jimhu

My hosting provider’s tech support was able to set me up to where I could see a compile error in the regular expression that prevents SQL injection for the keys. Not sure why this only happens on some hosts.

Should be fixed in 1.41 but the preexisting queries will be lost. You may be able to find these in the wp-options table for the wordpress site by searching for options with the name matching ‘wp_pubmed_reflist’ The queries are buried in the data structure of that entry if they have not been previously lost.

I just tried to make a new release. Unfortunately, while it seems to work on my laptop, it is failing on the hosting provider where I see the problem.

I’m now seeing this on our shared host but not on my local machine.

What is your setup like @moeuf?

Is it something where you have control the server or is it a on some kind of hosting service?

I’m wondering about whether you’d be able to test some things if we can work out a way for me to get test scripts or code snippets to you.

Do you do github?

OK, that makes sense. I assume you are still seeing the new key entry field and the Save Changes button below the errors.

That’s terrible.

Unfortunately, I can’t reproduce the problem on my test site without more information about how it happened.

Looking at the code, which is in settings/query_form.php the error message you are getting happens when php compares a “sanitized” version of the key with what was input. It should not be evaluating true for alphanumerics, although it doesn’t like periods in the current version. But it looks like it thinks it’s seeing non-alphanumeric content, which is really weird.

Once it’s getting a false positive for each old key, it’s deleting that key-query combination from the list when you submit the form. But I’m mystified about why it could think there’s non-alphanumeric in your alphanumeric keys.

Am I correct that you are seeing the old keys in the form next to blank text boxes?

Wow, sorry about that… it’s obviously not supposed to do that. It should only affect the new one and give you the form again in a state like where it was before you put in a bad key.

I’m looking at the code to try to figure out what happened. I confess that it always takes me longer than it should to read and understand my own code when I haven’t worked on it for a while.

Questions:

1. Are the old queries and their keys still in the form? Asking so you can copy them somewhere as backup if in the worst case you have to regenerate them.
2. What was the new key? Need to know if I should add some characters to the whitelist
3. If you open a new browser tab/window and call up the settings form again does it give you the same mess of error messages? Are the old queries gone?

whew! Glad it works for you. I should probably look at php to see if there’s a way I can detect that for users who can’t see the error logs.

Apologies for not replying sooner. I came down with some crud over the weekend.

It’s kind of hard to tell what’s going on without being able to view the page, but can you view the page source? The plugin writes a comment tag before each block of references with something like “load from cache” I’m wondering if an unclosed comment is causing the problem.

This is what I’m seeing on the bare site. Having the error messages display may be helpful.

Warning: file_get_contents(https://eutils.ncbi.nlm.nih.gov/entrez/eutils/efetch.fcgi?db=pubmed&id=28160848,26744909&retmode=xml): failed to open stream: HTTP request failed! HTTP/1.1 429 Too Many Requests in /home/academic/www/source/wp-content/plugins/wp-pubmed-reflist/class.wpPubMedRefList.php on line 196

Warning: Invalid argument supplied for foreach() in /home/academic/www/source/wp-content/plugins/wp-pubmed-reflist/class.wpPubMedRefList.php on line 109

Warning: file_get_contents(https://eutils.ncbi.nlm.nih.gov/entrez/eutils/esearch.fcgi?db=pubmed&term=redenti+s%5Bau%5D+AND+2016%5Bdp%5D&retmax=20): failed to open stream: HTTP request failed! HTTP/1.1 429 Too Many Requests in /home/academic/www/source/wp-content/plugins/wp-pubmed-reflist/class.wpPubMedRefList.php on line 196

This is potentially useful.

It looks like I will need to do some revamping to deal with changes in how NCBI provides the EUtils

https://www.ncbi.nlm.nih.gov/books/NBK25497/#_chapter2_Usage_Guidelines_and_Requiremen_

On December 1, 2018, NCBI will begin enforcing the use of API keys that will offer enhanced levels of supported access to the E-utilities. After that date, any site (IP address) posting more than 3 requests per second to the E-utilities without an API key will receive an error message. By including an API key, a site can post up to 10 requests per second by default. Higher rates are available by request (vog.hin.mln.ibcn@seitilitue). Users can obtain an API key now from the Settings page of their NCBI account (to create an account, visit https://www.ncbi.nlm.nih.gov/account/). After creating the key, users should include it in each E-utility request by assigning it to the new api_key parameter.

Example request including an API key:
esummary.fcgi?db=pubmed&id=123456&api_key=ABCDE12345

Example error message if rates are exceeded:
{“error”:”API rate limit exceeded”,”count”:”11″}
Only one API key is allowed per NCBI account; however, a user may request a new key at any time. Such a request will invalidate any existing API key associated with that NCBI account.

So it looks like when you have too many shortcodes on the same page, NCBI blocks the service after some number of them have run. But I’m still not sure why this is happening to you but not to me or to your other site hosted at MIT.

Not sure how fast I can fix this. I’ll probably have to spend some time reaching out to NCBI tech support.

Before talking to them, there are a couple of things I’d look at:

Is the problem dependent on what theme you’re using?
Is the problem dependent on the other plugins that are active on the site?

Do you have a test site at idcsoft.com that is just a basic WP theme with no other plugins? That would allow you to tell whether it’s a problem on the host or with the themes or plugins.

I assume that the version of WP is recent. I should note that my testing has been on a single install on GoDaddy (my host for historical reasons, not because I like them) and I don’t know if you’re using a multisite installation. My dept. has a multisite installation on WP-engine, which I may be able to test.

If it comes down to more in depth debugging, the two things you’d want are the ability to look at the mysql database back end and the ability to check error logs.

I’m hoping it turns out to be a theme or plugin incompatibility.

That’s weird because some are working for you and others aren’t.

I used the tools query panel to make a set of queries that look like this:

key: redenti_18
query: redenti s[au] AND 2018[dp]

for 2016-18

Then I put these on my test page like this:

2018

[pmid-refs key=redenti_18 wrap=ol showlink=false]

2017

[pmid-refs key=redenti_17 wrap=ol?showlink=false]

2016

[pmid-refs key=redenti_16 wrap=ol showlink=false]

See it here: https://jimhu.org/wp-pubmed-reflist-tests/

So, the big question is: did I do it differently from you or is there something different about our installations?

I assume you already checked for smart quotes problem in the shortcode content?

Can you post the markup?

edit to add: I’m also wondering if there is another incompatible plugin involved.

• This reply was modified 5 years, 11 months ago by jimhu.

wrong thread.

• This reply was modified 5 years, 11 months ago by jimhu.

I just tried your example

[pmid-refs key=26387536 wrap=ul]

[pmid-refs key=27153631 wrap=ul]

[pmid-refs key=27590350 wrap=ul]

[pmid-refs key=27879490 wrap=ul]

I get

Blanco, FF, Jimbo, M, Wulfkuhle, J, Gallagher, I, Deng, J, Enyenihi, L et al.. The mRNA-binding protein HuR promotes hypoxia-induced chemoresistance through posttranscriptional regulation of the proto-oncogene PIM1 in pancreatic cancer cells. Oncogene. 2016;35 (19):2529-41. doi: 10.1038/onc.2015.325. PubMed PMID:26387536 .
Search PubMed
Pliatsika, V, Loher, P, Telonis, AG, Rigoutsos, I. MINTbase: a framework for the interactive exploration of mitochondrial and nuclear tRNA fragments. Bioinformatics. 2016;32 (16):2481-9. doi: 10.1093/bioinformatics/btw194. PubMed PMID:27153631 PubMed Central PMC4978933.
Search PubMed
Oran, AR, Adams, CM, Zhang, XY, Gennaro, VJ, Pfeiffer, HK, Mellert, HS et al.. Multi-focal control of mitochondrial gene expression by oncogenic MYC provides potential therapeutic targets in cancer. Oncotarget. 2016;7 (45):72395-72414. doi: 10.18632/oncotarget.11718. PubMed PMID:27590350 PubMed Central PMC5340124.
Search PubMed
Stephens, M, Kim, DI, Shepherd, B, Gustafson, S, Thomas, P. Intense Uptake in Amyloidosis of the Seminal Vesicles on 68Ga-PSMA PET Mimicking Locally Advanced Prostate Cancer. Clin Nucl Med. 2017;42 (2):147-148. doi: 10.1097/RLU.0000000000001460. PubMed PMID:27879490 .

with bullets and links that don’t show here.

it’s weird because the handling of multiple shortcodes in the same post should be part of the WP codebase unrelated to anything in the plugin.

edit to add: here’s where I’m testing

https://jimhu.org/wp-pubmed-reflist-tests/

• This reply was modified 5 years, 11 months ago by jimhu.