Support Forum
Support Forum
Offline
Greetings!
I have a problem with installing plugins in Simple: Press. When I choose .zip archive with plugin in Plugin Uploader tab and click "Proceed", i get a message "Are you shure to do this?" without any options. I've searching solution of this problem in internet and found out that the message generates check_admin_referer function by wordpress, which checks if the current request is sent from the admin page or not. This function, which is wrote to ensure the safety, aborts installation of any plugin. Although, if I upload plugin folder on server directly via ftp, this plug-in appears in the list of available and easily activated. But this is not the way out. I ask you for advice, what and where i need to fix, so i can upload plugins without check wpnonce.
Thanks.
Offline
are you using the wp plugin uploader or the sp one?
does the user doing this have wp manage plugins capability?
Visit Cruise Talk Central and Mr Papa's World
Offline
are you using the wp plugin uploader or the sp one?
I`m using sp plugin uploader, i think. Choosing tab which have red border on the picture
does the user doing this have wp manage plugins capability?
I think so, because under this user i activated plugin already uploaded directly via ftp. Used for this tab "Available Plugins". However, how else i can check if user have necessary permissions?
Offline
The real question surely is why are you failing the referrer check? That suggests some sort of server issue.
Steve (Mr Papa)? Any ideas?
 |
YELLOW
SWORDFISH
|
Offline
well activating the sp plugin from our admin panel only requires the sp manage plugins capability... but I was asking you about the wp activate_plugins (or update_plugins) capability... they are two different things...
is this other user a wp admin? see: http://codex.wordpress.org/Rol.....pabilities for default wp capabilities based on the users wp role...
Visit Cruise Talk Central and Mr Papa's World
Offline
Oh, i see. I doing everything under admin account which have an Administrator role. I checked the configuration of roles in the database table wp_options, option name wp_user_roles, below leaving only the part that applies to the administrator settings (Editor, Author etc. not interested)
a:9:{s:13:"administrator";a:2:{s:4:"name";s:13:"Administrator";s:12:"capabilities";a:71:{s:13:"switch_themes";b:1;s:11:"edit_themes";b:1;s:16:"activate_plugins";b:1;s:12:"edit_plugins";b:1;s:10:"edit_users";b:1;s:10:"edit_files";b:1;s:14:"manage_options";b:1;s:17:"moderate_comments";b:1;s:17:"manage_categories";b:1;s:12:"manage_links";b:1;s:12:"upload_files";b:1;s:6:"import";b:1;s:15:"unfiltered_html";b:1;s:10:"edit_posts";b:1;s:17:"edit_others_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:10:"edit_pages";b:1;s:4:"read";b:1;s:8:"level_10";b:1;s:7:"level_9";b:1;s:7:"level_8";b:1;s:7:"level_7";b:1;s:7:"level_6";b:1;s:7:"level_5";b:1;s:7:"level_4";b:1;s:7:"level_3";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:17:"edit_others_pages";b:1;s:20:"edit_published_pages";b:1;s:13:"publish_pages";b:1;s:12:"delete_pages";b:1;s:19:"delete_others_pages";b:1;s:22:"delete_published_pages";b:1;s:12:"delete_posts";b:1;s:19:"delete_others_posts";b:1;s:22:"delete_published_posts";b:1;s:20:"delete_private_posts";b:1;s:18:"edit_private_posts";b:1;s:18:"read_private_posts";b:1;s:20:"delete_private_pages";b:1;s:18:"edit_private_pages";b:1;s:18:"read_private_pages";b:1;s:12:"delete_users";b:1;s:12:"create_users";b:1;s:17:"unfiltered_upload";b:1;s:14:"edit_dashboard";b:1;s:14:"update_plugins";b:1;s:14:"delete_plugins";b:1;s:15:"install_plugins";b:1;s:13:"update_themes";b:1;s:14:"install_themes";b:1;s:11:"update_core";b:1;s:10:"list_users";b:1;s:12:"remove_users";b:1;s:9:"add_users";b:1;s:13:"promote_users";b:1;s:18:"edit_theme_options";b:1;s:13:"delete_themes";b:1;s:6:"export";b:1;s:24:"NextGEN Gallery overview";b:1;s:19:"NextGEN Use TinyMCE";b:1;s:21:"NextGEN Upload images";b:1;s:22:"NextGEN Manage gallery";b:1;s:19:"NextGEN Manage tags";b:1;s:29:"NextGEN Manage others gallery";b:1;s:18:"NextGEN Edit album";b:1;s:20:"NextGEN Change style";b:1;s:22:"NextGEN Change options";b:1;}}
The most interesting is, that I just now noticed that there are two administrators - in the image below it shows. I use admin. But there is jay! Maybe it has something affect the referrer check?
Offline
I see nothing wrong there myself...
|
YELLOW
SWORDFISH
|
Offline
not sure how having two admins would affect the nonce... we use theme all over the sp admin - not just in plugin activation... the difference here is its a wp generated nonce vs an sp generated one...
so are you using admin or jay? and which is the above capabilities? which btw, seem fine...
Visit Cruise Talk Central and Mr Papa's World
Offline
I was using the admin account with role Administrator all the time. Jay also has this role, but under his account I did not try to load plugins. I think that the above capabilities include everyone who has the role of Administrator, because in the table wp_options,the option name wp_user_roles, after shown above segment there are descriptions of the other roles, with limited rights.
Decided to do a little experiment and create a new user with full rights for wp and sp. When creating user was redirected to this error
Maybe its not important for our issue, but I decided to show it. However, user was created successfully. Gave him the capabilities of Administrator. Also made him an admin in sp. And when have loading plugins again, under a new user, was redirected to the same error, though I noticed that a new wpnonce was generate:
under the admin there is something like that - wp-admin/update.php?action=upload-sp-plugin&package=748&_wpnonce=d9f9d9f9ff,
but under new user there is another URL (specifically) - wp-admin/update.php?action=upload-sp-plugin&package=748&_wpnonce=7ee7ed71fd.
It is very strange! Any ideas?
Offline
If you read that error (on creating a new user) it tells you what the issue is and I would suggest it means you have a plugin active but have removed the tables at some point. I don't know what 'myBB' is but clearly it has been operational at some point in your system and some components still are. It would be a good idea to remove what remains of this as it is always a good idea to remove unwanted plugins etc.
While i really still have no idea why you are plagued by this referrer issue I can tell you that nonces change all the time. They are constructed from an amalgam of various items of data - both user and time specific - and the time part, of course will change. I believe the date is used which is why a nonce can not straddle midnight!
I am sorry I have no more ideas. This is currently a unique report and as such we have to put it down to being an environmental issue within your setup. Maybe you have another plugin active that is affecting the nonce and manipulating it in some way...?
|
YELLOW
SWORDFISH
|
All RSS1 Guest(s)