Issues With Latest UPdate 403 Error
-
Hi,
Since you fixed the error with the API, the site seems to find the fonds for downloading them but when you hit save and optimize you are redirected to a 403 forbidden page – /wp-admin/options.php?tab=omgf-optimize-settings
Thanks,
-
Hei there,
Yeah we’re getting the same error when clicking save & optimize:
403
Forbidden
Access to this resource on the server is denied!Hope you find a fix for it. Im going to try to rollback until then too.
Best,
Raits
Edit: 4.5.5 worked for me too and I was able to update the plugin back to the current after doing it.
Okay, so I finally found some time to dig through this and compare 4.5.5 with 4.5.6 and I found two things that might cause this behavior in some environments.
If anyone here could try the following for me, that would help me pinpoint the issue.
In version 4.5.5, in file
includes/admin/settings/class-optimize.phpon line 264, replace the double asterisk, with single asterisk.:Replace this:
<input type="hidden" name="<?= OMGF_Admin_Settings::OMGF_OPTIMIZE_SETTING_OPTIMIZED_FONTS; ?>" value="<?= serialize($this->optimized_fonts); ?>" />With this:
<input type="hidden" name="<?= OMGF_Admin_Settings::OMGF_OPTIMIZE_SETTING_OPTIMIZED_FONTS; ?>" value='<?= serialize($this->optimized_fonts); ?>' />Now try to Save & Optimize and see if you get the 403 forbidden error.
If not, try the following:
Still in v4.5.5, in file
includes/class-admin.phpremove line 58 completely. The following line should be removed:add_filter('pre_update_option_omgf_optimized_fonts', [$this, 'decode_option'], 10, 3);Now try to Save & Optimize and see if you get the 403 forbidden error.
If not, please enable WordPress debugging mode, click Save & Optimize and see if you get any on screen errors. To enable debugging, open up your wp-config.php file and add the following lines right before
/* That's all, stop editing! Happy blogging. */:define( 'WP_DEBUG', true );
define( 'WP_DEBUG_DISPLAY', true );Make sure remove those lines directly after finishing your tests!
Alright! Finally some news, guys.
Thanks to the efforts of @galbaras I’ve finally been able to pinpoint what was causing the 403 forbidden error.
I’ve created a beta version of OMGF, and the link to download can be found in this reply on that same thread. It would be much appreciated if anyone could take the time to test it.
These changes will be included in the next release.
Thank you for your patience!
Rules related to unserialization (especially in POST) shouldn’t be whitelisted. They’re there for a reason: objects related to a class are executed upon unserialization, which is obviously a serious security hazard.
Since I’m just using data objects in the
omgf_optimized_fontsoption, I always figured I wasn’t doing anything wrong. But in hindsight I should’ve known that this was causing the 403 errors.Base64_encode()-ing the serialized string when POST-ing the form, andbase64_decode()-ing it right before it’s written to the database is a fool- and futureproof method. IMO it increases the quality of OMGF. So, I’m happy and we’ll roll with it. 🙂The code will be included in the next patch release (5.0.5), which will be released today or tomorrow.
Thanks again for your efforts!
- The topic ‘Issues With Latest UPdate 403 Error’ is closed to new replies.
