Only the administrator can view the preview

  • Sameer

    (@msameerbutt)


    10 years ago

    Hi there,

    First I would like to thank you for developing such a nice plug-in. While working with this plugin, I have run into very small issue, I hope you will help me in this regards.

    In my local server its works perfectly alright, but on live server whenever we try to create new newsletter it throws error on preview section as following message

    “Only the administrator can view the preview”

    Your assistance in this regards will be highly appreciated.

    Thanks

    https://www.ads-software.com/plugins/newsletter/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter Sameer

    (@msameerbutt)

    There is one additional information about live enviroment, we are running the WordPress CMS in SSL instead of https://. Did it cause that error?

    Thread Starter Sameer

    (@msameerbutt)

    With debugging, We came to know its a function “check_admin_referer” in the script “emails/preview.php” is causing this error.

    Further digging into code shows that “check_admin_referer” is calling “wp_verify_nonce” function that return false. In nutshell WordPress nounce is not verifying on live server.

    Any idea ?

    Plugin Author Stefano Lissa

    (@satollo)

    This is very strange, if that function returns false, none of the admin panel should work! Have you a security plugin or like?

    Thread Starter Sameer

    (@msameerbutt)

    Everything is working fine except the preview, event this is working on local server. We are keep digging the issue and hopefully we will track and share the information here.

    We are not using any specific security plugin. We are using latest version of newsletter plug-in and WordPress in multi-site environment.

    We will share the problem once we find the solution.

    Thread Starter Sameer

    (@msameerbutt)

    Further investigations shows the following findings

    1. When emails/preview.php accessed via iframe by emails/new.php it creates a nounce along with the URL as follows
    nounce created:33007|-1|1|asFegDFLNkF2BSupecI2LJORmkUGECCHRitIUMysMqn
    , but on emails/preview.php verification failed and showed the following nounce
    nounce verified:33007|-1|1|

    One can easily notice that the token part of nounce is missing. To sum up we can say ‘wp_verify_nonce()’ method has failed to get $token by calling wp_get_session_token() function in emails/preview.php.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Only the administrator can view the preview’ is closed to new replies.

Tags