Invalid post type. error when I click on "POSTS" in teh Wordpress admin menu

[Kkeller83]

What happened?

When running Wordpress with the standard frankenphp on ubuntu and you go and click on "POSTS" in the Wordpress admin menu you get the error invalid post type. If I run the same wordpress installation with NGINX all is ok.

Build Type

Official static build

Worker Mode

No

Operating System

GNU/Linux

CPU Architecture

x86_64

PHP configuration

Latest unmodified frankenphp version from releases

Relevant log output

No response

[Kkeller83]

And when I want to print the PHP info I get this:

./frankenphp-linux-x86_64.1 php-cli -i

Warning: Unknown: Failed to open stream: No such file or directory in Unknown on line 0

Fatal error: Failed opening required '-i' (include_path='.:') in Unknown on line 0

[dunglas]

You must retrieve the phpinfo() from a web context (call the function in a webpage). The -i option isn't implemented yet on CLI.

Could you also copy the entire request and response (headers and body), please? You can copy them from the Network tab of the browser DevTools.

[Kkeller83]

curl 'https://xxxxxx/wp-admin/edit.php'

-H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:129.0) Gecko/20100101 Firefox/129.0'

-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,/;q=0.8'

-H 'Accept-Language: en-GB,en;q=0.5' -H 'Accept-Encoding: gzip, deflate, br, zstd'

-H 'Referer: https://xxxxx/wp-login.php?redirect_to=https%3A%2F%2Fkeller-wptest110.dev.fineupp.com%2Fwp-admin%2Fedit.php&reauth=1'

-H 'Connection: keep-alive'

-H 'Upgrade-Insecure-Requests: 1' -H 'Sec-Fetch-Dest: document'

-H 'Sec-Fetch-Mode: navigate'

-H 'Sec-Fetch-Site: same-origin' -H 'Sec-Fetch-User: ?1'

-H 'Priority: u=0, i'

-H 'Pragma: no-cache'

-H 'Cache-Control: no-cache' -H 'TE: trailers'

[Kkeller83]

This is the CaddyFile:

{
        admin off
        auto_https disable_redirects

        frankenphp
        order php_server before file_server
        order php before file_server
}

:80  {
        @static {
                file
                path *.ico *.css *.js *.gif *.jpg *.jpeg *.png *.svg *.woff
        }

        root * .
        encode zstd br gzip
        php_server
}

[Kkeller83]

Issue is pretty similiar here for a user using nginx.. just in case it helps: https://wordpress.stackexchange.com/questions/125985/nginx-wordpress-subdirectory-invalid-post-type

[Kkeller83]

This is the CURL request when using NGINX with PHP-FPM :

curl 'https:/xxx/wp-admin/edit.php'

-H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:129.0) Gecko/20100101 Firefox/129.0'

-H 'Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,/;q=0.8' -H 'Accept-Language: en-GB,en;q=0.5'

-H 'Accept-Encoding: gzip, deflate, br, zstd'

-H 'Referer: https://xxxx/wp-admin/' -H 'DNT: 1' -H 'Sec-GPC: 1'

-H 'Upgrade-Insecure-Requests: 1'

-H 'Sec-Fetch-Dest: document'

-H 'Sec-Fetch-Mode: navigate'

-H 'Sec-Fetch-Site: same-origin'

-H 'Priority: u=0, i'

-H 'Pragma: no-cache'

-H 'Cache-Control: no-cache'

-H 'TE: trailers'

This works

[Kkeller83]

Searching for Plugins on the Plugins page also doesn't work for me with frankenphp. Seems like this is a Javascript / Ajax not getting through thing.

[AlliBalliBaba]

Can you also share your ngxinx config? Maybe there's some special routing

[withinboredom]

@Kkeller83 in case you are not aware, you just posted your login cookies publicly on the internet and anyone/bot can now gain access to your server as an administrator. You may want to immediately change your salts in wp-config.php to invalidate your session cookies and check that no one has accessed your server to install malicious code/plugins/database entries.

[withinboredom]

According to admin.php the post type is set:

if ( isset( $_REQUEST['post_type'] ) && post_type_exists( $_REQUEST['post_type'] ) ) {
    $typenow = $_REQUEST['post_type'];
} else {
    $typenow = '';
}

and then the error is shown in edit.php:

global $typenow;

if ( ! $typenow ) {
    wp_die( __( 'Invalid post type.' ) );
}

So, the question here would be: how does this request variable get set in nginx?

[withinboredom]

Hey @Kkeller83, it looks like you are missing the most important config from nginx. It's called fastcgi.conf or fastcgi_params and describes how to pass things from the request into php.

[Kkeller83]

Solved it. I had the Caddyfile within the wordpress folder. Moving it out of the wordpress root folder and defining the root folder properly with the full path solves this