mophilly

@buzztone my issue is precisely what the original poster wrote. We do not use wp_super_cache. the problem with sending mail from Contact 7 remains.

+1
We are having trouble as well. It worked flawlessly for ages until the last update.

Same behavior: click send and the “working” spinner appears but nothing happens. The confirmation page is not shown. However, I have confirmed that if the “to” address is local to the server the mail is delivered. I am trying to confirm receipt at a remote address.

Oh, I forgot to mention, I see this in the PHP error log:

Undefined variable: res in /home/files/sample/html/wp-content/plugins/wordfence/lib/wordfenceClass.php on line 404
[03-May-2014 13:09:12] PHP Notice:  ob_end_clean() [<a href='ref.outcontrol'>ref.outcontrol</a>]: failed to delete buffer. No buffer to delete. in /home/files/sample/html/wp-content/plugins/wordfence/lib/wordfenceClass.php on line 410

I often see this error, “undefined variable”, in PHP applications. I assume this is the result of employing inexperienced or careless programmers. That assumption seems incorrect in the case of Wordfence. Nonetheless, this is clearly a bug that has a simple fix.

I see this too.

is_file() [function.is-file]: open_basedir restriction in effect. File(/home/files/sample/html/..) is not within the allowed path(s): (/tmp/:/home/files/sample/html/) (2) File: /home/files/sample/html/wp-content/plugins/wordfence/lib/wfScanEngine.php Line: 193

A couple of things I see. First, the path is present in the allowed paths. Second, the offending file is in the allowed path.

I checked the server config and the open_basedir restriction is set up correctly.

I would be delighted to learn of an adjustment I can make to resolve this. At the moment, I suspect it is a bug in Wordfence or PHP.

@tara, thank you for your reply. I failed to mention that I am testing a custom plug-in and theme. As as a result, all of your suggestions are absolutely valid, but are not applicable. I apologize to you for taking your time on a malformed question.

My question is more in the vein of how can RESTful strings be “lopped off” before they reach the plugin hook(s).

I have worked around the current situation by loading the session vars. I am not pleased with that solution as I still don’t have a clear understanding of how to drive a RESTful URL through WP to the plugin.

Regards,
– Mophilly

Thanks for the follow up, Mike.

No, I had not posted the question there. I added one today:

ReferenceError wp is not defined

I suggest you contact the author Mike. I did a couple of months ago for another matter. He was very helpful and the very modest fee he asked for was well worth it.

It appears there is a disconnect exists between the options page and the code in the primary php file. The variable name used in the code that clears the cart is different than the one used in the option page.

I apologize for not having the names and/or file lines to place here. I am working on another project at the moment and need to make a deadline.

I apologize for the delay in getting back to this.

The author has been very helpful. What follows here is not a criticism of EM or its author(s).

In my case, I have error reporting enabled while I construct a new site and a plugin for it. Because of this I felt I had no choice but wade through the code of all the third party plugins I am using and amend the code to deal with the various issues.

The one I found most, and one that seems rather common in the PHP world, was not initializing variables before they are used. In strongly typed languages you cannot get away with that. PHP, python and others are loosely typed and although that is handy it can lead to bad habits.

Here is a link to my write up on the issue: PHP undefined index and the common app

Although this post is unanswered and rather old, here is the solution I used. It may not be the best way but it works here. YMMV.

In the plugin init area, declare an action for “admin_menu” with a function to do the bulk of the work.

// administration page
	add_action('admin_menu', 'my_admin_actions');

The function adds a line to the admin side, and most importantly, adds a sub menu item that is associated with a call to admin

function my_admin_actions() {
  // user registration
  // help: add_menu_page( $page_title, $menu_title, $capability, $menu_slug, $function, $icon_url, $position )

  // application administration Menu
  // help: add_menu_page( $page_title, $menu_title, $capability, $menu_slug, $function, $icon_url, $position )
  add_menu_page('My Administration', 'Administration', 'activate_plugins', 'my-admin', 'my_admin_main');

  // help: add_submenu_page( $parent_slug, $page_title, $menu_title, $capability, $menu_slug, $function);
  // help: the function parameter refers to the functions defined in this file. Note that each function name here also is defined in the next section

// location based class list and editor
  add_submenu_page('admin.php?page=', 'Administration', 'Editor', 'activate_plugins', 'my_admin_editor', 'function_my_admin_editor');

By using “admin.php?page=” as the first parameter of add_submenu_page, you asking WordPress to look for a page name (my_admin_editor) instead of a menu slug in the normal way.

Here is what I did. This procedure assumes the wp database does not contain any malicious code in wp_options.

1. Do everything listed on this page: Hardening WordPress
Pay close attention to the section on directory and file permissions.

2. Replace the entire set of WordPress files with a clean copy downloaded from the web site. I think you can use the “reinstall” option in the admin pages.

3. Use a good text tool* to perform a search of all the files in the web site directory. Search for <?php eval(gzinflate(base64_decode(. Make a list of the files containing that if your tool does not.

4. For each file infected, replace it with a clean copy of the original.

In my case, I have many backups of the site and database. So I was able to compare to recent backups to find the malicious code.

I hope this is helpful.

* I use BBEdit. Notepad++ is pretty good on Windows. There are others to choose from.

I just got hit with this too.

If you are not comfortable with programming, and PHP in particular, you should not modify the files on your server. Better to download a clean copy of WordPress and the theme you use and replace the files on your server.

Download to a safe location; and by safe, I mean on a machine that is not infected in any way.

Once downloaded, expand the zip files, if any, and run a search of all the downloaded files for the offending code. If the search results in zero hits, you can copy these new files to replace the old ones. If you find it in the downloaded files, notify the authors.

Be aware that there may be many files infected. Also, you need to consider how the site files were compromised in the first place.

I hope this helps.

After testing and decomposing the code involved, the error was found in the data array passed into the ajax call. To aid anyone seeking answers for a similar error here is what I found in the code.

quizData is an array structured for the WordPress ajax handler.

Code As Found

var quizData = {
	action: 'save_quiz',
	item: invoice_item,
	lesson: jQuery("#lesson"),
	score: ratio };

There are two problems with this code. First, the jQuery call is assigning a jQuery object to the array value element “lesson”. This results in an “undefined” value in the array that creates the error condition. The missing bit here is the “.val()” function invocation.

The second one may be the code architecture of the project, but it appears that a jQuery call within array assembly block does not work as expected. In my tests, the data array contained a null value.

Resolution

var lesson_id = jQuery("#lesson").val();
var quizData = {
	action: 'save_quiz',
	item: invoice_item,
	lesson: lesson_id,
	score: ratio };

I hope this helps someone.

Further checking reveals that this error is occurring with theme Twenty Eleven, so the theme may not be at issue.

When posted yesterday I forgot to mention that this code is part of page template in a child theme. That didn’t seem related, but I add it just in case.

I notice the url for your image file contains the element “files”. Does this refer to the “files” directory on SME in the iBay directory?

I ask because I don’t use that directory for files to be displayed in the web pages. I place the image files in the ibay/hmtl/ tree instead, e.g. html/images/ or html/wp-content/images/.

For files shared across domains or sub domains, in a directory owned by apache and having read/write privileges for owner and group, and read for everyone.

I hope this helps.