Skip to:
Content

BuddyPress.org

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#6528 closed defect (bug) (fixed)

bp_verify_nonce_request() not working correctly for those using a port in URL

Reported by: r-a-y Owned by: r-a-y
Milestone: 2.4 Priority: normal
Severity: normal Version: 1.6
Component: Core Keywords: has-patch commit
Cc:

Description (last modified by r-a-y)

When a site is using a port for their home URL, bp_verify_nonce_request() can sometimes fail.

bp_verify_nonce_request() fails if these three conditions are met:

  • WordPress is installed in a subdirectory
  • Site is using a port number in the WP home URL
  • $_SERVER['HTTP_HOST'] returns the port number as well

See:
https://buddypress.org/support/topic/bp_verify_nonce_request-not-working/#post-241018

In that user's debugging, the port is duplicated twice due to $_SERVER['HTTP_HOST'] including the port number and we're appending the port number again with $_SERVER['SERVER_PORT'].

Attached patch only appends $_SERVER['SERVER_PORT'] if $_SERVER['HTTP_HOST'] does not already include the port number.

Patch also includes a unit test describing the above use case.

I can write more unit tests if desired.

Attachments (1)

6528.01.patch (3.3 KB) - added by r-a-y 4 years ago.

Download all attachments as: .zip

Change History (6)

@r-a-y
4 years ago

#1 @r-a-y
4 years ago

  • Description modified (diff)
  • Keywords has-patch added
  • Milestone changed from Awaiting Review to 2.4

#2 @boonebgorges
4 years ago

+1 from me.

#3 @DJPaul
4 years ago

  • Keywords commit added

LGTM :)

#4 @r-a-y
4 years ago

  • Owner set to r-a-y
  • Resolution set to fixed
  • Status changed from new to closed

In 10044:

Core: Fix issue with bp_verify_nonce_request() when a port is used in the home URL.

When a site is using a port for their home URL, bp_verify_nonce_request()
can sometimes fail. This is because the port is duplicated twice due to
$_SERVER['HTTP_HOST'] including the port number and we're appending the
port number again with $_SERVER['SERVER_PORT'].

This commit appends $_SERVER['SERVER_PORT'] if $_SERVER['HTTP_HOST']
does not already include the port number and includes a unit test.

Fixes #6528.

#5 @r-a-y
4 years ago

In 10047:

Fix unit test for bp_verify_nonce_request().

See #6528, r10046.

Note: See TracTickets for help on using tickets.