Support » Fixing WordPress » Can’t edit main theme php files after upgrading to 4.9

  • I am unable to edit main theme (php) files using the build in WordPress editor after upgrading to version 4.9. I get the following error:

    Unable to communicate back with site to check for fatal errors, so the PHP change was reverted. You will need to upload your PHP file change by some other means, such as by using SFTP.

    I have cleared my browser cache, cleared my website cache, de-activated all plugins and reinstalled main theme.

    Furthermore; I am able to edit php files in other themes without issues. I have also checked my permissions and ownership of all files. Everything seems perfect.

    The page I need help with: [log in to see the link]

Viewing 15 replies - 46 through 60 (of 123 total)
  • @backups If you press the line which links to my blog, you’ll get to the WordPress website. Sorry for not explaining this.

    • This reply was modified 2 years, 11 months ago by Debresser. Reason: To avoid suggestion it was an intentional mistake

    Experiencing the same issue on hostgator site. No caching plugins whatsoever.

    I also have the problem on more then 30 sites….all together more then 8 different hosting companys in Belgium, German and Austria!

    At my opinion it have nothing to do with Hosting Providers!

    I did what @backups wrote:
    quote:

    Note if i replace
    wp-admin/theme-editor.php
    wp-admin/includes/file.php
    With the same named files from build 4.8.3

    unquote

    And everything works!!!

    @clorith It is the same for plugins. I can edit any not active plugin. But not a activated one.

    @winock you dont have to replace it with the old files from 4.8.3. Just open wp-admin/includes/file.php and delete lines 491-598 in that file. You then can at least edit the files again. I know it is less secure, but you can work from the editor. It is almost the same as restoring the 2 files from wp 4.8.3 🙂

    Remove this complete code block

    	if ( $is_active && 'php' === $extension ) {
    
    		$scrape_key = md5( rand() );
    		$transient = 'scrape_key_' . $scrape_key;
    		$scrape_nonce = strval( rand() );
    		set_transient( $transient, $scrape_nonce, 60 ); // It shouldn't take more than 60 seconds to make the two loopback requests.
    
    		$cookies = wp_unslash( $_COOKIE );
    		$scrape_params = array(
    			'wp_scrape_key' => $scrape_key,
    			'wp_scrape_nonce' => $scrape_nonce,
    		);
    		$headers = array(
    			'Cache-Control' => 'no-cache',
    		);
    
    		// Include Basic auth in loopback requests.
    		if ( isset( $_SERVER['PHP_AUTH_USER'] ) && isset( $_SERVER['PHP_AUTH_PW'] ) ) {
    			$headers['Authorization'] = 'Basic ' . base64_encode( wp_unslash( $_SERVER['PHP_AUTH_USER'] ) . ':' . wp_unslash( $_SERVER['PHP_AUTH_PW'] ) );
    		}
    
    		// Make sure PHP process doesn't die before loopback requests complete.
    		@set_time_limit( 300 );
    
    		// Time to wait for loopback requests to finish.
    		$timeout = 100;
    
    		$needle_start = "###### wp_scraping_result_start:$scrape_key ######";
    		$needle_end = "###### wp_scraping_result_end:$scrape_key ######";
    
    		// Attempt loopback request to editor to see if user just whitescreened themselves.
    		if ( $plugin ) {
    			$url = add_query_arg( compact( 'plugin', 'file' ), admin_url( 'plugin-editor.php' ) );
    		} elseif ( isset( $stylesheet ) ) {
    			$url = add_query_arg(
    				array(
    					'theme' => $stylesheet,
    					'file' => $file,
    				),
    				admin_url( 'theme-editor.php' )
    			);
    		} else {
    			$url = admin_url();
    		}
    		$url = add_query_arg( $scrape_params, $url );
    		$r = wp_remote_get( $url, compact( 'cookies', 'headers', 'timeout' ) );
    		$body = wp_remote_retrieve_body( $r );
    		$scrape_result_position = strpos( $body, $needle_start );
    
    		$loopback_request_failure = array(
    			'code' => 'loopback_request_failed',
    			'message' => __( 'Unable to communicate back with site to check for fatal errors, so the PHP change was reverted. You will need to upload your PHP file change by some other means, such as by using SFTP.' ),
    		);
    		$json_parse_failure = array(
    			'code' => 'json_parse_error',
    		);
    
    		$result = null;
    		if ( false === $scrape_result_position ) {
    			$result = $loopback_request_failure;
    		} else {
    			$error_output = substr( $body, $scrape_result_position + strlen( $needle_start ) );
    			$error_output = substr( $error_output, 0, strpos( $error_output, $needle_end ) );
    			$result = json_decode( trim( $error_output ), true );
    			if ( empty( $result ) ) {
    				$result = $json_parse_failure;
    			}
    		}
    
    		// Try making request to homepage as well to see if visitors have been whitescreened.
    		if ( true === $result ) {
    			$url = home_url( '/' );
    			$url = add_query_arg( $scrape_params, $url );
    			$r = wp_remote_get( $url, compact( 'cookies', 'headers', 'timeout' ) );
    			$body = wp_remote_retrieve_body( $r );
    			$scrape_result_position = strpos( $body, $needle_start );
    
    			if ( false === $scrape_result_position ) {
    				$result = $loopback_request_failure;
    			} else {
    				$error_output = substr( $body, $scrape_result_position + strlen( $needle_start ) );
    				$error_output = substr( $error_output, 0, strpos( $error_output, $needle_end ) );
    				$result = json_decode( trim( $error_output ), true );
    				if ( empty( $result ) ) {
    					$result = $json_parse_failure;
    				}
    			}
    		}
    
    		delete_transient( $transient );
    
    		if ( true !== $result ) {
    
    			// Roll-back file change.
    			file_put_contents( $real_file, $previous_content );
    			if ( function_exists( 'opcache_invalidate' ) ) {
    				opcache_invalidate( $real_file, true );
    			}
    
    			if ( ! isset( $result['message'] ) ) {
    				$message = __( 'An unidentified error has occurred.' );
    			} else {
    				$message = $result['message'];
    				unset( $result['message'] );
    			}
    			return new WP_Error( 'php_error', $message, $result );
    		}
    	}

    @clorith @backups
    Yes, activated plugins return the error.
    Deactivated plugins can be edited without a problem.

    @padraigbeirne Yes because the function that produces the error message is only doing its stuff on active themes or plugins

    if ( $is_active && 'php' === $extension ) {
    
     and here it does something to make things more secure.... 
    
    }
    

    So any edit for a non active plugin or theme works just fine.

    So a hacker turns of the plugin or theme, does his stuff and turns it back on. So much for extra security.

    Crazy part: I have wordpress installation that runs with W3TC plugin, protected by hardware load balancer, two varnish installations, and cloudflare on top of all of the above… And it updates active theme and plugin php files with no problem whatsoever.

    • This reply was modified 2 years, 11 months ago by Wace.

    Just to add to the broadness of this, I am also finding the exact same, when I try to edit/add to the functions.php file in child themes… This happens so far on several sites, two significantly different servers/hosting situations…

    Moderator Marius L. J.

    (@clorith)

    OK, this is getting a bit out of hand here.

    If you intend to post a reply here, please do not post “me too”, instead I want the following information:

    – What webhost are you using
    – Which hosting package with that host are you using (they usually have many options)
    – The exact error you are seeing
    – Deactivate ALL plugins (alternatively leave the Health Check plugin enabled to copy debug data for us) and use a default theme (such as Twenty Seventeen)

    And please do not modify WordPress core files, with the exception of steps asked to perform troubleshooting steps outlined, and in such cases please undo the modifications right away after.

    The steps above are so that it’s actually possible to keep track of the topic at hand, or else it’ll just end up being spammed down and that’s when volunteers stop caring 🙂

    Moving on!
    A few of you have said what hosts you are using, but could you elaborate on what package you use with them (as noted above in my requests for what should be posted)?

    1and1 ‘unlimited Pro’ package

    Unable to communicate back with site to check for fatal errors, so the PHP change was reverted. You will need to upload your PHP file change by some other means, such as by using SFTP.

    All plugins deactivated

    Theme set to Twenty Seventeen

    Editor works fine

    My problem starts when a child theme is created and active

    • This reply was modified 2 years, 11 months ago by centrespot.
    • This reply was modified 2 years, 11 months ago by centrespot.

    Thanks Marius for your patience and help.
    Webhost: Blacknight (Maximus shared hosting package)
    Exact Error: Unable to communicate back with site to check for fatal errors, so the PHP change was reverted. You will need to upload your PHP file change by some other means, such as by using SFTP.
    When does it occur?: A few seconds after clicking the Update button on editing an active Theme php file or active plugin php files (css or txt files are not affected) in the WP theme or plugin editor.

    Error still occurs with plugins de-activated and 2017 theme activated. Re-activated plugins and ran Health Check with the following results:

    Server architecture: Linux 2.6.32-673.26.1.lve1.4.30.el6.x86_64 x86_64
    PHP Version: 7.0.25 (Supports 64bit values)
    PHP SAPI: cgi-fcgi
    PHP max input variables: 2048
    PHP time limit: 120
    PHP memory limit: 256M
    Upload max filesize: 32M
    PHP post max size: 32M
    cURL Version: 7.54.0 OpenSSL/1.0.2k
    SUHOSIN installed: No
    Is the Imagick library available: No

    MySQL
    Server version: 5.5.57
    Client version: 5.6.37

    Your PHP install supports JSON.
    Your MySQL version supports utf8mb4
    WordPress.org is reachable from your server.
    You are using HTTPS to access this website.
    Your WordPress install can communicate securely with other services.
    No version control systems were detected.
    Your installation of WordPress doesn’t require FTP credentials to perform updates.
    All of your WordPress files are writable.

    – A scheduled event (nxs_querypost_event) has failed to run. Your site still works, but this may indicate that scheduling posts or automated updates may not work as intended.

    x The WP_AUTO_UPDATE_CORE constant is defined and enabled. [I have this set intentionally].
    x WordPress security and maintenance releases are blocked by define( ‘WP_AUTO_UPDATE_CORE’, false );. [I have this set intentionally so I can review updates on a test site first]

    x Unable to perform a loopback request to your site, this may prevent WP_Cron from working, along with theme and plugin editors.

    I have never edited the core files. But i think it’s time to do it.
    Just replaced
    “if ( $is_active && ‘php‘ === $extension ) {”
    for
    “if ( $is_active && ‘123‘ === $extension ) {”

    But I still hope someone fix this issue, because I edit/save theme files about 1000 times by day.

    Two hosts/servers where it is occurring:

    Radiant Solutions – https://www.radiantsolutions.net/resellerhosting.html
    Advanced Reseller package – all sites php 7.1

    12Wonder – https://my.12wonder.com/cart.php?gid=9
    Business Hosting package – php 5.6

    Error occurs modifying functions.php file in child theme, and also in experimenting without child theme, directly to core functions.php… I occasionally edit other .php files in a child, but functions is the only place I’ve needed to edit since 4.9…

    Error is:

    Unable to communicate back with site to check for fatal errors, so the PHP change was reverted. You will need to upload your PHP file change by some other means, such as by using SFTP.

    Experimenting on Radiant Soulutions in two dev sites it is narrowed down for me to the ShortPixel plugin, when activated by itself the issue/error occurs. deactivated it goes away…

    Happens with Divi theme and a child theme in one dev site after narrowing down through a whole bunch of plugins I often use… And then again to confirm, identical issue/error on another fresh dev site with just 2017, no child and just ShortPixel activated… Either of these sites are available for experimenting…

    Experimenting happened in my Radiant Solutions reseller account… The 12Wonder site is a single cPanel account I am currently working on with a client and cannot disrupt…

    BUT, when I deactivate ShortPixel on the 12Wonder site, all other plugins good to go, the issue/error goes way… Reactivate ShortPixel and it reappears…

    This is only one pattern though, others are reporting issue/error with different configurations, patterns…??

    I am going to post this to the ShortPixel WP forum and also to their main site…

    Below is info from the Health Check plugin, first is the Dev 2017 fresh install site, and second the Dev Divi site…

    (Since the Health Check plugin updated a few hours ago it has been taking a HUGE huge incredibly long time to go through its paces and load info… Before the update it was very fast, pretty immediate even…)

    ==========

    ### WordPress ### awakenedheart.life

    Version: 4.9
    Language: en_US
    Permalink structure: /%year%/%monthnum%/%day%/%postname%/
    Is this site using HTTPS?: Yes
    Can anyone register on this site?: No
    Default comment status: open
    Is this a multisite?: No
    User Count: 2
    Communication with WordPress.org: WordPress.org is reachable
    Create loopback requests: Unable to perform a loopback request to your site, this may prevent WP_Cron from working, along with theme and plugin editors.

    ### Active theme ###

    Name: Twenty Seventeen
    Version: 1.4
    Author: the WordPress team
    Author website: https://wordpress.org/
    Parent theme: Not a child theme
    Supported theme features: automatic-feed-links, title-tag, post-thumbnails, menus, html5, post-formats, custom-logo, customize-selective-refresh-widgets, editor-style, starter-content, custom-header, widgets

    ### Other themes (2) ###

    Twenty Fifteen (twentyfifteen): version 1.9 by the WordPress team
    Twenty Sixteen (twentysixteen): version 1.4 by the WordPress team

    ### Active Plugins (2) ###

    Health Check: version 0.5.1 by The WordPress.org community
    ShortPixel Image Optimizer: version 4.8.2 by ShortPixel

    ### Inactive Plugins (6) ###

    Akismet Anti-Spam: version 4.0.1 by Automattic
    Better Plugin Compatibility Control: version 4.9.0 by Oliver Schlöbe
    ManageWP – Worker: version 4.2.27 by ManageWP
    Really Simple SSL: version 2.5.23 by Rogier Lankhorst
    Wordfence Assistant: version 1.0.4 by Mark Maunder
    Wordfence Security: version 6.3.21 by Wordfence

    ### Server ###

    Server architecture: Linux 2.6.32-773.26.1.lve1.4.35.el6.x86_64 x86_64
    PHP Version: 7.1.11 (Supports 64bit values)
    PHP SAPI: cgi-fcgi
    PHP max input variables: 5000
    PHP time limit: 600
    PHP memory limit: 512M
    Upload max filesize: 1G
    PHP post max size: 500M
    cURL Version: 7.54.0 OpenSSL/1.0.2k
    SUHOSIN installed: No
    Is the Imagick library available: Yes

    ### Database ###

    Extension: mysqli
    Server version: 5.5.5-10.0.33-MariaDB
    Client version: mysqlnd 5.0.12-dev – 20150407 – $Id: b396954eeb2d1d9ed7902b8bae237b287f21ad9e $
    Database prefix: awake_

    ### WordPress constants ###

    ABSPATH: /home/awakenedheart/public_html/
    WP_HOME: Undefined
    WP_SITEURL: Undefined
    WP_DEBUG: Disabled
    WP_MAX_MEMORY_LIMIT: 512M
    WP_DEBUG_DISPLAY: Enabled
    WP_DEBUG_LOG: Disabled
    SCRIPT_DEBUG: Disabled
    WP_CACHE: Disabled
    CONCATENATE_SCRIPTS: Undefined
    COMPRESS_SCRIPTS: Undefined
    COMPRESS_CSS: Undefined
    WP_LOCAL_DEV: Undefined

    ### Filesystem permissions ###

    The main WordPress directory: Writable
    The wp-content directory: Writable
    The uploads directory: Writable
    The plugins directory: Writable
    The themes directory: Writable
    The Must Use Plugins directory: Writable

    ===========================================

    ### WordPress ### (spiritawake.life)

    Version: 4.9
    Language: en_US
    Permalink structure: /%postname%/
    Is this site using HTTPS?: Yes
    Can anyone register on this site?: No
    Default comment status: closed
    Is this a multisite?: No
    User Count: 1
    Communication with WordPress.org: WordPress.org is reachable
    Create loopback requests: Unable to perform a loopback request to your site, this may prevent WP_Cron from working, along with theme and plugin editors.

    ### Active theme ###

    Name: Divi Spirit Designs Child
    Version: 1.0.0
    Author: SpiritAwake
    Author website: http://www.spiritawake.net
    Parent theme: Divi
    Supported theme features: custom-background, automatic-feed-links, post-thumbnails, menus, title-tag, post-formats, woocommerce, wc-product-gallery-zoom, wc-product-gallery-lightbox, wc-product-gallery-slider, customize-selective-refresh-widgets, editor-style, widgets

    ### Other themes (4) ###

    Divi (Divi): version 3.0.89 by Elegant Themes
    Twenty Fifteen (twentyfifteen): version 1.9 by the WordPress team
    Twenty Fourteen (twentyfourteen): version 2.1 by the WordPress team
    Twenty Sixteen (twentysixteen): version 1.4 by the WordPress team

    ### Active Plugins (2) ###

    Health Check: version 0.5.1 by The WordPress.org community
    ShortPixel Image Optimizer: version 4.8.2 by ShortPixel

    ### Inactive Plugins (75) ###

    Admin Columns: version 3.0.5 by AdminColumns.com
    Admin Menu Editor: version 1.8.1 by Janis Elsts
    Advanced Menu Widget: version 0.4.1 by Ján Bočínec
    Akismet Anti-Spam: version 4.0.1 by Automattic
    bbP Manage Subscriptions: version 1.2.0 by Pascal Casier
    bbPress: version 2.6-alpha by The bbPress Contributors
    bbPress – Private Replies: version 1.3.3 by Pippin Williamson and Remi Corson
    bbPress Move Topics: version 1.1.3 by Pascal Casier
    bbPress Notify (No-Spam): version 1.15.9.1 by Vinny Alves (UseStrict Consulting)
    bbPress Reply Titles: version 1.0 by Boone B Gorges
    bbP Toolkit: version 1.0.10 by Pascal Casier
    Better Notifications for WordPress: version 1.6.7 by Made with Fuel
    Better Plugin Compatibility Control: version 4.9.0 by Oliver Schlöbe
    Birds Custom Login: version 1.0.8 by Frédéric Serva
    Bulk Attachment Download: version 1.2.3 by Jon Anwyl
    Category to Pages WUD: version 2.3.6 by Danny WUD
    Clean Login: version 1.8.1 by codection
    Conditional Widgets: version 2.2 by Jason Lemahieu and Kevin Graeme (Cooperative Extension Technology Services)
    Contact Form 7: version 4.9.1 by Takayuki Miyoshi
    Contact Form 7 Honeypot: version 1.12 by Nocean
    CSSHero: version 2.31 by CssHero.org
    CSS Hero Animator: Version 0.71
    CSS Hero Inspector PRO: Version 1.0b1
    Custom Content Shortcode: version 3.6.7 by Eliot Akira
    Custom Menu Wizard: version 3.3.0 by Roger Barrett
    Custom Post Type UI: version 1.5.6 by WebDevStudios
    Decent Comments: version 1.5.0 by itthinx
    Divi/Extra Layout Injector: version 3.1 by Sean Barton – Tortoise IT
    Divi Display Logic: version 1.3 by Sean Barton (Tortoise IT)
    Duplicate Menu: version 0.2.1 by Jonathan Christopher
    Dynamic Widgets: version 1.5.13 by Qurl
    Elegant Themes Support: version 1.3 by Elegant Themes
    Enable Media Replace: version 3.1.1 by MĂĄns Jonasson
    Enhanced Text Widget: version 1.4.6 by Boston Dell-Vandenberg
    Flamingo: version 1.7 by Takayuki Miyoshi
    Google Analytics Dashboard for WP (GADWP): version 5.1.2.2 by Alin Marcu
    Gutenberg: version 1.7.0 by Gutenberg Team
    Head, Footer and Post Injections: version 3.1.0 by Stefano Lissa
    Heartbeat Control: version 1.2.2 by Jeff Matson
    Image Widget: version 4.4.6 by Modern Tribe, Inc.
    IP Geo Block: version 3.0.4.6 by tokkonopapa
    jQuery Archive List Widget: version 3.0.6 by Miguel Useche
    ManageWP – Worker: version 4.2.27 by ManageWP
    Media Library Assistant: version 2.62 by David Lingren, Fair Trade Judaica
    Optimize Database after Deleting Revisions: version 4.4.1 by CAGE Web Design | Rolf van Gelder, Eindhoven, The Netherlands
    PHP Code Widget: version 2.3 by Otto
    Post Duplicator: version 2.20 by Metaphor Creations
    Post Type Switcher: version 3.0.0 by John James Jacoby
    Profile Builder: version 2.7.0 by Cozmoslabs, Madalin Ungureanu, Antohe Cristian, Barina Gabriel, Mihai Iova
    Really Simple SSL: version 2.5.23 by Rogier Lankhorst
    Recent Posts Widget Extended: version 0.9.9.7 by Satrya
    Remember Me: version 2.1.1 by David Gewirtz
    Remove Widget Titles: version 1.0 by Stephen Cronin
    Search Everything: version 8.1.9 by Sovrn, zemanta
    Simple Comment Editing: version 2.1.7 by Ronald Huereca
    Simple History: version 2.19 by Pär Thernström
    Simple Image Sizes: version 3.1.1 by Rahe
    Simple Image Widget: version 4.4.2 by Cedaro
    Subscribe to Comments Reloaded: version 170607 by reedyseth, camu
    Subtitles: version 3.0.0 by Philip Arthur Moore, We Cobble
    TinyMCE Advanced: version 4.6.7 by Andrew Ozz
    Title and Nofollow For Links: version 1.02 by Flector
    Transients Manager: version 1.7.3 by Pippin Williamson
    Wider Admin Menu: version 1.2.3 by Chris Dillon
    Widget Clone: version 1.1 by 93digital
    Widget Title Links: version 1.4.1 by Illimar Tambek
    Wordfence Assistant: version 1.0.4 by Mark Maunder
    Wordfence Security: version 6.3.21 by Wordfence
    WP All Export: version 1.1.5 by Soflyy
    WP All Import: version 3.4.6 by Soflyy
    WP Crontrol: version 1.5 by John Blackbourn & contributors
    WP Fastest Cache: version 0.8.7.4 by Emre Vona
    WPFront Scroll Top: version 1.5 by Syam Mohan
    WP Widget As Link & Widget Background & CSS: version 1.5.3 by Alex Egorov
    Yoast SEO: version 5.8 by Team Yoast

    ### Server ###

    Server architecture: Linux 2.6.32-773.26.1.lve1.4.35.el6.x86_64 x86_64
    PHP Version: 7.1.11 (Supports 64bit values)
    PHP SAPI: cgi-fcgi
    PHP max input variables: 5000
    PHP time limit: 600
    PHP memory limit: 512M
    Upload max filesize: 1G
    PHP post max size: 500M
    cURL Version: 7.54.0 OpenSSL/1.0.2k
    SUHOSIN installed: No
    Is the Imagick library available: Yes

    ### Database ###

    Extension: mysqli
    Server version: 5.5.5-10.0.33-MariaDB
    Client version: mysqlnd 5.0.12-dev – 20150407 – $Id: b396954eeb2d1d9ed7902b8bae237b287f21ad9e $
    Database prefix: splife_

    ### WordPress constants ###

    ABSPATH: /home/purelight/public_html/
    WP_HOME: Undefined
    WP_SITEURL: Undefined
    WP_DEBUG: Disabled
    WP_MAX_MEMORY_LIMIT: 512M
    WP_DEBUG_DISPLAY: Enabled
    WP_DEBUG_LOG: Disabled
    SCRIPT_DEBUG: Disabled
    WP_CACHE: Disabled
    CONCATENATE_SCRIPTS: Undefined
    COMPRESS_SCRIPTS: Undefined
    COMPRESS_CSS: Undefined
    WP_LOCAL_DEV: Undefined

    ### Filesystem permissions ###

    The main WordPress directory: Writable
    The wp-content directory: Writable
    The uploads directory: Writable
    The plugins directory: Writable
    The themes directory: Writable
    The Must Use Plugins directory: Writable

    • This reply was modified 2 years, 11 months ago by crzyhrse.
    Moderator Marius L. J.

    (@clorith)

    Just a heads up as the Health Check plugin was updated to do loopback checks, and to account for slow sites and various situations it does have he same timeout as core uses for the theme/plugins editors (100 seconds), so unfortunately if something is blocking them it will become slower.

    Thank you for the detailed breakdown of your findings though! We definitely appreciate the time taken to look into it.

Viewing 15 replies - 46 through 60 (of 123 total)
  • The topic ‘Can’t edit main theme php files after upgrading to 4.9’ is closed to new replies.