Philip John

I do see that the Jetpack connection with your website is currently broken.

I do see from the debugger that the connection appears to be broken, but when I use curl to test XML-RPC it responds as expected:

$ curl -i -X POST https://spacenews.com/xmlrpc.php –data-binary @xmlrpc

HTTP/2 200 
content-type: text/xml; charset=UTF-8
server: nginx
strict-transport-security: max-age=300
x-pantheon-styx-hostname: styx-fe1-b-bf4bf4fd9-jgqmq
x-robots-tag: noindex, follow
x-styx-req-id: 52145554-cd88-11ed-adc1-82eb3a88e1f3
date: Tue, 28 Mar 2023 16:48:09 GMT
x-served-by: cache-chi-kigq8000103-CHI, cache-lon4283-LON
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1680022089.415100,VS0,VE323
vary: Accept-Encoding
age: 0
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
content-length: 181

<?xml version="1.0" encoding="UTF-8"?>
<methodResponse>
  <params>
    <param>
      <value>
      <string>Hello!</string>
      </value>
    </param>
  </params>
</methodResponse>

Where xmlrpc contains:

<?xml version="1.0" encoding="utf-8"?>
<methodCall>
	<methodName>demo.sayHello</methodName>
	<params></params>
</methodCall>

I’m also able to successfully run authenticated requests (credentials hidden, of course):

<?xml version="1.0" encoding="utf-8"?>
<methodCall>
	<methodName>system.listMethods</methodName>
	<params>
		<param>
			<value>*****</value>
		</param>
		<param>
			<value>*****</value>
		</param>
	</params>
</methodCall>

Which responds with:

HTTP/2 200 
content-type: text/xml; charset=UTF-8
server: nginx
strict-transport-security: max-age=300
x-pantheon-styx-hostname: styx-fe1-a-5f4c49d8b9-gqjqc
x-robots-tag: noindex, follow
x-styx-req-id: 96c6da7b-cd88-11ed-b50a-ba0cfe931859
date: Tue, 28 Mar 2023 16:50:04 GMT
x-served-by: cache-chi-klot8100137-CHI, cache-lon4269-LON
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1680022205.671883,VS0,VE316
vary: Accept-Encoding
age: 0
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish

<?xml version="1.0" encoding="UTF-8"?>
<methodResponse>
  <params>
    <param>
      <value>
      <array><data>
  <value><string>system.multicall</string></value>
...
</data></array>
      </value>
    </param>
  </params>
</methodResponse>

Are you able to provide any further information on what your servers are seeing when performing the XML-RPC requests please?

Hiya, I’m the developer working on this project. I’m guessing that the aim of deleting the plugin is to trigger the deleted_plugin hook(s) within Jetpack?

The codebase for this site is managed in Git so we uninstall plugins from removing them in the Git repo and we have a CD process to deploy that to the hosting environment. This means the deleted_plugin hook(s) will never fire, and won’t give us the desired reset.

Is there some particular data you expect would be reset that should help with this issue? If so we can manually reset that data instead.

Hi Savvas,

It effectively resets the query because $wpdb->get_results( $wp_query->request ); re-runs the query.

In a vanilla install with the default theme and just SportsPress you can dump the value of the global $post variable within hooks like pre_get_posts and parse_query which will show you how the $post variable is changing, causing the issue.

Remove that line and you’ll see that the main query is maintained and the $post is not changed.

As a general rule, $wp_query should not be messed with in this way as it can cause these kinds of unexpected consequences.

I’ve found the cause. It’s this function in includes/class-sp-post-types.php

	public function display_scheduled_events( $posts ) {
		global $wp_query, $wpdb;
		if ( is_single() && $wp_query->post_count == 0 && isset( $wp_query->query_vars['sp_event'] )) {
			$posts = $wpdb->get_results( $wp_query->request );
		}
		return $posts;
	}

Specifically this line:

$posts = $wpdb->get_results( $wp_query->request );

That has the effect of resetting the main query, breaking the loop and causing the Not Found. If I simply comment out that line, it works fine. I’ve been testing on a clone site with only SportsPress, SportsPress for Cricket and the default theme (Twenty Twenty-One) active. You can see it here (pwd ilovenews)

• This reply was modified 3 years, 11 months ago by Philip John.

For example, the first time I opened it today it worked fine. Here’s a screenshot: https://cloudup.com/cPXIM8oY5DX

The moment I refresh, it 404s.

Here’s the relevant section of $wp_rewrite which looks fine:

    ["sp_event"]=>
    array(8) {
      ["with_front"]=>
      bool(true)
      ["ep_mask"]=>
      int(1)
      ["paged"]=>
      bool(true)
      ["feed"]=>
      bool(false)
      ["forcomments"]=>
      bool(false)
      ["walk_dirs"]=>
      bool(true)
      ["endpoints"]=>
      bool(true)
      ["struct"]=>
      string(17) "/event/%sp_event%"
    }

• This reply was modified 3 years, 11 months ago by Philip John.

Hi, theme author (sort of) here :wave:

The plugin works fine over on this site using essentially the same theme so it’s strange that it doesn’t work for this one.

It does sometimes work, with enough flushing of permalinks. It’s almost as if something is preventing permalinks from saving.

I have a local setup where I have the Newspack theme + SportsPress with the content imported (using WXR) and the same settings and it works fine.

Any special insight you have on what might be going wrong and areas of investigation I can look into would be very much appreciated ??

Ohh got ya. Okay, this is more a problem of Twitter not picking up the image than it not being there in the right format then.

Thanks for the help ??

you would need to configure an actual image

My understanding was that Yoast would print that year or, using the featured image, just like it does for og:image. It’s that not the case?

Hiya,

Any update on this?

I noticed there are four places where there is a die() with this specific message. There are a bunch more uses of die() throughout the code which should be avoided as they could result in an unexplained WSOD for people.

Thanks

Sorry to hear it didn’t work for you!

Can you tell me what you saw when you tried to use it, and how that differed from what you expected?

Thanks!

Hiya,

I’ve just checked the MD5 and SHA1 sums of all the files, and they match those quoted by the plugin.

What are the values you get, and how are you generating those?

Thanks

There’s no “official” Git repo for the plugin – the one you’ve found is VERY old and shouldn’t be used.

Is the location of the hashes causing issues in WordPress for you?

BTW, if you’re thinking of addressing this particular issue it might be a good idea to have unit tests to catch this happening, or a fix to the generation script at https://github.com/philipjohn/exploit-scanner-hashes

Hi Viktor,

There isn’t, but I’ll definitely look at setting that up!

In the meantime, if you have patches, please feel free to post a diff and I’ll happily review, commit and give props until we have GH.

Thanks!

@ovib Are you on the latest version of the plugin (1.4.5)? And if so, what version of WordPress are you using?