Skip to:

“Add Forum” button numb?

  • Hello,

    Cherry install of 1.0a2 on WP 2.6.2

    COOKIEHASH fix in place.

    Besides the ‘can only be logged into one app’ at a time issue’, which I’m fine with as it’s a known issue, my new install is twitching a bit.

    I can not add a forum using the ‘add forum’ button (nothing happens). I can edit the original install forum’s description.

    Is this a permissions thing on some ajaxy file or a `<IfModule mod_security.c>

    <Files async-upload.php>

    SecFilterEngine Off

    SecFilterScanPOST Off


    </IfModule>` in .htaccess type of thing?

    If relevant: PHP5, shared db, siteurl/forum/ installation.


Viewing 19 replies - 1 through 19 (of 19 total)
  • Really? Hmm, maybe this is a common issue that has been dealt with before… I’ll keep looking.

    So, no related trac issue has been logged (I was hoping that this was a known issue not some random thing on my side!) and I didn’t come across anything in these forums.

    I checked the db via PHPMyAdmin to see if there had been any activity, nada.

    I’ll go back to the WP fora and check what version numbers folks are using…

    Hrm, did you have any problems before the cookie hash was fixed? I didn’t bother with it at all on alpha 2 and didn’t have any issues.

    Caught wearing my underwear on the outside. It doesn’t make me immune to cosmic cookie rays?

    This was a cherry install so I didn’t have any experience with bbPress and its issues etc. The ‘add forum’ button issue existed before I added the quick fix…I found it on my first pass through the support forums trying to see how other WP2.6 success stories started out…

    Did I mention that I have the bbPress files located in a subdomain called ‘forum’ i.e. ?

    I’ve just gone through the phpbbb vs SMF review again, just so I can get something going while these small things get cooked off, but I think I’ll stry bbPress as a stand-alone in its own db and integrate later…Do you see any drama with that path?

    I just noticed that I didn’t add the SECRET_KEY value from wp-config.php (sic) to wp-settings.php as per a comment in that file…but it turns out that’s an artifact. Strike that.

    These are some of the cookies that FireBug reports:

    wordpress_logged_in_f004625b18565e7c579076261d01b3a5 105 B /forum/ Session

    wordpress_f004625b18565e7c579076261d01b3a5 95 B /wp-content/plugins Session

    wordpress_f004625b18565e7c579076261d01b3a5 95 B /wp-admin Session

    wordpress_f004625b18565e7c579076261d01b3a5 95 B /forum/my-plugins Session

    wordpress_f004625b18565e7c579076261d01b3a5 95 B /forum/bb-plugins Session

    wordpress_f004625b18565e7c579076261d01b3a5 95 B /forum/bb-admin Session

    wordpress_test_cookie 36 B / Session

    I’m checking…

    Ok, I just reinstalled using seperate db’s this time (+WP integration). The installation process is very, very smooth with good feedback at every stage.

    Again, I believe the install was successful.

    Cache cleared etc. but numb ‘Add Forum’ button issue persists.

    I am using the same filebase (with no PHP errors in logs) though.

    The only blank spot I have in the install is:

    >>>>>> WordPress "secure auth" cookie salt not set. which appears to be an acceptable state based on the doc’s.

    The 6 session cookies are all suffixed with COOKIEHASH.

    I am unable to create new fora as keymaster or Admin.

    Can I provide any useful data?

    I need more coffee this week.

    You’re going in through Right?

    Also it looks like the COOKIEHASH issue is a WPMU (multi user) thing and not a WP vanilla one. Are you using WPMU?

    Nope, this project is WP not WPMu

    musnake –

    One thing you could try, which seemed to get everything working for me. Copy the hashes/salts directly from your wp-config.php file and prefix each one with BB_. Might be excessive, but seems to work for me.

    define('AUTH_KEY', 'blah');
    define('SECURE_AUTH_KEY', 'blah');
    define('SECURE_AUTH_SALT', 'blah');
    define('LOGGED_IN_KEY', 'blah');
    define('SECRET_KEY', 'blah');
    define('SECRET_SALT', 'blah');
    define('LOGGED_IN_SALT', 'blah');


    define('BB_AUTH_KEY', 'blah');
    define('BB_SECURE_AUTH_KEY', 'blah');
    define('BB_SECURE_AUTH_SALT', 'blah');
    define('BB_LOGGED_IN_KEY', 'blah');
    define('BB_SECRET_KEY', 'blah');
    define('BB_SECRET_SALT', 'blah');
    define('BB_LOGGED_IN_SALT', 'blah');

    I just couldn’t get the descriptions in bbPress setup page to match all the keys in wp-config.php, so I copied them all over in a brute-force cop out. I am on a subdomain install, not folder, so this might not help.

    eagano – I tested, and it works fine on both subdomain and folders.

    But musnake, can you link to the cookiehash fix? I’m 99% sure it’s not needed for your install, so that may be causing weirdness.

    Just to be clear, guys: I’m working on a WP2.6.2 site, not the WPMu version…

    @eagano: I hear you man. I did as you suggested and I made sure /wp-admin/options.php matched as well.

    I’m using FF3 and the error console shows only warnings generated by the theme’s CSS (doesn’t like the asterisk in declarations: Kakumei 0.01 theta-beta by Bryan Veloso)

    I’m not using Google Gears to cache anything.

    @Ipstenu: I linked to the cookiefix in the first post. Now that you both pointed out that it’s a WPMu-specific fix I have removed it from the WP code. Did you mean a link to the test site?

    I appreciate you looking into this.

    Is there some sort of trace I can place on the submit button? A setting I can toggle to make it/something verbose?


    I’ll download and push the filebase again, just for laughs…

    haha, sigh. It helps if I push the right version! Ok, it’s still 1.0 alpha 2 and it’s still refusing to add the forum. The CSS is ‘messed up’ for the form but that shouldn’t stop it, right? Naaah.

    Oh look, another straw…


    Does the page respond at all when you click ‘Add Forum’? Does it refresh and do nothing? Or does the page not even refresh? And you are able to do all the other admin tasks?

    If you just click ‘Add Forum’ with no input you should get the red error message box below the add form with “An unidentified error has occurred.”.

    There are at least two nonces for security and quite a few hidden fields that need to be there. Here’s what I’m seeing:

    <p class="submit">
    <input type="hidden" name="order-nonce" value="beb39845e6" />
    <input type="hidden" name="_wp_http_referer" value="/bb-admin/content-forums.php" />
    <input type="hidden" name="_wpnonce" value="84424fd1b7" />
    <input type="hidden" name="_wp_http_referer" value="/bb-admin/content-forums.php" />
    <input type="hidden" name="action" value="add" />
    <input name="Submit" type="submit" value="Add Forum »" tabindex="13" />

    I’m wondering if the HTTP POST is happening with no result, or if the submit is not even working. If you don’t get any error message when you click submit, it’s probably an ajax problem.

    Absolutely no response. Not even a twitch…which does smell like an ajax problem. Hence, the .htaccess fix for the e.g. from WP where my ajax won’t work unless it’s exempt from that apache mod.

    Do you know which file and what permission would be involved?



    Index Id Name Type Value Label Size Maximum Length State
    0 fieldset
    1 forum-name forum_name text Forum Name:
    2 forum-desc forum_desc text Forum Description:
    3 forum-parent forum_parent select
    4 forum-is-category forum_is_category checkbox 1 Forum is Category:
    5 order-nonce hidden c2ee0a0be6
    6 _wp_http_referer hidden /forum/bb-admin/content-forums.php
    7 _wpnonce hidden d5944257a4
    8 _wp_http_referer hidden /forum/bb-admin/content-forums.php
    9 action hidden add
    10 Submit submit Add Forum »


    I added the following:

    <IfModule mod_security.c>
    <Files admin-ajax.php>
    SecFilterEngine Off
    SecFilterScanPOST Off

    to this file:

    This fixed the issues. I can add fora with the sexy yellow flash and all.

    Security people, does this tear a hole in the universe?

    Please advise!

    Did some research. Short answer: If it fixes your site, then no, no black hole is created.

    Mod_security is a weird beasty. You may want to ask your ISP/Host why it’s set up such that it butchers ajax, though.

    Did you have any issues with your wordpress setup that made you fiddle with the security?


    @keymi: Chinese? I tried Kanji too…

    @IPstenu: Yes, I had to apply the fix to get WP to work, that’s what tinkled the bell… Thanks for looking at it. I’ll throttle permissions down though… Do you use the the support forum mod? seeing as we’re both on the same patch level…

    No, I’m not using it yet, and likely won’t. It’s cool, though, just outside my scope :)

    (I’m totally digging on this vanilla forum, with a total lack of features I never use!)

Viewing 19 replies - 1 through 19 (of 19 total)
  • You must be logged in to reply to this topic.
Skip to toolbar