Site icon Hip-Hop Website Design and Development

"The link you followed has expired" & "Error while saving" messages when adding new post

I’m currently unable to publish new posts on my wordpress site. Whenever I try, I get a "The link you followed has expired" error after clicking the "publish" button. Also, as I’m typing into the editor, I repeatedly get "Error while saving" messages in the bottom right.

I’ve tried some of google’s most common fixes for this error message. These include increasing max upload size/execution time in functions.php or defining a higher WP_MEMORY_LIMIT in wp-config.php. One thing to note is that most of these suggestions are in response to someone not being able to upload a theme or plugin through the admin, which is not my case – I’m trying to save a tiny post, not upload a big .zip file. These fixes did seem to increase the amount of time before the "Error while saving" message appears, but they didn’t solve the problem.

I thought it might be a database error, like somehow the wp_posts table’s name had gotten changed or it had gotten corrupted somehow, and so all the attempts to save to it were resulting in errors. I downloaded the Query Monitor plugin to try to get a closer look at what was happening with the database. I hadn’t noticed any problems viewing already-existing posts, and query monitor did seem to confirm that all of the queries selecting data from wp_posts were going fine. However the ones done by wp_insert_post() like SHOW FULL COLUMNS from wp_posts and INSERT INTO wp_posts are highlighted in purple, which I assume is indicating they’re unsuccessful.

Another thing query monitor showed was the stack trace of the "The link you followed has expired" error, which shows it’s failing to pass the check_admin_referrer() call in wp-admin/post.php. I’m not sure why I’d be failing a nonce check here – it’s just the regular "add new post" form in the admin, and I have added many posts to this site successfully before. I’m also not sure how failing a nonce fits in with the common theme that comes up in addressing this specific error message, which is that the server is overburdened (for example, see this answer or this article).

Speaking of the server though, I do have a bunch of error logs in the root of my wordpress installation to the effect of "PHP Fatal error: Allowed memory size of [number] bytes exhausted (tried to allocate y bytes)". These stretch back to quite a while before I started having trouble creating new posts so I’m not sure how relevant they are.

If anyone has any ideas I’d be grateful for the help, thanks!

Edit: In accordance with @Rup ‘s suggestion I tried to do some debugging related to the nonce. I added a couple of var_dump calls to check_admin_referer in wp_includes/pluggable.php. here is exactly where I added them:

function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
        if ( -1 === $action ) {
            _doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
        }

        $adminurl = strtolower( admin_url() );
        $referer  = strtolower( wp_get_referer() );

        /* DEBUG */
        if ( isset( $_REQUEST[ $query_arg ] ) ){
            var_dump('nonce');
            var_dump( $_REQUEST[ $query_arg ] );
        }
        /* END DEBUG */
        
        $result   = isset( $_REQUEST[ $query_arg ] ) ? wp_verify_nonce( $_REQUEST[ $query_arg ], $action ) : false;

        /* DEBUG */
        var_dump('result');
        var_dump( wp_verify_nonce( $_REQUEST[ $query_arg ], $action ) );
        /* END DEBUG */

        /**
         * Fires once the admin request has been validated or not.
         *
         * @since 1.5.1
         *
         * @param string    $action The nonce action.
         * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between
         *                          0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
         */
        do_action( 'check_admin_referer', $action, $result );

        if ( ! $result && ! ( -1 === $action && strpos( $referer, $adminurl ) === 0 ) ) {
            wp_nonce_ays( $action );
            die();
        }

        return $result;
    }

Before hitting the ‘publish’ button I made note of the value of the hidden nonce input using the chrome inspector. value was ‘0aeb68a041’.

here is the result of those var_dumps:
string(5) "nonce" string(10) "0aeb68a041" string(6) "result" bool(false).

So the value of the nonce appears to be correct, but verification is still failing, I guess possibly due to other factors that wp_verify_nonce() uses to generate the expected hash, like wp_get_session_token?

Edit #2: Ok, thanks for the clarification @Rup. I added a log of the ingredients for wp_hash in wp_create_nonce like so:

var_dump(array( 'function' => 'wp_create_nonce', 'action' => $action, 'token' => $token, 'wp_nonce_tick' => $i, 'user ID' => $uid ));

I added the same array dump to wp_verify_nonce. Here is the result when the nonce is created on the ‘add new post’ admin screen:

array(5) { 
["function"]=> string(15) "wp_create_nonce" 
["action"]=> string(16) "update-post_5244" 
["token"]=> string(43) "aMeuitYF5jmQqX2DG2xMMZmXPjuSMkBOkHHzIYeLsRy" 
["wp_nonce_tick"]=> float(37734) 
["user ID"]=> int(1) 
}

And here is result when the nonce attempts to be verified:

array(5) { 
["function"]=> string(15) "wp_verify_nonce" 
["token"]=> string(43) "aMeuitYF5jmQqX2DG2xMMZmXPjuSMkBOkHHzIYeLsRy" 
["action"]=> string(13) "update-post_0" 
["wp_nonce_tick"]=> float(37734) 
["user id"]=> int(1) 
}

So I guess the action parameter is why the nonce isn’t verifying, thanks for helping me figure this out. Now I’m going to look at why the post ID is getting set to 0 somewhere along the way.