Title: Security Error Last modified: February 27, 2017 --- # Security Error * [moongear](https://wordpress.org/support/users/moongear/) * (@moongear) * [9 years, 1 month ago](https://wordpress.org/support/topic/security-error-9/) * With certain other third party plugins, the Better YOURLS plugin causes a “Security Error” on `save_post` and/or `transition_post_status`. This errors results due to an issue in `class-better-yourls-actions.php`. * Starting at line #127, the evaluation of `$_POST['better_yourls_nonce']` begins. The first part tests if `$_POST['better_yourls_nonce']` is set but at the same time validates the nonce while being dependent on `$_POST['better_yourls_nonce']`. * Because some third party plugins do not paint the YOURLS Meta Box, the better_yourls_nonce INPUT does not exist on those edit pages. When submitted, `$_POST['better_yourls_nonce']` does not exist. Therefore, evaluating the nonce is futile. * ``` // Make sure we are originating from the right place. if ( ! isset( $_POST['better_yourls_nonce'] ) || // WPCS: input var ok. ! wp_verify_nonce( $_POST['better_yourls_nonce'], 'better_yourls_save_post' ) // WPCS: input var ok. Sanitization ok. ) { wp_die( esc_html__( 'Security Error', 'better-yourls' ) ); } ``` * What should happen is a test that `$_POST['better_yourls_nonce']` is good then if it is evaluate the nonce (not both at the same time). * Line #131 (`wp_die( esc_html__( 'Security Error', 'better-yourls' ) );`) should never be realized if the variable is simply not defined. Instead, it should gracefully return and do nothing else. - This topic was modified 9 years, 1 month ago by [moongear](https://wordpress.org/support/users/moongear/). Viewing 2 replies - 1 through 2 (of 2 total) * Plugin Author [Andrew Norcross](https://wordpress.org/support/users/norcross/) * (@norcross) * [9 years, 1 month ago](https://wordpress.org/support/topic/security-error-9/#post-8852640) * are we talking about the same plugin? mine isn’t called “Better YOURLS” and shouldn’t contain those strings. * Thread Starter [moongear](https://wordpress.org/support/users/moongear/) * (@moongear) * [9 years, 1 month ago](https://wordpress.org/support/topic/security-error-9/#post-8853520) * Oh, you are correct. My apologies. Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Security Error’ is closed to new replies. * ![](https://ps.w.org/yourls-link-creator/assets/icon-256x256.png?rev=1081567) * [YOURLS Link Creator](https://wordpress.org/plugins/yourls-link-creator/) * [Frequently Asked Questions](https://wordpress.org/plugins/yourls-link-creator/#faq) * [Support Threads](https://wordpress.org/support/plugin/yourls-link-creator/) * [Active Topics](https://wordpress.org/support/plugin/yourls-link-creator/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/yourls-link-creator/unresolved/) * [Reviews](https://wordpress.org/support/plugin/yourls-link-creator/reviews/) * 2 replies * 2 participants * Last reply from: [moongear](https://wordpress.org/support/users/moongear/) * Last activity: [9 years, 1 month ago](https://wordpress.org/support/topic/security-error-9/#post-8853520) * Status: not a support question