Lester Chan's WordPress Plugins – Page 11 – Lester Chan's WordPress Plugins Development Blog

AJAX Not Working For WP-Email, WP-Polls, WP-PostRatings or WP-PostViews?

About 2 weeks ago, I release an update to r WP-Email, WP-Polls, WP-PostRatings and WP-PostViews which added some nonce check and moved the AJAX request to be handled by /wp-admin/admin-ajax.php.

3 common issues that users are facing.

“-1” or “Failed To Verify Referrer”
This means that most likely you are using a caching plugin like W3 Total Cache (W3TC) and the Javascript being minified/combined and cached is outdated. Just empty the JS/CSS cache under the “Minify” section of W3TC in WP-Admin and W3TC will regenerate it again. This will solve the problem.

Password Protected /wp-admin/ Will Not Work
If you are using .htpasswd to protect your /wp-admin/ folder, AJAX request to /wp-admin/admin-ajax.php will not work. This problem is not unique to my plugin. Any WordPress Plugins that uses the WordPress AJAX API will break. As mentioned in this Codex, Hardening WordPress:

Simply securing the wp-admin/ directory might also break some WordPress functionality, such as the AJAX handler at wp-admin/admin-ajax.php

To bypass this, check out this tutorial, Password protecting the wp-admin directory, this tutorial will teach you how to whitelist admin-ajax.php in your /wp-admin/ using .htaccess.

I still hope in the future version of WordPress, they will separate front facing AJAX requests vs backend AJAX requests.

Your WP-Admin Is HTTPS While Your Site Is Not
If your WP-Admin is behind SSL aka HTTPS and you have the following config in your wp-config.php define('FORCE_SSL_ADMIN', true);, the AJAX will fail because https://yoursite.com is different from http://yoursite.com and the browser treat it as different domain.

To solve this issue do the following:
Find:
'ajax_url' => admin_url('admin-ajax.php'),
Replace:
'ajax_url' => admin_url('admin-ajax.php', (is_ssl() ? 'https' : 'http')),

~~What the code does is basically forcing http to be used when calling admin-ajax.php for AJAX request. Again this is a hack, I am trying to figure a way around it.~~

I have pushed the code to trunk of all the respective plugins.

(411 votes, average: 4.16 out of 5)

WordPress 3.4 RC1

WordPress 3.4 RC1 has been released to marked the 9th Birthday of WordPress!

I am expecting the final one to ship within the next 1-2 weeks!

Download: WordPress 3.4 RC1

(83 votes, average: 3.70 out of 5)

WP-Polls, WP-PostRatings, WP-PostViews, WP-Email Updated

I have updated the following plugins:

Now all AJAX requests are handled by /wp-admin/admin-ajax.php. Previously it is handled via the plugin PHP file itself by assuming that wp-load.php is always 2 levels down from the plugin file. But since you can have your WordPress in any folders, custom loading of wp-load.php is not possible as the path to wp-load.php varies from server to server.

While I am at it, I added nonce check for AJAX calls to WP-Polls, WP-PostRatings and WP-Email. Let me know if you run into problems via WordPress Support Forums, My Forums (if you are already registered) or via email (lesterchan AT gmail).

PS: Kindly refer to https://lesterchan.net/wordpress/2012/06/05/ajax-not-working-for-wp-email-wp-polls-wp-postratings-or-wp-postviews/ if you ran into problems.

(136 votes, average: 3.97 out of 5)

WordPress 3.3.2 & 3.4 Beta 3 Released

WordPress 3.3.2 & 3.4 Beta 3 has been released
WordPress 3.3.2

Fixes:

Plupload (version 1.5.4), which WordPress uses for uploading media.
SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.

vSWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.

Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances, disclosed by Jon Cave of our WordPress core security team, and Adam Backstrom.
Cross-site scripting vulnerability when making URLs clickable, by Jon Cave.
Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs. Thanks to Mauro Gentile for responsibly disclosing these issues to the security team.

Changelog: From WordPress 3.3.1
Download: WordPress 3.3.2

WordPress 3.4 Beta 3

90 bugs have been fixed since beta 2

Changelog: From WordPress 3.4 Beta 2
Download: >WordPress 3.4 Beta 3

(133 votes, average: 3.98 out of 5)

WordPress 3.4 Beta 1

WordPress 3.4 Beta 1 has been released! The final version is expected to ship sometime next month (May 2012).

What’s New

Theme Customizer with Previewer
Flexible Custom Header Sizes
Selecting Custom Header and Background Images from Media Library
Better experience searching for and choosing a theme

Under-the-hood Changes

New XML-RPC API for external and mobile applications
New API for registering theme support for custom headers and backgrounds
Performance improvements to WP_Query by splitting the query (Please test!)
Internationalization improvements (improved performance and locale support)
Performance and API improvements when working with lists of installed themes
Support for installing child themes from the WordPress Themes Directory

Download: WordPress 3.4 Beta 1

(128 votes, average: 3.92 out of 5)