“Send Login Link” does not work (v4.7.1)

The link created by shortcode [newsletters_online] does not work anymore, maybe the same cause. Instead you’ll see the management screen if you click that link in emails which should lead you to the online version of an email.

Also it seems that no message at all is displayed on the [newsletters_management] screen.

• This reply was modified 4 years, 1 month ago by Frank.

I have a tip for your super stressed team (as you told me) because a not so stressed guy at Tribulant has “refactored” multiple occurences of this pattern:
$var = sanitize_text_field( $_GET['some_key'] );
and changed them to:
$var = sanitize_text_field( isset( $_GET['some_key'] ) );

Could you please teach him/her that this is a bad idea? A lot of misbehaviour was introduced by this after v4.6.19 and is at least present in v4.7.1.

Both of the issues described in this topic will be solved by changing line 887 in file wp-mailinglist.php from:
$newsletters_method = sanitize_text_field(isset($_GET['newsletters_method']));
back to previous:
$newsletters_method = sanitize_text_field( $_GET['newsletters_method'] );
because $newsletters_method can otherwise never receive something else than a boolean value and the following “switch case” makes no sense any more.

BTW: No need to prevent errors by missing GET vars because sanitize_text_field() returns an empty string in this case.

Cheers.

Bug collection:

grep -r \(isset * | grep sanitize
wp-mailinglist.php: $page = sanitize_text_field(isset($_GET[‘page’]));
wp-mailinglist.php: $newsletters_method = sanitize_text_field(isset($_GET[‘newsletters_method’]));
wp-mailinglist-plugin.php: $page = sanitize_text_field(isset($_GET[‘page’]));

grep -r \(isset * | grep esc_html
views/admin/head.php: $page = esc_html(isset($_GET[‘page’]));
wp-mailinglist.php: $method = esc_html(isset($_GET[‘method’]));
wp-mailinglist-plugin.php: $method = esc_html(isset($_GET[‘method’]));

• This reply was modified 4 years, 1 month ago by Frank.