818 pointsLike some sort of WPMU DEV God"Mindblowingly helpful member
nickd32
Member
—
19th August 2011
I've got the Comment Spam Pack installed on our live site, and in one case, it's stopping me from leaving a comment on my own site.
I'm using a theme called SupportPress from WooThemes, which turns WP into a full on Support site (no need to pay for ZenDesk anymore).
Anyway, the theme creates a custom post type called "tickets" and you can "manage tickets" by adding a comment to an existing ticket.
Everything is working beautifully, except when I go to leave a comment on a ticket -- I get the dreaded "Cheating huh" message from the "AVH First Defense Against Spam - WPMU DEV Version" plugin.
I've turned off all the anti-spam options, but I'm still getting blocked from leaving a comment. Help!
I've got the Comment Spam Pack installed on our live site, and in one case, it's stopping me from leaving a comment on my own site.
I'm using a theme called SupportPress from WooThemes, which turns WP into a full on Support site (no need to pay for ZenDesk anymore).
Anyway, the theme creates a custom post type called "tickets" and you can "manage tickets" by adding a comment to an existing ticket.
Everything is working beautifully, except when I go to leave a comment on a ticket -- I get the dreaded "Cheating huh" message from the "AVH First Defense Against Spam - WPMU DEV Version" plugin.
I've turned off all the anti-spam options, but I'm still getting blocked from leaving a comment. Help!
This is a tough one to troubleshoot as I don't have the theme myself. I tried testing with another custom post type, thinking perhaps it would have the same result with any custom post type comment but I couldn't replicate the issue with that.
I'll ask one of the developers to have a look here and see if there's anything he can spot.
The reason you're getting the error is because the plugin is unable to inject its required nonce field in comment template because the hook it uses never gets called. It's difficult for plugins to inject things into themes reliably, as the hooks that get implemented in themes vary drastically.
If you're comfortable with editing your theme file, there is a quick and relatively easy fix you can apply to solve this issue. Here's how you could do it:
1) Open this file: <path-to-your-themes-directory>/supportpress/single-ticket-comments.php (I recommend backing it up first, just in case)
2) Scroll down to lines 191-193. They should look like this:
...
</p>
</form>
...
3) Change them to this:
...
</p>
<?php do_action('comment_form');?>
</form>
...
4) Save your file.
As you see, we merely added a "comment_form" hook, just above the closing form tag - the actual comment form will still be the one from your theme, but the plugin needs this hook called so it knows where to inject its nonce field.
UPDATE - I think there's some commonality with this thread -- I just turned on the Quick Cache plugin -- and in this case, I think that may be the issue. Regardless of how many times I reload the page, I keep seeing the same captcha-like graphic.
Perhaps the Anti-Spam word should be generated with Javascript instead of PHP.
UPDATE - This is an example of some developer (probably 3 years ago) at WPMU DEV using another developer's code, forking it, and letting it stall out.
I investigated my issue further, and the plugin within the Comment Spam Pack causing the issue is "Peter's Anti-Spam". So I went to Peter's website...
Peter's plugin is currently on version 3.1.4 - http://www.theblog.ca/anti-spam
(It's not bleeding edge stuff, but it WAS updated in August 2010)
But the WPMU DEV version is still on 2.84 -- and according to the changelog, was last updated in July 2007 !!
Seriously?
Anyway, Peter fixed the caching issue in his plugin back in version 3.1.1 - which is dated November 2008.
How about an update guys? If you're going to use another developer's code as part of a "plugin pack," doesn't it make sense to check for updates when you release your updates?
Sorry for the delay here and thanks for digging that up. Ve has indeed inherited this plugin from someone else. I'll let him know about this and it should be a relatively simple fix.
I think we're actually going to replace this with our own, simpler, solution. It's a much better long term alternative. I believe Ve is working on that now.
The plugin has had a major overhaul in latest version (v2.0, just released), and a lot of the code has been rewritten. Can you please update and see if it helps with this issue?
The options were still there and any options you have had in place actually took effect - however, there was a problem with the UI that prevented some of them from displaying. The issue should be fixed in the latest release (v2.0.1, just released).
Cool - you might also want to add an icon to the Network settings page in the navigation -- maybe the little black ninja that's shown on the plugin page of WPMU DEV
Also - you might wanna rename the plugin options from "AVH F.D.A.S." to "Comment Spam Pack" or something like that.
Responses (16)
WPMU DEV Fanatic — 19th August 2011 #
Hi nickd32,
This is a tough one to troubleshoot as I don't have the theme myself. I tried testing with another custom post type, thinking perhaps it would have the same result with any custom post type comment but I couldn't replicate the issue with that.
I'll ask one of the developers to have a look here and see if there's anything he can spot.
Thanks,
David
Member — 20th August 2011 #
Attached the zip of the theme for DEV testing. - http://db.tt/TiKZhXP
Developer — 21st August 2011 #
Hi,
The reason you're getting the error is because the plugin is unable to inject its required nonce field in comment template because the hook it uses never gets called. It's difficult for plugins to inject things into themes reliably, as the hooks that get implemented in themes vary drastically.
If you're comfortable with editing your theme file, there is a quick and relatively easy fix you can apply to solve this issue. Here's how you could do it:
1) Open this file: <path-to-your-themes-directory>/supportpress/single-ticket-comments.php (I recommend backing it up first, just in case)
2) Scroll down to lines 191-193. They should look like this:
...
...
3) Change them to this:
...
...
4) Save your file.
As you see, we merely added a "comment_form" hook, just above the closing form tag - the actual comment form will still be the one from your theme, but the plugin needs this hook called so it knows where to inject its nonce field.
Member — 24th August 2011 #
cool, that worked. Thanks Ve!
Member — 1st September 2011 #
@VeBailovity -- Same problem, different theme. This one is live here:
http://girlsguidetoguns.com/2011/08/30/guest-blog-for-fun-or-for-fear/#comment-358
Here is the ZIP of the theme for Dev testing.
If I'm logged in, I can leave a comment. But if I log out and enter my info like I'm a guest, I get the "Cheating huh" message again.
I checked the comments.php file and verified that the
<?php do_action('comment_form', $post->ID); ?>hook is there.
I even tried removing the $post->ID stuff so that it read exactly like you suggested above. Still getting the error.
Can you help?
Member — 1st September 2011 #
UPDATE - I think there's some commonality with this thread -- I just turned on the Quick Cache plugin -- and in this case, I think that may be the issue. Regardless of how many times I reload the page, I keep seeing the same captcha-like graphic.
Perhaps the Anti-Spam word should be generated with Javascript instead of PHP.
Member — 1st September 2011 #
UPDATE - This is an example of some developer (probably 3 years ago) at WPMU DEV using another developer's code, forking it, and letting it stall out.
I investigated my issue further, and the plugin within the Comment Spam Pack causing the issue is "Peter's Anti-Spam". So I went to Peter's website...
Peter's plugin is currently on version 3.1.4 - http://www.theblog.ca/anti-spam
(It's not bleeding edge stuff, but it WAS updated in August 2010)
But the WPMU DEV version is still on 2.84 -- and according to the changelog, was last updated in July 2007 !!
Seriously?
Anyway, Peter fixed the caching issue in his plugin back in version 3.1.1 - which is dated November 2008.
How about an update guys? If you're going to use another developer's code as part of a "plugin pack," doesn't it make sense to check for updates when you release your updates?
Sales & Support Pro — 1st September 2011 #
Hiya,
Sorry for the delay here and thanks for digging that up. Ve has indeed inherited this plugin from someone else. I'll let him know about this and it should be a relatively simple fix.
Cheers!
Phil
Member — 1st September 2011 #
Sara G wrote about another spam plugin on wpmu.org -- should this be included in the comment spam pack instead of some of the others?
http://wpmu.org/block-spam-on-wordpress-multisite-and-buddypress-using-math-questions/
Sales & Support Pro — 2nd September 2011 #
I think we're actually going to replace this with our own, simpler, solution. It's a much better long term alternative. I believe Ve is working on that now.
Phil
Member — 2nd September 2011 #
Cool. I look fwd to the new plugin, and I agree that it's better to consolidate, rather than use a bunch of older, cobbled-together plugins.
Developer — 6th September 2011 #
Hi,
The plugin has had a major overhaul in latest version (v2.0, just released), and a lot of the code has been rewritten. Can you please update and see if it helps with this issue?
Member — 7th September 2011 #
Thanks very much Ve. The updated plugin looks good.
I'll run some tests to see if the issue has been resolved.
Member — 7th September 2011 #
With this new version, it seems like you've removed the Project Honeypot options, as well as the local IP blacklist/whitelist.
Is this true? Am I missing them somewhere?
Developer — 9th September 2011 #
Hi,
The options were still there and any options you have had in place actually took effect - however, there was a problem with the UI that prevented some of them from displaying. The issue should be fixed in the latest release (v2.0.1, just released).
Member — 9th September 2011 #
Cool - you might also want to add an icon to the Network settings page in the navigation -- maybe the little black ninja that's shown on the plugin page of WPMU DEV
Also - you might wanna rename the plugin options from "AVH F.D.A.S." to "Comment Spam Pack" or something like that.
Become a member