|
Jeffrey Sable
|
June 15, 2014 at 4:31 am
Hi,
when I access this url: /espresso-api/v1/events/public on my locally installed wordpress instance with Event Espresso plugin and Event Espresso API Plugin enabled, then I get this message:
{"status":"Not authorized to access that endpoint","status_code":403}
I have enabled the option Allow Public API Access?.
I expect a list of events as a response with 1 item – I have one event created in wordpress.
|
|
Jeffrey Sable
|
June 15, 2014 at 4:33 am
The event espresso is this version: Version 3.1.36.5.P, the api plugin is this version:Version 2.1.1.P
|
|
Lorenzo Orlando Caum
|
June 15, 2014 at 7:29 pm
Try re-saving the allow public access option: http://cl.ly/image/2P2K1F1v2F2n
Also some security plugins could block this so if you are running any, then try disabling them. You’ll also need a WordPress admin user role to access information through the JSON API.
—
Lorenzo
|
|
Jeffrey Sable
|
June 16, 2014 at 3:52 am
I disabled all the plugins but Event Espresso and Event Espresso JSON API and set the basic Twenty Fourteen theme, I’m logged with user that has the administrator role and I resaved the form that allows public access at least three times, I gave all the files in wordpress directory 777 and I still have the same message. I have pretty much ran out of ideas. Anything else comes to your mind?
|
|
Dean
|
June 16, 2014 at 6:26 am
Is it possible to get your login details in order to look into this?
If so, please send them via https://eventespresso.com/send-login-details/
NOTE: login details need to be Admin level and FTP details are appreciated.
|
|
Jeffrey Sable
|
June 16, 2014 at 12:27 pm
I filled the form, let’s see then.
|
|
Dean
|
June 17, 2014 at 12:09 am
Hi Jeffrey,
I have not seen any details come through, was the form submitted correctly? The actual submit button wont appear unless all the required fields are active (it catches people out occasionally).
|
|
Jeffrey Sable
|
June 17, 2014 at 2:36 am
Hi, i digged into this a little, I’m not a php programmer, but I think I’ve found a “bug” in the code of the JSON API plugin. Or at least when I change some lines in the JSON API plugin, it works as I expect. Where can I give you a description of this?
|
|
Dean
|
June 17, 2014 at 2:59 am
Hi,
If you believe it to be a security issue, please use this form – https://eventespresso.com/report-a-security-vulnerability/
Otherwise feel free to post the issue here. You can use a service such as pastebin.com if you need to post large chunks of code.
|
|
Jeffrey Sable
|
June 17, 2014 at 3:07 am
My hypothesis is that the plugin uses the function mysql_real_escape_string in file EspressoAPI_Router.class.php on line 55, and this function expect that there is an open connection to mysql. But there is none. The correction is that I replace the function call with wordpress function esc_sql, that maintains the connection to the db.
|
|
Dean
|
June 17, 2014 at 5:29 am
OK thanks for the feedback. I’ll put this in front of the API developer for their thoughts.
|
|
Michael Nelson
|
June 17, 2014 at 11:13 am
What does esc_sql or mysql_real_escape_sequence have to do with database connections? Can you provide a link to some info about this because I can’t find any.
Also we can’t reproduce the issue. However, using mysql_real_escape_sequence is apparently deprecated as of PHP 5.5 so if you’re running PHP 5.5, that might be the issue. Are you?
But regardless, using esc_sql seems like a good idea
|
|
Jeffrey Sable
|
June 22, 2014 at 3:19 pm
Yes, we are using php 5.5.9, so that is probably the cause. I’m not an a php expert, but it looks like our version is using some mysql ?extension? mysqli, in esc_sql function, there is an if testing whether the mysqli is installed or not, whereas the mysql_real_escape_sequence is calling the functions, that are not in 5.5.
|
