Fix for WordPress multisite problems in version 4.7

This has been fixed in 4.7.3

After upgrading from WordPress multisite 4.6.3 to 4.7.2, I experienced that users:

  • were not able to preview drafts – Not found 404 status
  • have to log into each subsite separately
  • can’t logout because of 403 status from wp_nonce_ays() (ays = are you sure)
  • admin bar not visible on the frontend because is_user_logged_in() is false on the frontend
  • nonce verification problems

I keep the WordPress core in it’s own /wp sub folder.

I posted a more detailed reply, here and here , on core trac, but the reason seems to be changes made to the COOKIEHASH fallback in the wp_cookie_constants() function:

Pre 4.7 it was:

define( 'COOKIEHASH', '' );

but in 4.7 it was changed to

define( 'COOKIEHASH', md5( wp_guess_url() ) );

This was problematic for my install because that functions has different output values for the front-end and backend.

The avoid the to avoid the url-guessing with wp_guess_url() in wp_cookie_constants(), we have to set the

siteurl 

in the wp_sitemeta table. It was missing in my case for some unknown reason.

Another workaround is to add:

define( 'COOKIEHASH', md5( 'http://example.tld' ) );

into the wp-config.php file, to avoid the url guessing.

This also explains why defining WP_SITEURL to a non-empty string works, as mentioned by @fwdcar, as it circumvents the url guessing too.

Hope it helps!

How to allow audio files with GET parameters in the audio shortcode?

There’s an interesting question on WordPress Stackexchange regarding the audio shortcode .

It looks like it doesn’t support sources with GET parameters.

Here are two examples:

1) Without GET parameters the audio player displays:

where the shortcode is:

[audio src="http://s.w.org/images/core/3.9/JellyRollMorton-BuddyBoldensBlues.mp3"]

2) With GET parameters it only shows the audio link:

http://s.w.org/images/core/3.9/JellyRollMorton-BuddyBoldensBlues.mp3?play=1

where the shortcode is:

[audio src="http://s.w.org/images/core/3.9/JellyRollMorton-BuddyBoldensBlues.mp3?play=1"]

I managed to work around it with the following code snippet:

/**
 * Allow unrecognize audio sources hosted on 's.w.org'.
 *
 * @see http://wordpress.stackexchange.com/a/152352/26350
 */

add_filter( 'wp_audio_shortcode_override',
    function( $html, $atts )
    {
        if( 's.w.org' === parse_url( $atts['src'], PHP_URL_HOST ) )
        {
            add_filter( 'wp_audio_extensions', 'wpse_152316_wp_audio_extensions' );
        }
        return $html;
    }
, PHP_INT_MAX, 2 );

function wpse_152316_wp_audio_extensions( $ext )
{
    remove_filter( current_filter(), __FUNCTION__ );
    $ext[] = '';
    return $ext;
}