Jili Games try out,Win99 slot games free download.REGISTER NOW GET FREE 888 PESOS REWARDS!

Resolved darrenbond
(@darrenbond)

12 years, 10 months ago

Hi,

I’m using WP 3.3.1 and Member Access 1.1.5.

Bit of an odd problem, where the ‘@’ symbol contained within the redirection url gets removed after logging in.

Hopefully I can explain clearly what’s happening…

I have one restricted page which contains a form. The link to the form, which is on an unrestricted page, contains some parameters in the url to automatically populate two form fields.

For example, url to the restricted page is:

domain.com/restricted-page/?Name=Bob&[email protected]

When clicked, the visitor is prompted to enter their login credentials, and the url looks like this in the address bar:

domain.com/wp-login.php?redirect_to=http%3A%2F%2Fdomain.com%2Frestricted-page%2F%3FName%3DBob%26Email%3Dbob%40domain.com

Then when the restricted page is loaded the ‘@’ symbol has been removed and looks like this:

domain.com/restricted-page/?Name=Bob&Email=bobdomain.com

It’s odd, because the url reference (%40) for the ‘@’ symbol is there in the redirection url, but then goes missing after the user has logged in and the page loads.

I’ve de-activated the Member Access plugin, and the form is successfully populated with the ‘@’ symbol when the user isn’t prompted to log in. The only other plugin I’m using is cFormsII.

I’d appreciate any help!

Thanks,
Darren

https://www.ads-software.com/extend/plugins/member-access/

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Author brownoxford
(@brownoxford)

12 years, 10 months ago

Hi Darren, have you tried replacing the @ with %40 in your link?

According to RFC3986, the “@” is a gen-delim and must be percent-encoded when present in query strings.

See https://tools.ietf.org/html/rfc3986#section-2.2

–Chris

Thread Starter darrenbond
(@darrenbond)

12 years, 10 months ago

Hi Chris,

Thanks for the quick response.

Replacing @ with %40 in the link does work, however, the email address is entered by the visitor at another part of the site (think workflow…), so unfortunately I can’t use it as a work-around.

I’m a bit confused though, because %40 is in the url at the point of logging in; it only gets removed when the visitor has logged in.

Do you know of another work-around?

Many thanks,
Darren

Plugin Author brownoxford
(@brownoxford)

12 years, 10 months ago

Making sure your query string parameters are url-encoded is less of a “workaround” and more of a “best practice”.

The issue you are seeing is coming from core WordPress code; when a user is sent to wp-login.php with a “redirect_to” query string parameter, WordPress will redirect the user to the url given by “redirect_to” after they successfully log in.

Prior to performing the redirect, WordPress will sanitize the redirect target in the wp_sanitize_redirect() method (located in wp-includes/pluggable.php). The following preg_replace is what is stripping your at-sign:

$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location);

It sounds like you are collecting a user’s email address in one place, and re-displaying it to them in another. Is it possible for you to hook into that process and ensure that the email address itself goes through urlencode() prior to being inserted into the href?

Thread Starter darrenbond
(@darrenbond)

12 years, 10 months ago

Unfortunately I’m unable to modify the original process, so, I’ve created a plugin which adds the allowed character to preg_replace, so now it’s as follows:

$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!@]|i', '', $location);

Thank you very much for your fantastic responses, they’ve really helped me narrow down and understand what’s going on here.

Regards,
Darren

Plugin Author brownoxford
(@brownoxford)

12 years, 10 months ago

Great, glad you were able to work out a solution!

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘[Plugin: Member Access] Redirection After Login Removes Symbols in the URL’ is closed to new replies.