Make WordPress Core

Opened 14 years ago

Closed 14 years ago

Last modified 14 years ago

#12346 closed defect (bug) (invalid)

Saving settings in multiple plugins results in You do not have sufficient permissions to access this page.

Reported by: guyn's profile guyn Owned by:
Milestone: Priority: normal
Severity: major Version:
Component: General Keywords: plugins, plugin
Focuses: Cc:

Description

The problems occurs due to a duplicity in the url which appears inside the <form> action field.
Most plugins use the following php command to determine the url : <?php echo $_SERVERREQUEST_URI?; ?>
However, in my site the command returns a duplicate result for example :
/wp-admin/options-general.php?page=Sociable?page=Sociable

Please note that testing the $_SERVERREQUEST_URI? command outside of wordpress returns a proper response.

I'm hosted on a linux

Change History (6)

#1 @wpmuguru
14 years ago

  • Resolution set to invalid
  • Status changed from new to closed

use admin_url('options-general.php?page=Sociable')

#2 follow-ups: @scribu
14 years ago

  • Milestone Unassigned deleted

Better yet, use a blank: <form method="POST" action="">

#3 in reply to: ↑ 2 @guyn
14 years ago

Replying to scribu:

Better yet, use a blank: <form method="POST" action="">

I can solve the problem by editing the plugins rather easily. The problem is that half the plugins I install contain this problem and that the command itself - $_SERVERREQUEST_URI; seems to work perfectly well on other parts of my server.

#4 in reply to: ↑ 2 @filosofo
14 years ago

Replying to scribu:

Better yet, use a blank: <form method="POST" action="">

Since WP admin is XHTML 1.0, to be valid the method attribute value would need to be lowercase:"post" instead of "POST."

Not that the admin is in any danger of being valid any time soon. :)

#5 follow-up: @nacin
14 years ago

Some servers may omit the query string from REQUEST_URI, but WordPress goes through and corrects numerous $_SERVER variables including this one to ensure that it includes the query string, as it is supposed to (see wp_fix_server_vars() in wp-includes/load.php in 3.0, or a big chunk of code near the top of wp-settings.php in 2.9).

#6 in reply to: ↑ 5 @guyn
14 years ago

Replying to nacin:

Some servers may omit the query string from REQUEST_URI, but WordPress goes through and corrects numerous $_SERVER variables including this one to ensure that it includes the query string, as it is supposed to (see wp_fix_server_vars() in wp-includes/load.php in 3.0, or a big chunk of code near the top of wp-settings.php in 2.9).

I only know that I host sites on two different servers (shard hosting) and both show the same symptoms, and that the problem effects about 50% of the plugins I use.

There might actually be a problem with the wp_fix_server_vars() as I checked $_SERVERREQUEST_URI outside of wordpress and it worked fine.

In any case, I'm able to solve this specifically for my needs, I just think it might actually be a bug in the way wordpress handles these vars.

Guy

Note: See TracTickets for help on using tickets.