[buddypress-trac] [BuddyPress Trac] #6528: bp_verify_nonce_request() not working correctly for those using a port in URL

buddypress-trac noreply at wordpress.org
Wed Jun 24 16:53:19 UTC 2015 

#6528: bp_verify_nonce_request() not working correctly for those using a port in
URL
------------------------------+------------------
 Reporter:  r-a-y             |       Owner:
     Type:  defect (bug)      |      Status:  new
 Priority:  normal            |   Milestone:  2.4
Component:  Component - Core  |     Version:  1.6
 Severity:  normal            |  Resolution:
 Keywords:  has-patch         |
------------------------------+------------------
Changes (by r-a-y):

 * keywords:   => has-patch
 * milestone:  Awaiting Review => 2.4


Old description:

> When a site is using a port for their home URL,
> `bp_verify_nonce_request()` can sometimes fail.
>
> bp_verify_nonce_request() fails if these two conditions are met:
> * WordPress is installed in a subdirectory
> * Site is using a port number in the WP home URL
>
> See:
> https://buddypress.org/support/topic/bp_verify_nonce_request-not-
> working/#post-241018
>
> In that user's debugging, the port is duplicated twice due to
> `$_SERVER['HTTP_HOST']` including the port number and we're appending the
> port number again with `$_SERVER['SERVER_PORT']`.
>
> Attached patch only appends `$_SERVER['SERVER_PORT']` if
> `$_SERVER['HTTP_HOST']` does not already include the port number.
>
> Patch also includes a unit test describing the above use case.
>
> I can write more unit tests if desired.

New description:

 When a site is using a port for their home URL,
 `bp_verify_nonce_request()` can sometimes fail.

 `bp_verify_nonce_request()` fails if these three conditions are met:
 * WordPress is installed in a subdirectory
 * Site is using a port number in the WP home URL
 * `$_SERVER['HTTP_HOST']` returns the port number as well

 See:
 https://buddypress.org/support/topic/bp_verify_nonce_request-not-
 working/#post-241018

 In that user's debugging, the port is duplicated twice due to
 `$_SERVER['HTTP_HOST']` including the port number and we're appending the
 port number again with `$_SERVER['SERVER_PORT']`.

 Attached patch only appends `$_SERVER['SERVER_PORT']` if
 `$_SERVER['HTTP_HOST']` does not already include the port number.

 Patch also includes a unit test describing the above use case.

 I can write more unit tests if desired.

--

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6528#comment:1>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac

More information about the buddypress-trac mailing list