Brian Brown, Ph.D.

https://www.theamericanawakening.org/
Thanks!
-Brian

Just for the record, it has NOT been fixed!
Brian Brown, Ph.D.

Thanks for all your hard work, Nikitian.
-Brian

Me too!

Apparently the blacklist for anonym.to has been removed; the above post (anontmiz) is obviously spam.

Not resolved. OAuth is returning to the wrong URL/
Marking as “broken.”

Yet another update:
Okay. I realized that I had to change to php 5.3 because this plugin has an anonymous function that is not supported in php 5.2, which changed the path to php.
On a Sunny note (pun intended), while experimenting, I created scripts in the public root to call wp-cron.php and the /wp-content/plugins/path/to/plugin-specific/cron/script.php and I named them something like wp-adminrun-cron.php (which simply calls wp-cron.php as an include file. So, if your CloudFlare page rules are set up like we discussed over on Rufus’ site https://wphuman.com/make-cloudflare-supercharge-wordpress-sites/ then wp-cron won’t be touched by ClourFlare at all (which is what you want if you are using Curl or Wget). If you are using the CLI in a real cron job CloudFlare won’t see it anyway.
[ Signature moderated ]

Update: It may also have something to do with server clustering. I know that in GoDaddy’s Grid Hosting, “locahost” and 127.0.0.1 are handled in a different way; and WHM and cPanel too.
For instance if I enter:

curl https://ipecho.net/plain; echo

from shell, I get a totally different IP address from the server IP address, i.e., xx.xx.113.1 (server IP) returns xx.xx.196.220, so we need to test/whitelist the secondary IP(s).

Something like:
/sbin/ifconfig |grep -B1 "inet addr" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $2 == "Link" ) { printf "%s:" ,$1 } }' |awk -F: '{ print $1 ": " $3 }'

Which theoretically returns something like;

eth0: 10.20.10.1
eth1: 10.20.1.168
lo: 127.0.0.1

Regards,
-Brian

Apparently that (above) was not the problem, since it is still doing it (in ver. 1.4.14). Disabling Ban Login with Bad Usernames has no effect. Unticking iThemes Security and Zero Spam has no effect, either. I think it might be with the secuity_check private function, since there is no referer (referrer), but I’m not sure. I will dig into the code (it is some of the most well structured and well documented plugin code I have seen in a long time) and see if I can find the problem.
Curl and Wget work okay, but they have timeout and resource overhead issues.
If I run from shell I get a proper response (Content-type:text/html). For instance:
/path/to/php “$HOME/html/www.example.com/path-to-script.php”
Regards,
-Brian

Well, I call wp-cron.php from a cronjob (disabled in wp-config) and also an RSS autoposter script. Using Wget adds to the server load, so I prefer not to use it.
Maybe you could add it as an option on/off. But there are a lot of other WordPress plugins that have the facility to use a *nix cronjob and not wp-cron (examples would be: some of the missed schedule plugins; WooCommerce products importer; Automatic Updater, etc.), notwithstanding a scant few who update from the Command Line.
I don’t see why it is necessary to restrict php from accessing the site since it has to be run on the same server and therefore should not require that degree of security unless there is some other rogue script running and, if so, then one has a whole other level of problems (and there are other security plugins to address those issues).
Thanks for your prompt response!
-Brian

The reason Ninja doesn’t work is because it tries to tag at the wrong place in the posting process, thus it won’t work with many of the autoposters.
Strickly autotags does, BTW, but gets its taxonomy internally, not from an external source.
-Brian

I never use the WP repository, or anything else on wp.org or .com. Use github; less hassle (no WP authoritarians) that try to moderate and run everything.

@daverage Does this have the @beer hook?

I guess WordPress altered the HTML.
The HTML as rendered on Twitter is:
Redskins Coach Says &_amp;quot;Stats Are Always For Losers,&_amp;quot; Which Is Funny Because Stats Show He's A Loser
without the underscores “_” in &_amp
Note that there aren’t any changes being made for a single quote so maybe they have a problem with the double quotes only. Its probably a security issue.
Maybe the first occurrence of a double quote should be changed to “ (left double quotes) and the next occurrence to next to ” (” right double quotes) or all double quotes changed to an apostrophe (‘).
Here’s a screenshot: https://www.brianbrown.net/example.png
-B

Looks like the ##Q## fixed in the newest release. I think Rob Strictly left the debugger on. However, the plugin is still generating malformed URLS, I think.