[buddypress-trac] [BuddyPress Trac] #6528: bp_verify_nonce_request() not working correctly for those using a port in URL

buddypress-trac noreply at wordpress.org
Wed Jun 24 08:47:54 UTC 2015


#6528: bp_verify_nonce_request() not working correctly for those using a port in
URL
------------------------------+-----------------------------
 Reporter:  r-a-y             |      Owner:
     Type:  defect (bug)      |     Status:  new
 Priority:  normal            |  Milestone:  Awaiting Review
Component:  Component - Core  |    Version:  1.6
 Severity:  normal            |   Keywords:
------------------------------+-----------------------------
 When a site is using a port for their home URL,
 `bp_verify_nonce_request()` can sometimes fail.

 bp_verify_nonce_request() fails if these two conditions are met:
 * WordPress is installed in a subdirectory
 * Site is using a port number in the WP home URL

 See:
 https://buddypress.org/support/topic/bp_verify_nonce_request-not-
 working/#post-241018

 In that user's debugging, the port is duplicated twice due to
 `$_SERVER['HTTP_HOST']` including the port number and we're appending the
 port number again with `$_SERVER['SERVER_PORT']`.

 Attached patch only appends `$_SERVER['SERVER_PORT']` if
 `$_SERVER['HTTP_HOST']` does not already include the port number.

 Patch also includes a unit test describing the above use case.

 I can write more unit tests if desired.

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6528>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac


More information about the buddypress-trac mailing list