Skip to:
Content

BuddyPress.org

Opened 15 years ago

Closed 15 years ago

Last modified 15 years ago

#2290 closed defect (bug) (fixed)

New User Registration: Required fields can be bypassed

Reported by: rvenable's profile rvenable Owned by:
Milestone: 1.2.4 Priority: major
Severity: Version:
Component: Core Keywords:
Cc:

Description

Buddypress has an option to make certain profile fields required. Required fields can be bypassed in new user creation.

BP only checks fields that have been passed in through $_POSTsignup_profile_field_ids? (see bp_core_screen_signup() in bp-core-signup.php), so if a user creates a post query that doesn't include that variable they can create an account without the required fields.

That's not that big of a deal unless the BP site is trying to use required fields to fight automated account creation.

Change History (5)

#1 @DJPaul
15 years ago

  • Priority changed from normal to major

Good catch, this is quite important.

#2 @johnjamesjacoby
15 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [2932]) Fixes #2290

#3 @delayedinsanity
15 years ago

I took a quick look at the changeset, but since I've only just dived headlong into BuddyPress as of the other day I can't answer this question;

With this addition is there going to also be added a way to disable ALL of the profile fields (core name, specifically) as being required? I want my members to have as simple of a signup process as possible, and would like to keep the registration down to nothing more than the account fields.

At this point it's as easy as as removing them from the registration page, which is great. But I just looked and I can't remove or edit the Name field. This should be made editable if required profile fields are going to become mandatory.

#4 @DJPaul
15 years ago

The name field is mandatory because BuddyPress relies on this information throughout the site; you can't disable it. You can rename the field in the "General Settings" page of the BuddyPress admin settings (/wp-admin/).

#5 @delayedinsanity
15 years ago

well the easy fix once this patch is applied would be to simply populate a hidden field with my old friend jQuery... but it would be nice to see a switch somewhere that would allow BuddyPress to do this internally.

I can understand if any of you are thinking, "Why bother? It's *1* extra field.", but it's a 5-minute or less microwave dinner world out there. The easier a process can be, such as signing up (even by one field), the better.

Note: See TracTickets for help on using tickets.