I think the problem has something to do with this function
// this checks to see if we are in facebook
function check_facebook() {
if (!isset($_SERVER["HTTP_USER_AGENT"])) {
return false;
}
if (isset($_REQUEST['fb_sig_in_iframe']) || isset($_REQUEST['fb_force_mode'])) {
defined('DONOTCACHEPAGE') or define('DONOTCACHEPAGE', 'true');
return true;
}
/* need to check for signed_request to trap new iframes */
if (isset($_POST['signed_request']) || isset($_REQUEST['signed_request'])) {
defined('DONOTCACHEPAGE') or define('DONOTCACHEPAGE', 'true');
return true;
}
return false;
}
I think an extra condition needs to be present. The function needs to see not only if we are in facebook but also if the fbapp requesting the data is the one associated with wpbook.
I had to turn of the WPBook plugin for now so that I could do some further testing with my new facebook page tab app. I can turn it back for troubleshooting purposes if needed.
Thanks, christopher
You are looking in the right place – that’s where we’re doing the check.
Not sure offhand how to check for the fb app id at that point – we’re checking for fb_sig_in_iframe, or fb_force_mode, or signed_request in the POST object – these are all signs the user is coming from FB.
WPBook knows from its settings what its AppID is, but I don’t know if that APP ID is provided by Facebook as part of each call.
More details on the signed request here:
http://developers.facebook.com/docs/authentication/signed_request/
Looks like one would need to parse the signed_request (possibly using some features from the Facebook PHP SDK), then get the OAUTH Token and decode that to get the App ID?
Unlikely I will get to this anytime soon, as it is only required by folks trying to power multiple facebook app ids out of a single blog – but if you (or others) make progress on it I’m happy to incorporate a patch.
Thank you for your response, John. I am also looking at possibly adding an exclusion to this area here.
if (check_facebook()) {
add_filter('template_directory', 'wpbook_template_directory');
add_filter('theme_root', 'wpbook_theme_root');
add_filter('theme_root_uri', 'wpbook_theme_root_uri');
add_filter('stylesheet', 'wpbook_stylesheet');
}
I am considering this as I only have one page which needs to be excluded. It might be the easier solution, but I not sure that it would help others who have the same problem.
John,
After reading and researching for hours on Facebook’s {fb_sig_in_iframe, or fb_force_mode, or signed_request}, I did not gain any understanding on any of these, and I could not figure out how to check to validate that the request was coming only from the wpbook app.
What I ended up doing was to modify the index.php located in the wpbook/theme directory. I had it to check for a specific page and then added code which would load the page.
