#6528 closed defect (bug) (fixed)
bp_verify_nonce_request() not working correctly for those using a port in URL
Reported by: | r-a-y | Owned by: | r-a-y |
---|---|---|---|
Milestone: | 2.4 | Priority: | normal |
Severity: | normal | Version: | 1.6 |
Component: | Core | Keywords: | has-patch commit |
Cc: |
Description (last modified by )
When a site is using a port for their home URL, bp_verify_nonce_request()
can sometimes fail.
bp_verify_nonce_request()
fails if these three conditions are met:
- WordPress is installed in a subdirectory
- Site is using a port number in the WP home URL
$_SERVER['HTTP_HOST']
returns the port number as well
See:
https://buddypress.org/support/topic/bp_verify_nonce_request-not-working/#post-241018
In that user's debugging, the port is duplicated twice due to $_SERVER['HTTP_HOST']
including the port number and we're appending the port number again with $_SERVER['SERVER_PORT']
.
Attached patch only appends $_SERVER['SERVER_PORT']
if $_SERVER['HTTP_HOST']
does not already include the port number.
Patch also includes a unit test describing the above use case.
I can write more unit tests if desired.
+1 from me.