
Mar 6, 2017 - 4:01 am

Sorry @bsabantam - I CAN replicate this now. I thought originally you were referring to making these changes in the admin - User Groups section. My fault for not looking closer at the error log entry you attached.

The question @mr-papa asked above probably has no relevance now I can replicate. I have opened a ticket to get this fixed for forthcoming 5.7.4...

andy-signature.png
YELLOW
SWORDFISH
Forum Timezone: Europe/Stockholm
Most Users Ever Online: 1170
Currently Online:
Guest(s) 1
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Mr Papa: 19448
Ike: 2086
Brandon: 864
kvr28: 804
jim: 649
FidoSysop: 577
Conrad_Farlow: 531
fiddlerman: 358
Stefano Prete: 325
Member Stats:
Guest Posters: 616
Members: 17348
Moderators: 0
Admins: 4
Forum Stats:
Groups: 7
Forums: 17
Topics: 10118
Posts: 79603