[Plugin: Secure Invites for WordPress MU] redirection kills email validation

  • langner

    (@langner)


    13 years, 7 months ago

    Hello,

    For some reason my WP install (not MU) redirects wp-signup.php to wp-login.php?action=register — is that normal?

    Anyway, this causes the plugin to not validate email addresses, since it checks the entire $_SERVER[“QUERY_STRING’] and in my case this string contains “?action=register” before the email.

    I fixed this with a quick hack that works for me, inserting on line 115:
    // hack if redirected to wp-login.php?action=register
    if (substr_count($_SERVER[“QUERY_STRING”], “?”) > 0) {
    $hack_query = explode(“?”, $_SERVER[“QUERY_STRING”]);
    $hack_email = $hack_query[1];
    if (secure_invites_is_valid_email($hack_email)) {
    $valid = true;
    $_POST[‘user_email’] = $hack_email;
    }
    }

    Maybe you want to generalize it somehow and include it in the source.

    Cheers,
    Karol

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter langner

    (@langner)

    13 years, 7 months ago

    OK, the above didn’t work in the end, either. It needed some more adjusting, and here is what worked in the end:

    if ((array_key_exists(‘user_email’, $_GET) && secure_invites_is_valid_email($_GET[‘user_email’]))|| secure_invites_is_valid_email(trim(@$_POST[“user_email”]))) {
    $valid = true;
    if (array_key_exists(‘user_email’, $_GET)) {
    $_POST[‘user_email’] = $_GET[‘user_email’];
    }
    }

    Also, around line 1390 the “?” needs to be changed to “&user_email” when replacing “[signuplink]”.

    Cheers!

    Plugin Author Chris Taylor

    (@mrwiblog)

    13 years, 7 months ago

    The latest version of the plugin fixes this problem by sending correct registration links in the invitation email. That will not help people who have an invitation link from an old version of the plugin, but by default invitation links are only live for a few days anyway.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘[Plugin: Secure Invites for WordPress MU] redirection kills email validation’ is closed to new replies.