Function conflict with WPMUDEV Set Password plugin

Resolved Tony G
(@starbuck)

8 years, 3 months ago
Hi. I just wanted to inform you of a function conflict. I know you actively maintain this plugin and assume you are interested.

I mention there that it looks like there are a couple bugs in your signup_password_random_password_filter in profile-builder/front-end/register.php. I could be wrong, I’m not an expert in these areas.

1) Is it correct that this code sets $key on a GET and then immediately reset the value to null on the next line because it’s not a POST? I can understand that this code be intended for a POST anyway.
```
$key = ( !empty( $_GET['key'] ) ? $_GET['key'] : null );
$key = ( !empty( $_POST['key'] ) ? $_POST['key'] : null );
```
2) In the assignment of $signup for a multisite installation, the base prefix is not prepended to the table name. Is that because $wpdb->signups already includes the prefix?

HTH

I just loaded the plugin today, may or may not keep it, but in any case Thanks!!

https://wordpress.org/plugins/profile-builder/

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Author Razvan Mocanu
(@razvanmo-1)

8 years, 3 months ago

Hi,

It is actually a coincidence of function names. Who would have thought that signup_password_random_password_filter is a common name?
Anyway, it is best practice to add the plugin’s short name as prefix to function names, and we will rename this function in our next updates.

About the $key variable assignment. The way it is written now, the first line is redundant. I’ll have a look on it and make some refactoring.

About the table reference name, $wpdb->signups already includes the prefix of that specific WordPress installation.

Thank you for reporting these issues, it helps us improve our product.

Thread Starter Tony G
(@starbuck)

8 years, 3 months ago

Thanks for your time.

Nah, no coincidence. The top of the code is too similar and there’s a tell-tale comment in there which is exactly the same in the functions. The fact that the plugin there is called Set Password while the plugin itself is called signup_password is also a clue that it was cloned.

I don’t want to imply anything nefarious on the part of either team. It’s all FOSS, we’re all friends, and code in the WP ecosystem is liberally copied from one place to the next simply because the code is doing exactly what it needs to do. I’m just suggesting that however this happened that some attribution should have been made somewhere – that’s another respected aspect of this ecosystem.

WPMUDEV comfirms that it looks like some change was made in the last year to avoid this specific conflict and that they’ll take another look at it. With both of you doing the same I think it’s all good.

Thanks for the note about $wpdb->signups. My noobish understanding is well demonstrated with the question.

Plugin Author Razvan Mocanu
(@razvanmo-1)

8 years, 3 months ago

In that case, you’re probably right about copying from one another, or maybe we both followed some tutorial that is no longer available.
Frankly, this function was written a long time ago and no one in my team remembers the story behind it. I know it would have been great to make some attribution somewhere, but let that be a lesson to follow from now on.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Function conflict with WPMUDEV Set Password plugin’ is closed to new replies.

Tags