Cannot input http or https in user fields (2 posts)

  1. thelaw
    Posted 3 years ago #

    I'm having a difficult time getting a profile field to take an "http://" or "https://" entry. I'm wondering whether there is something preventing a full URL from being entered into a user profile field in order to avoid having injection attacks. I get a 403 error when a user tries to input a full URL to google plus which includes the https.

    ERROR 403 - Forbidden

    The page you seek to reach is forbidden or inaccessible to you.

  2. thelaw
    Posted 3 years ago #

    I posted this a week ago - I discovered the problem - it appears that WordPress multisites get fooled and spit out an error if you try to enter a full URL in any user field. It will work in your main site but not in any subdomain blogs you may have.

    I looked in the error log and found the following:

    [Sun Jan 20 12:12:27 2013] [error] [client] File does not exist: /home/mysite/public_html/403.shtml, referer: http://subd.mydomain.com/wp-admin/user-edit.php?user_id=2&wp_http_referer=%2Fwp-admin%2Fusers.php

    So in summary: I created a Facebook user field in WordPress. I can store "https://www. facebook.com/username" into that user field only in my main blog: http://www.yourblog.com . But WordPress will spit out an error in the userdir.yourblog.com multisite of my wordpress multisite install. This is happening on all my sites and I'm hoping someone can lend some assistance as it seems to be a bug?

Topic Closed

This topic has been closed to new replies.

About this Topic