pharmanext
Forum Replies Created
-
No, the latest plugin update didn’t completely resolve the issue: see screenshot.
Forum: Plugins
In reply to: [WP Popular Posts] How do I disable nonce checking in a plugin?@hcabrera Wait a minute, do you have any other solution that you think would be safe?
Let me repeat: the reliance on a nonce forces the site to periodically regenerate the cache, even though this is often a very resource-intensive process. Imagine you have tens of thousands of posts that are never updated, but for the WPP to work correctly, it has to perform background preloading of them after a certain amount of time has passed.
Forum: Plugins
In reply to: [WP Popular Posts] How do I disable nonce checking in a plugin?The crux of the problem is this: many posts on the site are evergreen, meaning there’s no point in regenerating the cache for them on a regular basis. In other words, the cache’s lifetime is infinite. This leads to the WPP nonce expiring. If you don’t use AJAX loading to display WPP, popular posts get cached as static content, meaning AJAX is necessary in any case.
My previous code really didn’t work for many reasons.
The solution is as follows. Remove the X-WP-Nonce header from the $_SERVER superglobal array for all REST requests to the wordpress-popular-posts/ namespace. WordPress will then not find the nonce and will not check it. Since the plugin’s endpoints are public (permission_callback => ‘__return_true’), they will work without a 403 error.
Why is this safe? WPP endpoints have permission_callback => ‘__return_true’, and they are public. The nonce is only needed for CSRF protection, which is not critical for public counters and widgets. No other REST endpoints are affected.
Here is the code:
add_action('rest_api_init', function() {
$request_uri = $_SERVER['REQUEST_URI'] ?? '';
if (strpos($request_uri, '/wordpress-popular-posts/') !== false) {
unset($_SERVER['HTTP_X_WP_NONCE']);
}
}, 1);Forum: Plugins
In reply to: [WP Popular Posts] How do I disable nonce checking in a plugin?I tried targeting WP Popular Posts endpoints to extend the nonce lifetime, but it didn’t work.
add_action('rest_api_init', function() {
add_filter('rest_authentication_errors', function($errors) {
$request_uri = $_SERVER['REQUEST_URI'] ?? '';
$path = wp_parse_url($request_uri, PHP_URL_PATH);
if ( strpos($path, 'wordpress-popular-posts/v2/') === false ) {
return $errors; //
}
add_filter('nonce_life', function($lifespan, $action) {
if ($action === 'wp_rest') {
return 365 * DAY_IN_SECONDS;
}
return $lifespan;
}, 10, 2);
return $errors;
}, 10);
});add_action('add_attachment', 'fix_meow_all_avif_permissions', 20);
add_filter('wp_generate_attachment_metadata', 'fix_meow_all_avif_permissions_meta', 20, 2);
function fix_meow_all_avif_permissions_meta($metadata, $attachment_id) {
$upload_dir = wp_upload_dir();
$base_dir = $upload_dir['basedir'] . '/';
if (!empty($metadata['file'])) {
$dir_path = dirname($base_dir . $metadata['file']) . '/';
// Check AVIF for the original file
$orig_avif = $base_dir . $metadata['file'] . '.avif';
if (file_exists($orig_avif)) {
@chmod($orig_avif, 0644);
}
// Check AVIF for the created thumbs
if (!empty($metadata['sizes'])) {
foreach ($metadata['sizes'] as $size_info) {
if (!empty($size_info['file'])) {
$thumb_path = $dir_path . $size_info['file'];
// Standard AVIF
if (file_exists($thumb_path . '.avif')) {
@chmod($thumb_path . '.avif', 0644);
}
// Retina AVIF
$ext = pathinfo($size_info['file'], PATHINFO_EXTENSION);
$filename = pathinfo($size_info['file'], PATHINFO_FILENAME);
$retina_avif = $dir_path . $filename . '@2x.' . $ext . '.avif';
if (file_exists($retina_avif)) {
@chmod($retina_avif, 0644);
}
}
}
}
}
return $metadata;
}
function fix_meow_all_avif_permissions($post_id) {
if (wp_attachment_is_image($post_id)) {
$file_path = get_attached_file($post_id);
if ($file_path && file_exists($file_path . '.avif')) {
@chmod($file_path . '.avif', 0644);
}
}
}For anyone else who has encountered this issue, here is some code that sets the necessary permissions for AVIF files after they are generated.
Forum: Plugins
In reply to: [ЮKassa для WooCommerce] Изменение стоимости подпискиИ вот этот код:
add_filter( 'woocommerce_payment_gateway_supports', 'add_yookassa_subscription_amount_changes', 10, 3 );
function add_yookassa_subscription_amount_changes( $supports, $feature, $gateway ) {
if ( 'yookassa_epl' === $gateway->id && 'subscription_amount_changes' === $feature ) {
$supports[] = 'subscription_amount_changes';
}
return $supports;
}Forum: Plugins
In reply to: [ЮKassa для WooCommerce] Изменение стоимости подпискиПоддерживаю. Интегрированная в плагин возможность изменения стоимости подписки для существующих подписчиков действительно насущна и необходима.
Мониторинг ценообразования подписных систем крупных сайтов показал, что их владельцы периодически повышают цены, и это затрагивает в том числе действующих подписчиков: и это уже их право и выбор, продолжать подписку по новой цене или отказываться от нее до момента следующего автоплатежа.
В любом случае встроенная в ЮKassa поддержка корректировки цены подписки нужна, поскольку далеко не каждый сможет реализовать эту функцию вручную.
Thanx. You’re right.
The problem was on the side of the Beautiful Cookie Consent Banner plugin: incorrect PHP code caused a fatal error: see here.
Forum: Plugins
In reply to: [Beautiful Cookie Consent Banner] Compatibility with PostXThe issue was in /beautiful-and-responsive-cookie-consent/class/class-nsc_bar_input_validation.php:
[debug.log]
PHP Fatal error: Cannot redeclare escape_recursive() (previously declared in /beautiful-and-responsive-cookie-consent/class/class-nsc_bar_input_validation.php:414) in /beautiful-and-responsive-cookie-consent/class/class-nsc_bar_input_validation.php on line 414
Cause:
The error occurs because the escape_recursive() function is defined inside the escape_json_content() method. In PHP, nested functions are global – they are declared in the global scope the first time the method runs. If the method is called again, PHP attempts to redeclare the same function, triggering a fatal error.
Original Code:
public function escape_json_content(string $json_string)
{
$decoded_json = json_decode($json_string, true);
if (json_last_error() !== JSON_ERROR_NONE) {
return false;
}
function escape_recursive($data, $allowedHtml)
{
if (is_array($data)) {
foreach ($data as $key => $value) {
if ($key === "message" && is_string($value) === true) {
$data[$key] = wp_kses($value, $allowedHtml);
continue;
}
$data[$key] = escape_recursive($value, $allowedHtml);
}
} elseif (is_string($data)) {
$data = stripslashes(esc_js($data));
}
return $data;
}
$escaped_json = escape_recursive($decoded_json, $this->allowedHtml);
return json_encode($escaped_json, JSON_UNESCAPED_UNICODE);
}New Code:
private function escape_recursive($data, $allowedHtml)
{
if (is_array($data)) {
foreach ($data as $key => $value) {
if ($key === "message" && is_string($value) === true) {
$data[$key] = wp_kses($value, $allowedHtml);
continue;
}
$data[$key] = $this->escape_recursive($value, $allowedHtml);
}
} elseif (is_string($data)) {
$data = stripslashes(esc_js($data));
}
return $data;
}
public function escape_json_content(string $json_string)
{
$decoded_json = json_decode($json_string, true);
if (json_last_error() !== JSON_ERROR_NONE) {
return false;
}
$escaped_json = $this->escape_recursive($decoded_json, $this->allowedHtml);
return json_encode($escaped_json, JSON_UNESCAPED_UNICODE);
}Forum: Plugins
In reply to: [Beautiful Cookie Consent Banner] Compatibility with PostXDear Nikel,
I apologize in advance for my potentially harsh tone, but this whole situation seems absurd and ridiculous.
Firstly, your initial response took a full nine days. During that time, I managed to write my own plugin for managing cookies. It was a very interesting journey. But what else could I do when you remained silent for so long?
Second, tell me, how does it help me that you said the issue was with Google Fonts? Thank you, of course, for this invaluable information, but what next?
Third, excuse me, are we talking about the premium version of the plugin? No!
We are talking about the plugin that is available for free in the WordPress repository. So how can I confirm that the issue has been resolved if you have eliminated it, as you claim, only in the premium version?
Fourth, the issue has not been resolved.
P.S. In conclusion, in all fairness, I must say that you have an excellent, awesome plugin!
I really like it. It has many wonderful features and capabilities. You are very talented and smart! Thank you for your work. I wish you success and prosperity for your business!
Dear developers, I am writing to clarify the status of my issue. Please provide a clear answer: has this bug been fixed? It has been FIVE months since I reported it.
Dear developers, I would like to express my appreciation for your excellent product. However, its long-term support leaves much to be desired.
Unfortunately, even after FIVE months, the annoying and frustrating behavior of PostX, which was mentioned at the beginning of this thread, has still not been fixed. What is this? Forgetfulness, misunderstanding, lack of desire to develop the product, or simply a formal approach to user support, where the priority is to respond quickly to tickets by making encouraging promises and assurances that in fact remain just words, not backed up by further action?
If you cannot or do not want to properly fix bugs and/or improve the user experience, don’t make false promises. Just respond that it is entirely your decision what to fix in the plugin, and that the opinion of its users remains just that—an opinion.
To better understand the essence of the issue, just look at how this is implemented by competitors, who, I hasten to assure you, seriously lag behind in all the rich features offered by PostX. Nevertheless, in their correct representation of the user experience, pagination initiates autoscroll to the top of the list.
To avoid any ambiguity, I hasten to inform you that the incompatibility is observed in its pure form, i.e., only the Twenty-Twenty Five (or Twenty-Twenty Four) theme is active, and only these two plugins.
Forum: Plugins
In reply to: [Beautiful Cookie Consent Banner] Compatibility with PostXTo avoid any ambiguity, I hasten to inform you that the incompatibility is observed in its pure form, i.e., only the Twenty-Twenty Five (or Twenty-Twenty Four) theme is active, and only these two plugins.
Forum: Plugins
In reply to: [ЮKassa для WooCommerce] SuspensionБлагодарю вас за разъяснение логики работы ЮKassa.