Forums

WordPress › Support » How-To and Troubleshooting

check_ajax_referer doesn't work when install is in sub-directory (6 posts)

  1. metaphorcreations
    Member
    Posted 10 months ago #

    I have created a plugin that uses ajax and I am using check_ajax_referer as described in the documentation. I am testing the plugin on a site where the WordPress install is located in a sub-directory.

    Everything seems to work fine if my Site Address is the same as my install directory... but, if I change my Site Address to be the root and keep wordpress in the sub-directory I get a "-1" return from my ajax. My plugin also uses the same ajax within the url and that keeps working fine, but it breaks on the front-end.

    Does anyone have any suggestions/solutions to this?

    Thanks!

  2. metaphorcreations
    Member
    Posted 10 months ago #

    I'm digging into the check_ajax_referer function located in wp-includes/pluggable.php and testing what is being passed as the $query_arg.

    For some reason a "-1" is being appended to my nonce value.

    The value should be coming through as: 46bce74546 but is actually coming through as: 46bce74546-1

    Again, this only happens when my Site URL is not the same as the WordPress Address.

  3. metaphorcreations
    Member
    Posted 10 months ago #

    The following is the jQuery function that loads the ajax:

    function mediablender_attachment_ajax( att_id, display ) {

	// Create the data to pass
	var data = {
		action: 'mediablender_structure',
		type: settings.type,
		att_id: att_id,
		title: settings.show_titles,
		description: settings.show_descriptions,
		comments: settings.show_comments,
		width: settings.width-settings.sidebar_width,
		height: settings.height,
		security: settings.security
	};

	// since 2.8 ajaxurl is always defined in the admin header and points to admin-ajax.php
	ajax = jQuery.post( ajaxurl, data, function( response ) {

		if( settings.type == 'lightbox' || settings.type == 'slider' ) {
			if( display == true ) {
				mediablender_attachment_display( response, att_id );
			}

			// If the attachment is an image, preload the image
			var $temp = jQuery(response).find('.mediablender-attachment').children();
			if( $temp.is('img') ) {
				$temp.load( function() {
					preloaded_attachments.push( {id:att_id, data:response} );
					var next_id = mediablender_attachment_preload();
					if( next_id ) {
						mediablender_attachment_ajax( next_id, false );
					}
				});
			} else {
				preloaded_attachments.push( {id:att_id, data:response} );
				var next_id = mediablender_attachment_preload();
				if( next_id ) {
					mediablender_attachment_ajax( next_id, false );
				}
			}
		} else {
			mediablender_attachment_display( response, att_id );
		}
	});
}

    ... and here is a snippet of the php function that is being loaded:

    function mediablender_structure() {

	// Get access to the database
	global $wpdb;

	// Check the nonce
	check_ajax_referer( 'm4c_ajax_file_nonce', 'security' );

	// Get variables
	$att_id  = $_POST['att_id'];
	$type = $_POST['type'];
	$title = $_POST['title'];
	$description = $_POST['description'];
	$comments = $_POST['comments'];
	$width = ( $_POST['width'] != 0 ) ? $_POST['width'] : false;
	$height = ( $_POST['height'] != 0 ) ? $_POST['height'] : false;

        .... rest of the function ....

	die(); // this is required to return a proper result
}

  4. metaphorcreations
    Member
    Posted 10 months ago #

    If I echo

    $_POST['security'];

    before

    // Check the nonce
check_ajax_referer( 'm4c_ajax_file_nonce', 'security' );

    The value is correct... but, for reason when the value gets passed to "check_ajax_referer" the "-1" is appended.

  5. keesiemeijer
    moderator
    Posted 10 months ago #

    Where do you create your nonce (wp_create_nonce())?

    -1 can be an error return value: http://codex.wordpress.org/AJAX_in_Plugins#Error_Return_Values

    Try setting up your nonce like this: http://www.garyc40.com/2010/03/5-tips-for-using-ajax-in-wordpress/

  6. metaphorcreations
    Member
    Posted 10 months ago #

    Thanks keesiemeijer - I do believe my nonce creation and ajax setup is correct. I understand that -1 is the error return value for check_ajax_referer... I'm just not sure why I'm getting it. I think it's got to be a bug or something.

    I have setup 2 identical sites, one having the WP install in the same directory as the site and the other with the WP install located in a root directory. You'll see the difference in output by comparing both.

    http://www.metaphorcreations.com/test_same/

    http://www.metaphorcreations.com/test_sub/

    The actual output of the ajax is listed at the bottom of the page.

Reply

You must log in to post.

About this Topic

Tags