BackuPs

@centrespot So you can edit the functions.php in the parent theme and not in the child theme? That does not make any sense. I cant edit neither one.

Of course i already tried disabling them.It does not change anything. It would have made me laugh if they would have caused that as these plugins dont do anything that could cause such.

They just add a site-id to the wp-admin area on the site list and a auto robots.txt and a remove action for redirect 404.

<?php
remove_action( 'template_redirect', 'maybe_redirect_404' );
?>

I can send you the overview of a single website below.

### WordPress ###

Version: 4.9
Language: en_US
Permalink structure: /%category%/%postname%
Is this site using HTTPS?: Yes
Can anyone register on this site?: No
Default comment status: closed
Is this a multisite?: No
User Count: 1
Communication with WordPress.org: WordPress.org is reachable

### Active theme ###

Name: Twenty Fifteen
Version: 1.9
Author: the WordPress team
Author website: https://wordpress.org/
Parent theme: Not a child theme
Supported theme features: automatic-feed-links, title-tag, post-thumbnails, menus, html5, post-formats, custom-logo, custom-background, editor-style, customize-selective-refresh-widgets, custom-header, widgets

### Other themes (3) ###

Twenty Fourteen (twentyfourteen): version 2.1 by the WordPress team
Twenty Thirteen (twentythirteen): version 2.3 by the WordPress team
Twenty Twelve (twentytwelve): version 2.4 by the WordPress team

### Active Plugins (1) ###

Health Check: version 0.5.0 by The WordPress.org community

### Inactive Plugins (1) ###

Akismet Anti-Spam: version 4.0.1 by Automattic

### Server ###

Server architecture: Linux 3.10.0-693.5.2.el7.x86_64 x86_64
PHP Version: 7.1.11 (Supports 64bit values)
PHP SAPI: litespeed
PHP max input variables: 5000
PHP time limit: 300
PHP memory limit: 384M
Upload max filesize: 128M
PHP post max size: 128M
cURL Version: 7.55.1 OpenSSL/1.0.2m
SUHOSIN installed: No
Is the Imagick library available: No

### Database ###

Extension: mysqli
Server version: 5.6.38
Client version: mysqlnd 5.0.12-dev - 20150407 - $Id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx $
Database prefix: xxxxxx_

### WordPress constants ###

ABSPATH: /home/xxxxxxxxxxxxx/public_html/
WP_HOME: Undefined
WP_SITEURL: Undefined
WP_DEBUG: Disabled
WP_MAX_MEMORY_LIMIT: 384M
WP_DEBUG_DISPLAY: Enabled
WP_DEBUG_LOG: Disabled
SCRIPT_DEBUG: Disabled
WP_CACHE: Disabled
CONCATENATE_SCRIPTS: Undefined
COMPRESS_SCRIPTS: Undefined
COMPRESS_CSS: Undefined
WP_LOCAL_DEV: Undefined

### Filesystem permissions ###

The main WordPress directory: Writable
The wp-content directory: Writable
The uploads directory: Writable
The plugins directory: Writable
The themes directory: Writable

I dont run any security plugin or whatever.

Above is a pretty much normal install. It runs on tier.net

But also on a local host with a non existing domain it does not work because the domain name cannot be resolved. That is something the code should actually check as it is useless to do a check for those installs.

Thank you ! Have a great weekend !

I just found one host where it does work…. That is interesting though…

well that error makes sense. Since its a localhost install and the website domain name is in the host file and only visible on the pc who has that xxx.xxx.xxx.xxx website.tst in his host file.

[Fri Nov 17 13:44:37.266751 2017] [:error] [pid 1125] [client 192.168.142.1:53926] WP_Error::__set_state(array(\n 'errors' => \n array (\n 'http_request_failed' => \n array (\n 0 => 'cURL error 6: Could not resolve host: website.tst',\n ),\n ),\n 'error_data' => \n array (\n ),\n)), referer: http://website.tst/wp-admin/theme-editor.php?file=functions.php&theme=twentyseventeen

So i tried a life server with a domain name that is accessible without modding the hostfile.

Now i get this

[17-Nov-2017 13:01:12 UTC] ------------------------------------------->
[17-Nov-2017 13:01:12 UTC] Starting edit check
[17-Nov-2017 13:01:12 UTC] Body:
[17-Nov-2017 13:01:12 UTC] <!DOCTYPE html>
<html style="height:100%">
<head><title> 403 Forbidden
</title></head>
<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">
<div style="height:auto; min-height:100%; ">     <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">
        <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">403</h1>
<h2 style="margin-top:20px;font-size: 30px;">Forbidden
</h2>
<p>Access to this resource on the server is denied!</p>
</div></div></body></html>

[17-Nov-2017 13:01:12 UTC] Connection created

But if i remove the lines 491-598 in file.php it just works fine and the file is edited and saved with the correct made modifications.

So the 403 does not make sense as without that piece of code the file is just edited and saved.

Please let me know what else i can test for you.

Note changing the file permissions of that php file to 777 does not resolve the error message. It only works if i remove the complete php functions that checks for something that apparently is not needed as it works without that check.

Hi
needle start contains this :

needle ###### wp_scraping_result_start:2a32dbf6e0fff7a63ac3dde1e2aa749e ######, referer: http://website.tst/wp-admin/theme-editor.php?file=functions.php&theme=twentyseventeen

body contains this

referer: http://website.tst/wp-admin/theme-editor.php?file=functions.php&theme=twentyseventeen

scrape_result_position contains this

referer: http://website.tst/wp-admin/theme-editor.php?file=functions.php&theme=twentyseventeen

it fails on line 558

if ( false === $scrape_result_position ) {
$result = $loopback_request_failure;
}

If i delete lines 491-598 in file.php i can at least edit the files again. I know it is less secure, but i can work from the editor.

@clorith It happens in any server. I tested now 20 of them today and they all have the same issue. And they are on different hosting providers. It works just fine in 4.8.3 and just not in 4.9

No security plugins…. I have seen several users who bought themes at themeforest reporting similar issues in the theme support forums.

This is a wp bug not caused by mod_security, a security plugin or whatever you might be thinking of. Its WP changes causing this.

Even a clean ubuntu server throws the problem. A windows server running wamp has the issue.

Same here. It is not possible anylonger to edit and save any file even if valid php code is used. They all produce

“Unable to communicate back with site to check for fatal errors, so the PHP change was reverted. You will need to upload your PHP file change by some other means, such as by using SFTP”

The wp 4.9 wrecked this ability. Too bad !