這個外掛並未在最新的 3 個 WordPress 主要版本上進行測試。開發者可能不再對這個外掛進行維護或提供技術支援,並可能會與更新版本的 WordPress 產生使用上的相容性問題。

AJAX Referer Fix

外掛說明

Note: This plugin does not work in WP 2.5. The AJAX referer check in WP 2.5 does not conflict with a hardened version of PHP, so this plugin is no longer adequate.
If you still experience the permission problem it is likely your browser or a plugin.

This plugin fixes an issue that can cause several problems in the Administration Panel, including the following:

  1. The “You don’t have permission to do that” error when performing certain actions, even though you are in fact logged in
  2. The “Are you sure you want to edit this page: “”?” confirmation when trying to save a post or page
  3. Inability to remove pages or posts using the Management panels
  4. And possibly other problems that have similar symptoms

Most people who get these problems seem to be on a server that uses a hardened version of PHP. This version adds several security measures to PHP, including transparent cookie encryption. The WordPress function that checks whether you can perform certain actions in the Administration Panel (check_ajax_referer()) does not function properly because of this. This plugin replaces that function with a something that does take the cookie encryption into account.

安裝方式

After you’ve downloaded and extracted the files:

  1. Upload the complete ajax-referer-fix folder to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Verify whether the fix solves your problem

常見問題集

Why do I need this plugin?

You only need this plugin if you are experiencing any of the perviously mentioned problems. If WordPress is working fine without it, then don’t waste your time on this.

Note: WP 2.5 users do not need this plugin. It will not work.

Is this fix secure?

Short answer: Yes. Longer answer: The replacement function provided by this plugin uses the same validation method as the original function. There is one difference and it has to do with encrypted cookie data. I suggest you have a look at the source code (it’s commented) if you want to find out how it works exactly. The replacement function is no less secure than the original.

It does not solve my problem

You may be experiencing one or more of the previously mentioned problems for a reason unrelated to AJAX or encrypted cookies. In that case, this plugin is unlikely to solve it. However, it could also be possible that the plugin just isn’t perfect. In any case, it would be really helpful if you contacted me about your problem and providing the following information:

  1. Your PHP version (as displayed by the output of phpinfo())
  2. Hardened PHP Patch version (if any, try searching for ‘Hardened’, ‘Suhosin’ or ‘Patch’ in the output of phpinfo())
  3. The value of suhosin.cookie.encrypt (as displayed by the output of phpinfo())

使用者評論

這個外掛目前沒有任何使用者評論。

參與者及開發者

以下人員參與了開源軟體〈AJAX Referer Fix〉的開發相關工作。

參與者

將〈AJAX Referer Fix〉外掛本地化為台灣繁體中文版

對開發相關資訊感興趣?

任何人均可瀏覽程式碼、查看 SVN 存放庫,或透過 RSS 訂閱開發記錄