Make WordPress Core

Opened 13 years ago

Closed 12 years ago

#6785 closed defect (bug) (fixed)

Sometimes posting failes with message "Your attempt to edit this post: "Blah" has failed."

Reported by: simonwheatley Owned by:
Milestone: 2.9 Priority: normal
Severity: normal Version:
Component: Autosave Keywords:
Focuses: Cc:


There seems to be a window of time during which a post submit for review can fail with the message "Your attempt to edit this post: "Blah" has failed.".

To replicate you will need a fairly slow responding webserver, or possibly some network latency, or both.

  1. As a Contributor role user, go to the edit posts screen
  2. Type something in the Post Title
  3. Click into the post body and type something
  4. Watch the "Saving draft..." message like a hawk
  5. The moment it changes to "Draft saved at..." message, hit Submit for Review
  6. (Sometimes) observe the WP_Die message as described above

After putting some error logging into the check_admin_referer as follows:

function check_admin_referer($action = -1, $query_arg = '_wpnonce') {
	$adminurl = strtolower(get_option('siteurl')).'/wp-admin';
	$referer = strtolower(wp_get_referer());
	error_log( "adminurl = $adminurl" );
	error_log( "referer = $referer" );
	$result = wp_verify_nonce($_REQUEST[$query_arg], $action);
	error_log( "wp_verify_nonce($_REQUEST[$query_arg], $action) = $result" );
	if ( !$result ) error_log( 'Result failed' );
	if ( !(-1 == $action && strpos($referer, $adminurl) !== false) ) error_log( 'Referer check failed' );
	if ( !$result && !(-1 == $action && strpos($referer, $adminurl) !== false) ) {
	do_action('check_admin_referer', $action, $result);
	return $result;

I get the following spatter in my logs when the operation fails:

[20-Apr-2008 14:13:43] adminurl = http://www.jackspeak.test.site/wp-admin
[20-Apr-2008 14:13:43] referer = /wp-admin/post-new.php?posted=127
[20-Apr-2008 14:13:43] wp_verify_nonce(5b75e9da3c, update-post_128) = 
[20-Apr-2008 14:13:43] Result failed
[20-Apr-2008 14:13:43] Referer check failed

Of course, being an intermittent fault, this sometimes just works, and sometimes just doesn't.

For comparison, here's the spatter when the post operation succeeds:

[20-Apr-2008 14:13:23] adminurl = http://www.jackspeak.test.site/wp-admin
[20-Apr-2008 14:13:23] referer = /wp-admin/post-new.php
[20-Apr-2008 14:13:23] wp_verify_nonce(5b75e9da3c, add-post) = 1
[20-Apr-2008 14:13:23] Referer check failed

Change History (4)

#1 @ryan
13 years ago

Sounds like a race condition between the Submit and the completion of the autosave. Autosave requests an updated nonce from the server after the autosave completes. If it doesn't get it the nonces might not match.

#2 @ryan
13 years ago

  • Component changed from Administration to Autosave
  • Owner anonymous deleted

#3 @ryan
13 years ago

  • Milestone changed from 2.7 to 2.9

#4 @azaozz
12 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [11927]) Avoid rare autosave collision when trying to publish the post immediately after it was autosaved, fixes #6785

Note: See TracTickets for help on using tickets.