- Forum
- Main Forum
- English Section
- CWP Control
- CWP7 Pro Cron Job Not Saving in User Panel? WP All Import Fix
×
Installation and guides about a great free, plesk and cpanel alternative project
CWP7 Pro Cron Job Not Saving in User Panel? WP All Import Fix
- infogate
-
Συντάκτης θέματος
- Αποσυνδεμένος
- Administrator
-
- Imagination is the beginning of creation
10 Ώρες 49 Λεπτά πριν #337
από infogate
The best possible way to start your online marketing : fspirits.com/go/leadsleap-home
Explode Your Web Site Traffice: fspirits.com/go/sparktraffic
Start your affiliate journey here: fspirits.com/go/olsp-academy
Best Solution To Create Videos: fspirits.com/go/create-studio-pro
Best Solution To Create Graphics: fspirits.com/go/clickdesigns
Smart Chat Automation: fspirits.com/go/chatterpal
Multi-Purpose Video Maker: fspirits.com/go/avatar-builder
Multi-Purpose Video Creator: fspirits.com/go/video-creator
AI Human Spokesperson Videos: fspirits.com/go/humanpal
CWP7 Pro Cron Job Not Saving in User Panel? WP All Import Fix δημιουργήθηκε από infogate
I would like to report and document an issue I found with the CWP7 Pro User Panel cron job editor.Server configuration:
Example of a legitimate WP All Import cron command that gets blocked:I also tried escaping the ampersands:but the User Panel still considers the command malicious.What was testedLinux cron itself is working correctly.The user crontab file exists and has correct ownership and permissions:Example output:Cron allow/deny files were also checked:does not exist andis empty, so the user is not blocked from using cron.The crontab binary permissions are also correct:Expected/correct result:Adding a cron job directly from SSH works correctly:The test cron is successfully saved.So the issue is not Linux cron permissions. The issue is specifically the CWP User Panel security validation/filter.Browser Network resultUsing browser Developer Tools → Network, the request to:returns HTTP 200, but the response body is:So the request reaches the backend, but the backend refuses the command.CauseThe CWP User Panel appears to block cron commands that include URL query parameters such as:These are normal and required for WP All Import cron URLs, but the User Panel security filter treats them as suspicious.WorkaroundThe safe workaround is to avoid placing the full WP All Import URL directly inside the CWP User Panel cron command.Instead, create a clean PHP bridge file with a simple filename and no query string in the cron command.Step 1: Create a bridge folderStep 2: Create a bridge file for the WP All Import processing URLExample:Add:Then set permissions:Step 3: Add a clean cron command from the CWP User PanelInstead of adding the original WP All Import URL, add this simple command:This avoids:inside the CWP User Panel cron command.Step 4: Create another bridge file for the trigger URLExample:Add:Then:CWP User Panel cron command:Suggested official fixIt would be helpful if CWP could allow legitimate cron commands usingorwith normal URL query parameters, especially for common WordPress cron integrations such as WP All Import.At the moment, the User Panel cron editor works for simple commands, but blocks valid WP All Import cron commands as malicious.Thank you.
- OS: AlmaLinux 9
- Panel: CWP7 Pro
- CWP version:
0.9.8.1228
- CWP PHP: PHP 7.4.33 with ionCube Loader
- Affected area: User Panel → Cron Jobs
{"error":"Malicious command detected"}/usr/bin/wget -q -O /dev/null https://example.com/wp-load.php?import_key=XXXX&import_id=17&action=processing/usr/bin/wget -q -O /dev/null https://example.com/wp-load.php?import_key=XXXX\&import_id=17\&action=processingls -l /var/spool/cron/USERNAME-rw------- 1 USERNAME USERNAME 1907 May 27 22:01 /var/spool/cron/USERNAMEls -l /etc/cron.allow /etc/cron.deny 2>/dev/null
cat /etc/cron.allow 2>/dev/null
cat /etc/cron.deny 2>/dev/null/etc/cron.allow/etc/cron.denyls -l /usr/bin/crontab
stat /usr/bin/crontab-rwsr-xr-x 1 root root /usr/bin/crontab
Access: (4755/-rwsr-xr-x) Uid: (0/root) Gid: (0/root)(crontab -u USERNAME -l; echo '*/10 * * * * echo "ssh cron test $(date)" >> /home/USERNAME/ssh-cron-test.log') | crontab -u USERNAME -index.php?module=crontab&acc=add{"error":"Malicious command detected"}?
&
=
wp-load.php
import_key
action=processingmkdir -p /home/USERNAME/public_html/cron-bridges
chown -R USERNAME:USERNAME /home/USERNAME/public_html/cron-bridges
chmod 755 /home/USERNAME/public_html/cron-bridgesnano /home/USERNAME/public_html/cron-bridges/import-17-processing-a8x92s9k.php<?php
/**
* WP All Import cron bridge.
* Import ID: 17
* Action: processing
*
* The secret is in the filename, so the CWP cron command has no query string.
*/
$url = 'https://example.com/wp-load.php?import_key=XXXX&import_id=17&action=processing';
$ch = curl_init($url);
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TIMEOUT => 180,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_USERAGENT => 'WP-All-Import-Cron-Bridge/1.0',
]);
$response = curl_exec($ch);
$error = curl_error($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($error) {
http_response_code(500);
exit('cURL error: ' . $error);
}
http_response_code($httpCode ?: 200);
echo 'OK';chown USERNAME:USERNAME /home/USERNAME/public_html/cron-bridges/import-17-processing-a8x92s9k.php
chmod 644 /home/USERNAME/public_html/cron-bridges/import-17-processing-a8x92s9k.php/usr/bin/wget -q -O /dev/null https://example.com/cron-bridges/import-17-processing-a8x92s9k.php?
&
=
import_key
action=processingnano /home/USERNAME/public_html/cron-bridges/import-17-trigger-k9p73x.php<?php
/**
* WP All Import cron bridge.
* Import ID: 17
* Action: trigger
*/
$url = 'https://example.com/wp-load.php?import_key=XXXX&import_id=17&action=trigger';
$ch = curl_init($url);
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TIMEOUT => 180,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_USERAGENT => 'WP-All-Import-Cron-Bridge/1.0',
]);
$response = curl_exec($ch);
$error = curl_error($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($error) {
http_response_code(500);
exit('cURL error: ' . $error);
}
http_response_code($httpCode ?: 200);
echo 'OK';chown USERNAME:USERNAME /home/USERNAME/public_html/cron-bridges/import-17-trigger-k9p73x.php
chmod 644 /home/USERNAME/public_html/cron-bridges/import-17-trigger-k9p73x.php/usr/bin/wget -q -O /dev/null https://example.com/cron-bridges/import-17-trigger-k9p73x.php/usr/bin/wget/usr/bin/curlThe best possible way to start your online marketing : fspirits.com/go/leadsleap-home
Explode Your Web Site Traffice: fspirits.com/go/sparktraffic
Start your affiliate journey here: fspirits.com/go/olsp-academy
Best Solution To Create Videos: fspirits.com/go/create-studio-pro
Best Solution To Create Graphics: fspirits.com/go/clickdesigns
Smart Chat Automation: fspirits.com/go/chatterpal
Multi-Purpose Video Maker: fspirits.com/go/avatar-builder
Multi-Purpose Video Creator: fspirits.com/go/video-creator
AI Human Spokesperson Videos: fspirits.com/go/humanpal
Παρακαλούμε Σύνδεση ή Δημιουργία λογαριασμού για να συμμετάσχετε στη συζήτηση.
- Forum
- Main Forum
- English Section
- CWP Control
- CWP7 Pro Cron Job Not Saving in User Panel? WP All Import Fix
Χρόνος δημιουργίας σελίδας: 0.050 δευτερόλεπτα