• Resolved JulianR

    (@julianrush)


    Hi

    I have been using a code snippet based on the conditional-successful-donation-redirect.php snippet in the library to redirect the success page for our US donors to the online donation form of the intermediary we use to accept tax-deductible donations and all has worked well. We get a record of their pending donation; they make an online donation on the US site and we manually mark it complete when it arrives.

    We now have to change our US intermediary and the new url for the success page is causing issues. It gets to the page correctly but the form displayed lacks some fields. However, if I enter the url as the link for a button, it displays correctly.

    Here’s the code I’m using to redirect the form success page:

    function ou_give_usa_redirect( $success_page ) {
      	$cafa_website_form_id = 7406;
    	$form_id = isset( $_POST['give-form-id'] ) ? $_POST['give-form-id'] : 0;
      	if ($form_id == $cafa_website_form_id ) {
    	  $success_page = esc_url( 'https://cafa.iphiview.com/cafa/GivingOpportunities/DonorAdvisedGiftForm/tabid/618/dispatch/dag_id$0_hash$39da10bf0100a8b755b74f3a27aa76d820aaf1f6/Default.aspx' );
    	}
    	return $success_page;
    }
    add_filter( 'give_get_success_page_uri', 'ou_give_usa_redirect', 10, 1 );

    I tried replacing esc_url() with esc_url_raw() and also not cleaning the url at all but the same error occurs. I can’t find where in the code the success page is triggered to investigate what happens after the filter is applied to cause this issue. So any help will be greatly appreciated.

    Our development site is currently private – let me know if you need to log in and I can set it up for you.

    Thanks

    Julian

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor Ben Meredith

    (@benmeredithgmailcom)

    That filter is here: https://github.com/impress-org/givewp/blob/057b6fe5a973955b80521f0ff81a552032e48e62/includes/forms/functions.php#L110

    So you are returning $success_page to that filter, and there are several places where that filter is used. You’ll need to determine where that filter is used in the specific case, and why your function is not escaping things correctly.

    We are happy to try to help once you have determined what specifically is going wrong, here.

    From what I can tell in my preliminary evaluation of it, there is something about how you have formatted the value there that is preventing it from evaluating it correctly.

    ​​Let me know if that resolves things, or if you need further assistance. ​Thanks for using GiveWP! Have a great day.

    Thread Starter JulianR

    (@julianrush)

    Hi Ben

    Thanks for pointing me in the right direction. As far as I can tell, the issue is not with GiveWP as the Offline Donation gateway I’m using simply calls the give_send_to_success_page() function when it processes the payment.

    The issue seems to be with the core WordPress code. give_send_to_success_page() (at line 139 in the same /include/forms/functions.php file) calls the WP function wp_redirect (line 149). That in turn calls the WP function wp_sanitize_redirect() which uses a very complex regex which I can’t claim to understand and I suspect it is that which is somehow modifying the url I’m using – perhaps in the long hash segment of the url.

    So I’ve got to learn a lot about regex unless you or anyone in this forum can help further!

    Cheers

    Julian

    Thread Starter JulianR

    (@julianrush)

    OK, if interested, an update. I’ve got my head around regex a bit and I’m almost certain it IS the wp_sanitize_redirect() function in WP. Careful inspection of the url I get to when redirected from the Give form reveals the dollar symbols have been stripped out.

    The url I tell Give to redirect to:
    .../dispatch/dag_id$0_hash$39da10bf0100a8b755b74f3a27aa76d820aaf1f6/Default.aspx

    The url I get to after the redirect:
    .../dispatch/dag_id0_hash39da10bf0100a8b755b74f3a27aa76d820aaf1f6/Default.aspx

    Line 1300 of the code here https://developer.wordpress.org/reference/functions/wp_sanitize_redirect/ is:

    $location = preg_replace( '|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location );

    which is clearly designed to only allow a limited set of characters in the redirect url.

    Though oddly, (and my understanding of regex is VERY limited) this looks like a malformed regex. Should it not be:

    $location = preg_replace( '/[^a-z0-9-~+_.?#=&;,\/:%!*\[\]()@]/i', '', $location );

    Have I found a bug in the WP code or am I missing something in my ignorance?

    J

    Thread Starter JulianR

    (@julianrush)

    And the solution is:

    Replace $ with %24 in the url for the success page and it works!!

    A long way round to an obvious solution – but a fun journey.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Error when redirecting to external website after donation form completed’ is closed to new replies.