Secured pages public due to bug in CTXPS_Queries::get_user_id_by_username()
-
Hi,
First of all, I really love this plugin, but I’ve had some trouble with secured pages that suddenly became public after assigning an user to it through the ‘Edit groups’ page.
I’ve debugged it a little and found out what the problem is. In CTXPS_Queries::add_membership($user_id,$group_id,$expiration) $user_id is 0. This will add a user with id 0 to the group in the table ps_group_relationships. This eventually messes up the page security.
But the main problems lies within the function CTXPS_Queries::get_user_id_by_username(). This function is the one that returns 0 because it assumes that user_login and user_nicename in the table users are equal after some sanitizing and filters, see below:
//Lets convert the request to a nicename (should be more reliable) $username = sanitize_title( $username ); $username = apply_filters('pre_user_nicename', $username); //lets run this thing... $query = $wpdb->prepare('SELECT <code>ID</code> FROM <code>'.$wpdb->users.'</code> WHERE <code>user_nicename</code>=%s LIMIT 1',$username); return $wpdb->get_var($query,0,0);Adding a user to a group on the ‘Edit user’ page still works, but I think this should be fixed asap, since secured pages can become publicly this way.
- The topic ‘Secured pages public due to bug in CTXPS_Queries::get_user_id_by_username()’ is closed to new replies.
