WordPress.org

Ready to get started?Download WordPress

Forums

Member Access
[resolved] Redirection After Login Removes Symbols in the URL (6 posts)

  1. darrenbond
    Member
    Posted 2 years ago #

    Hi,

    I'm using WP 3.3.1 and Member Access 1.1.5.

    Bit of an odd problem, where the '@' symbol contained within the redirection url gets removed after logging in.

    Hopefully I can explain clearly what's happening...

    I have one restricted page which contains a form. The link to the form, which is on an unrestricted page, contains some parameters in the url to automatically populate two form fields.

    For example, url to the restricted page is:

    domain.com/restricted-page/?Name=Bob&Email=bob@domain.com

    When clicked, the visitor is prompted to enter their login credentials, and the url looks like this in the address bar:

    domain.com/wp-login.php?redirect_to=http%3A%2F%2Fdomain.com%2Frestricted-page%2F%3FName%3DBob%26Email%3Dbob%40domain.com

    Then when the restricted page is loaded the '@' symbol has been removed and looks like this:

    domain.com/restricted-page/?Name=Bob&Email=bobdomain.com

    It's odd, because the url reference (%40) for the '@' symbol is there in the redirection url, but then goes missing after the user has logged in and the page loads.

    I've de-activated the Member Access plugin, and the form is successfully populated with the '@' symbol when the user isn't prompted to log in. The only other plugin I'm using is cFormsII.

    I'd appreciate any help!

    Thanks,
    Darren

    http://wordpress.org/extend/plugins/member-access/

  2. brownoxford
    Member
    Plugin Author

    Posted 2 years ago #

    Hi Darren, have you tried replacing the @ with %40 in your link?

    According to RFC3986, the "@" is a gen-delim and must be percent-encoded when present in query strings.

    See http://tools.ietf.org/html/rfc3986#section-2.2

    --Chris

  3. darrenbond
    Member
    Posted 2 years ago #

    Hi Chris,

    Thanks for the quick response.

    Replacing @ with %40 in the link does work, however, the email address is entered by the visitor at another part of the site (think workflow...), so unfortunately I can't use it as a work-around.

    I'm a bit confused though, because %40 is in the url at the point of logging in; it only gets removed when the visitor has logged in.

    Do you know of another work-around?

    Many thanks,
    Darren

  4. brownoxford
    Member
    Plugin Author

    Posted 2 years ago #

    Making sure your query string parameters are url-encoded is less of a "workaround" and more of a "best practice".

    The issue you are seeing is coming from core WordPress code; when a user is sent to wp-login.php with a "redirect_to" query string parameter, WordPress will redirect the user to the url given by "redirect_to" after they successfully log in.

    Prior to performing the redirect, WordPress will sanitize the redirect target in the wp_sanitize_redirect() method (located in wp-includes/pluggable.php). The following preg_replace is what is stripping your at-sign:

    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location);

    It sounds like you are collecting a user's email address in one place, and re-displaying it to them in another. Is it possible for you to hook into that process and ensure that the email address itself goes through urlencode() prior to being inserted into the href?

  5. darrenbond
    Member
    Posted 2 years ago #

    Unfortunately I'm unable to modify the original process, so, I've created a plugin which adds the allowed character to preg_replace, so now it's as follows:

    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!@]|i', '', $location);

    Thank you very much for your fantastic responses, they've really helped me narrow down and understand what's going on here.

    Regards,
    Darren

  6. brownoxford
    Member
    Plugin Author

    Posted 2 years ago #

    Great, glad you were able to work out a solution!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic