Join the community today
Become a Member

Blank WordPress editor

Discussion in 'Bug Reports' started by Sean, Nov 10, 2015.

Tags:
  1. Sean

    Sean New Member

    16
    2
    3
    Oct 23, 2015
    Ratings:
    +8
    Local Time:
    2:56 AM
    1.8
    not using Maria yet
    Hi,
    The following directives in
    /usr/local/nginx/conf/wpsecure_YOURDOMAIN.COM.conf


    # Block PHP files in includes directory.
    #location ~* /wp-includes/.*\.php$ {
    # deny all;
    #}

    # Block PHP files in uploads, content, and includes directory.
    # original location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ {
    location ~* /(?:uploads|files|wp-content)/.*\.php$ {
    deny all;
    }
    causes /wp-includes/js/tinymce/wp-tinymce.php not to load and the editor is blank.

    The above code with added comments, comments out the lines that break tiny mc.

    That allows the editor to work but removes the security, can we check for wp-login cookies and block if not logged in
    a location if ! directive
    I'll work on it later,

    BR,
    Sean
     
  2. eva2000

    eva2000 Administrator Staff Member

    53,278
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    4:56 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    do you have a screenshot of what you see ?

    i am not seeing any blank editors on my tests ?
     
  3. Sean

    Sean New Member

    16
    2
    3
    Oct 23, 2015
    Ratings:
    +8
    Local Time:
    2:56 AM
    1.8
    not using Maria yet
    Eva,

    I did not screenshot it. Just the text box area in the page/post editor would not load the html and the text/visual or the editing plugin button were grayed out. I looked in chromes developer console and it just said, "wp-tinymce.php not loaded". A hah!

    BR,
    Sean
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,278
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    4:56 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    tried excluding wp-tinymce.php ?

    Code:
    location ~ ^/(wp-includes/js/tinymce/wp-tinymce.php) {
            include /usr/local/nginx/conf/php.conf;
    }
     
  5. Sean

    Sean New Member

    16
    2
    3
    Oct 23, 2015
    Ratings:
    +8
    Local Time:
    2:56 AM
    1.8
    not using Maria yet
    Eva
    I added that code and restored the original code and I am back to the blank text box and the dev console telling me

    Failed to load resource: the server responded with a status of 403 (Forbidden)
    post.php:4815 Uncaught ReferenceError: tinymce is not defined
    wp-langs-en.js:235 Uncaught ReferenceError: tinyMCE is not defined
    post.php:4810 Uncaught ReferenceError: tinymce is not defined
    admin.js:83 Uncaught ReferenceError: tinyMCE is not defined

    BR,
    Sean
    P.S How about only running that deny if not logged in?
     
  6. eva2000

    eva2000 Administrator Staff Member

    53,278
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    4:56 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    for now you probably need to just leave the deny commented out though i am not having that problem at all with the editor, my visual editor loads up fine with centmin.sh menu option 22 installed wordpress

    curious if @Matt Williams @RoldanLT @JarylW have experienced such ?
     
  7. Sean

    Sean New Member

    16
    2
    3
    Oct 23, 2015
    Ratings:
    +8
    Local Time:
    2:56 AM
    1.8
    not using Maria yet
    Eva,

    I find that things run differently on every platform. It's just part of the process weeding out the weird stuff and it's probably job security! ;)

    BR,

    Sean
     
  8. Matt Williams

    Matt Williams WordPress Fanatic

    537
    104
    43
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +157
    Local Time:
    2:56 AM
    latest
    10
    I've never had that issue before. Which Centmin build do you have installed Sean?
     
  9. Sean

    Sean New Member

    16
    2
    3
    Oct 23, 2015
    Ratings:
    +8
    Local Time:
    2:56 AM
    1.8
    not using Maria yet
    Matt,
    That would be the latest as of Friday.

    BR,
    Sean
     
  10. Matt Williams

    Matt Williams WordPress Fanatic

    537
    104
    43
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +157
    Local Time:
    2:56 AM
    latest
    10
    The latest beta or stable? I take that back, I had that issue once but it was due to a faulty plugin on a clients install.
     
  11. Sean

    Sean New Member

    16
    2
    3
    Oct 23, 2015
    Ratings:
    +8
    Local Time:
    2:56 AM
    1.8
    not using Maria yet
    Matt,
    It's 123.08stable. I deactivated all plugins, as per the usual and same problem. Restarted nginx. Same problem. The /usr/local/nginx/conf/wpsecure_YOURDOMAIN.COM.conf includes a deny for that dir and the console shows wp-tinymce.php as not available and browsing to the file is a 403. Commented out the "offending" code, restarted nginx and it's good to go.
    BR,
    Sean
     
  12. Matt Williams

    Matt Williams WordPress Fanatic

    537
    104
    43
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +157
    Local Time:
    2:56 AM
    latest
    10
    Glad you figured it out. I'll keep an eye out for such issues. I always install the Stable build myself and have done 3 today with no issues. I just checked all 3 and this didn't happen for me. Strange...:bored:
     
  13. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    2:56 PM
    Mainline
    10.2
    Tinymce is not a standard editor right?
    As I don't have this issue also.
     
  14. eva2000

    eva2000 Administrator Staff Member

    53,278
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    4:56 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    It's included in latest WP at least that php file is and from the wp secure file rule it should block on access, however my visual editor never calls that php file wp-includes/js/tinymce/wp-tinymce.php and my dev tools console is clean as such
    you can try something similar to suggestion at IP.Board - Block Manager Getting Blocked | Centmin Mod Community to include a specific allow location context match for that specific php file wp-includes/js/tinymce/wp-tinymce.php only

    so revision of above would be
    Code:
    location ~ ^/(wp-includes/js/tinymce/wp-tinymce.php) {
           include /usr/local/nginx/conf/php.conf;
           allow all;
    }
    
    # Block PHP files in includes directory.
    location ~* /wp-includes/.*\.php$ {
    deny all;
    }
    
    # Block PHP files in uploads, content, and includes directory.
    location ~* /(?:uploads|files|wp-content)/.*\.php$ {
    deny all;
    }
    
     
  15. jcat

    jcat Member

    153
    22
    18
    Jun 21, 2015
    New Jersey
    Ratings:
    +64
    Local Time:
    2:56 AM
    Sorry to bring up an old thread here but I am seeing this more and more. Simply adding

    Code:
    location ~ ^/(wp-includes/js/tinymce/wp-tinymce.php) {
           include /usr/local/nginx/conf/php.conf;
           allow all;
    }
    Does resolve it but I was wondering if it would be possible to add this block by default to the wpsecure_domain.conf? Does this possibly open up a hole for those who do not require access to wp-tinymce.php in which it would be better to not allow access to it by default?
     
  16. eva2000

    eva2000 Administrator Staff Member

    53,278
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    4:56 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Centmin Mod 123.09beta01's centmin.sh menu option 22 wordpress install already adds a bunch of common wp plugin whitelistings as such including tinymce. If you aren't using the wp plugin, having the whitelisting doesn't do anything anyway
     
  17. jcat

    jcat Member

    153
    22
    18
    Jun 21, 2015
    New Jersey
    Ratings:
    +64
    Local Time:
    2:56 AM
  18. eva2000

    eva2000 Administrator Staff Member

    53,278
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    4:56 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  19. jcat

    jcat Member

    153
    22
    18
    Jun 21, 2015
    New Jersey
    Ratings:
    +64
    Local Time:
    2:56 AM
    awshum :) Thanks!
     
  20. jcat

    jcat Member

    153
    22
    18
    Jun 21, 2015
    New Jersey
    Ratings:
    +64
    Local Time:
    2:56 AM