Massive Bug on edit page

  • Hey!
    Thirst of all: Thanks for your great plugin. It saved me hours of work.

    I think i found a huge bug in the wpuf-edit-post.php

    Settings: If you make the failure to include a link to the edit post page in your menu or access this page without setting a ?pid=x in url, your check if ( !$curpost ) { will fail, because on line 40 you do intval( $_GET['pid']) what will always spit out zero, so get_post(0) will return the original content of the edit post page:

    <code>[wpuf_edit]</code> which appears in the textarea now.

    Means in fact that if you safe now, you’ll be able to destroy the entire edit page, because everyone will now get served the contend which was saved in stead of the shortcode. (Not sure if this is the right explanation but the effect is given)

    You can correct this by changing

    $post_id = isset( $_GET['pid'] ) ? intval( $_GET['pid'] ) : 0; (line 40) to
    $post_id = isset( $_GET['pid'] ) ? intval( $_GET['pid'] ) : false;

    and on around 47:

    $curpost = get_post( $post_id ); to:

    if(!$post_id){
   $curpost = false;
 }else{
   $curpost = get_post( $post_id );
 }

    So this could return the error message now if there wasn’t another bug because in the same file on line 28 you return the content you buffered before but you don’t echo the error messages. so change the following on lines 44,54 and 60

    __( to _e('Houston, we got a problem.','wpuf'); return false;

    Should do the job but have to do some testing.
    Cheers!

    https://www.ads-software.com/extend/plugins/wp-user-frontend/

  • The topic ‘Massive Bug on edit page’ is closed to new replies.