• Obscure WordPress Errors – Why? Where? and How?
    by ShibaShake on Jan 6, 2010

    WordPress Error 1

    ‘You do not have sufficient permissions to access this page.’

    This error is activated within the file wp-admin/menu.php which in turn gets included by wp-admin/admin.php which gets called by almost every WordPress administration page.

    Here is a code snippet from wp-admin/menu.php where the error message is reported -

    <?php
if (! user_can_access_admin_page()) {
      do_action('admin_page_access_denied');
      wp_die( __('You do not have sufficient permissions to access this page.') );
 }
?>

    As you can see from the code snippet above, a good way to debug this error is by hooking into the admin_page_access_denied action in your plugin or your theme functions.php file.

    1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

    <?php
add_action('admin_page_access_denied', 'debug_page_access');
 
function debug_page_access() {
	global $pagenow;
	global $menu;
	global $submenu;
	global $_wp_menu_nopriv;
	global $_wp_submenu_nopriv;
	global $plugin_page;
	global $_registered_pages;
 
	$parent = get_admin_page_parent();
	$hookname = get_plugin_page_hookname($plugin_page, $parent);
 
	echo "Pagenow = " . $pagenow . "<br/>";
	echo "Parent = " . $parent . "<br/>";
	echo "Hookname = " . $hookname . "<br/>";
 
	echo "Menu = " . $menu . "<br/>";
	echo "Submenu = " . $submenu[$parent] . "<br/>";
	echo "Menu nopriv = " . $_wp_menu_nopriv . "<br/>";
	echo "Submenu nopriv = " . $_wp_submenu_nopriv[$parent][$plugin_page] . "<br/>";
	echo "Plugin page = " . $plugin_page . "<br/>";
	echo "Registered pages = " . $_registered_pages[$hookname] . "<br/>";
 
}
?>

    In the debug_page_access function we print out a series of global variables used in the user_can_access_admin_page check. By doing this, we can determine where the admin page failure is coming from.

    The user_can_access_admin_page function is defined in wp-admin/includes/plugin.php.

    WordPress Error 2

    Are you sure you want to do this?

    This error is the result of a WordPress nonce check failure.

    In particular, this error is reported by the function wp_nonce_ays which is defined in wp-includes/functions.php.

    The wp_nonce_ays function is called by the check_admin_referer function which appears everywhere within the WordPress administration areas (i.e. WordPress dashboard).

    Below is the check_admin_referer source from the wp-includes/pluggable.php file.

    1
2
3
4
5
6
7
8
9
10
11
12
13

    <?php
function check_admin_referer($action = -1, $query_arg = '_wpnonce') {
	$adminurl = strtolower(admin_url());
	$referer = strtolower(wp_get_referer());
	$result = isset($_REQUEST[$query_arg]) ? wp_verify_nonce($_REQUEST[$query_arg], $action) : false;
	if ( !$result && !(-1 == $action && strpos($referer, $adminurl) !== false) ) {
		wp_nonce_ays($action);
		die();
	}
	do_action('check_admin_referer', $action, $result);
	return $result;
}endif;
?>

    The function has three required conditions -

    1. Line 5 – You must pass a nonce check.
    2. Line 6 – You must pass the function an action.
    3. Line 6 – The page (php file) calling the function (i.e., wp_get_referer) must be an administration url (as defined by the admin_url function). admin_url simply gets the administration path of the current blog – which can be the WordPress default (wp-admin) or which can be overridden by the admin_url filter.

    The ‘Are you sure you want to do this?’ error comes from a failure in one of these areas.

    WordPress Errors

    These are the two most common errors I came across while writing plugins and themes in WordPress.

    If you come across other obscure WordPress errors, please let me know and I will add it to the post.

    Related Articles

    << Previous Next >>

    <a href="http://shibashake.com/wordpress-theme/add-admin-columns-in-wordpress" target="_top">How to Add Admin Columns in WordPress</a>

    How to Add Admin Columns in WordPress

    [If you want to add custom post type columns, here is a tutorial that deals specifically with custom post types.] Many of the key administration areas within WordPress displays a table containing a list of objects and some of their attributes. For example, the Posts screen displays a table with a list of posts and some of their attributes including...

    << Previous Next >>

    <a href="http://shibashake.com/wordpress-theme/wordpress-query_posts-and-get_posts" target="_top">WordPress query_posts and get_posts</a>

    WordPress query_posts and get_posts

    The WordPress query_posts command allows you to query the WordPress wp_posts database and retrieve post objects (e.g. posts, pages, attachments) based on their attributes. query_posts is used throughout the WordPress administration system, but it is most prominent in the WordPress Loop and underlies all of the WordPress Loop commands, e.g. the_post...

    << Previous Next >>

    <a href="http://shibashake.com/wordpress-theme/mastering-the-wordpress-loop" target="_top">Mastering the WordPress Loop</a>

    Mastering the WordPress Loop

    The WordPress Loop is one of the key structures in any WordPress blog. It is used to control which posts are shown on each and every one of your blog pages. In addition, it is also used extensively on your WordPress Dashboard. For example, when you click on Posts on the left navigation bar, a list of your most recently created posts are shown using...

    <Playback Stop Play >

    • Leave a Reply

    Your email address will not be published.

    You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="" highlight="">

    search button search button
    rss