Exclude by IP adding https://

  • When I add an IP address that I would like to exclude from recording, after saving it, https:// is added before the IP address. The IP address is still recorded. Also, when I save a second IP address, https:// is still added to the beginning of the line, and the unicode “%20” symbol for a space is added before the second IP address, and then neither IP address is excluded.

Viewing 5 replies - 1 through 5 (of 5 total)

  • Confirmed here too.

    Looking through the code, I’m not sure why the https:// is being added to the admin options page, but the DB entry for it shows that it’s saving properly, which I’m assuming means that it will also still work properly (we’ll find out over time.)
    DB entry in Options table for option_name “wassup_settings”:

    Single IP exclude:
    ... "wassup_exclude";s:15:"XXX.XXX.XXX.XXX" ...

    Multiple IP exclude:
    ... "wassup_exclude";s:28:"XXX.XXX.XXX.XXX, XXX.XXX.X.X" ...

    I looks like we can ignore it, but it is rather annoying.


    EDIT:     Make sure you take the https:// and %20 out before each save. If they’re in there when you save it, they get saved to the DB too, and it wouldn’t work right.

    It appears as tough it’s the “cleanFormText” function being called on wassup_exclude on line 732 in wassup.class.php

    A quick fix would be to change:
    cleanFormText($_POST['wassup_exclude']);
    To:
    $_POST['wassup_exclude'];
    but this is NOT recommended since it does ZERO sanitation of the input before saving to the DB. If it’s just you and only you using the plugin, maybe you can risk it.

    Until the plugin author addresses this, we’ll either have to manually remove the https:// and %20, or write our own sanitation function that only strips unwanted characters without doing any conversion/encoding.

    • This reply was modified 4 years, 6 months ago by JP3.
    • This reply was modified 4 years, 6 months ago by JP3.
    Thread Starter abrown95

    (@abrown95)

    I’ve tried saving it again, but each time, the https:// returns. When I go to the options table in my db and remove the https:// directly from there and save it, it resets all of my options to the default setting.

    Strange, as long as I manually remove the “https:// ” and “%20” from my entry before saving, it saves properly in my DB. If they are there when I click save then is saves them incorrectly as you describe.

    My crude fix of raw editing wassup.class.php will solve it for now. Then it won’t add those extra characters anymore.

    • This reply was modified 4 years, 6 months ago by JP3.
    Plugin Contributor helened

    (@helened)

    Hi ABrown95,

    Thanks for reporting this problem!

    Fortunately, the fix is an easy one that you can do yourself if you are comfortable working with code: in WordPress plugin editor, edit the file “lib/settings.php” and replace the ‘esc_url’ with ‘esc_attr’ and that’s it.

    You can view this fix on Github here

    Thread Starter abrown95

    (@abrown95)

    Thanks! That seems to have worked.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Exclude by IP adding https://’ is closed to new replies.