robthirlby

I need to restrict access to selected members not just anyone logged in but I can do that by modifying the script you found to require a suitable role. I was also concerned that someone could access the upload directory directly by making up a suitable url themselves but I can stop that by moving the directory out of the web tree and setting an index.php file in the directory to stop listings. So it looks as if I have a DIY kit. I have a gravity forms license. There is a hook to change the upload directory in GF which I’ve not yet looked at too. Many thanks for your help.

Sorry to be thick but could you show how and where to reinitialize the
$current_user var?

Regards,

Rob Thirlby

I’ve now solved the problem from my point of view by using the pre_user_email filter to substitute the original email (already validated and passed via the $_GET global) whenever the filter is called with a non-null WP sanitized email. This ensures that the original email is stored in the database uncorrupted. Thanks again for all who tried to help.

Aha I’ve found it by scanning the code with a free text editor. The culprit is sanitize_email() in wp-includes/formatting.php. I tried the rough bodge of replacing it with a null function returning the input $email unchanged. Unfortunately I can’t see how to replace this function by one more to my taste without hacking this file. Could anyone advise me how best to proceed?

Regards and many thanks for everyone’s help so far,

Rob

Many thanks Scott but I am using a gravity form and a text field (ie not an email field) for the email and validating it myself so what I present to the pods add or save method has not been stripped of (). The stripping happens later before it is stored in the database. If I use the same code to plant the same info in a different pod ie anything other than the user pod then the stripping does not happen. This makes me feel that the problem is a core one not a pod one ie the core protecting the user_email field . Does that sound plausible?

Regards,

Rob

I’ve installed the plugin and using Bowenac’s template, it works like a dream unless the user already has an avatar installed using the user edit facility of the dashboard. In this case the old avatar just does not get removed. I am using pods as well but I don’t think that’s relevant

Thanks. I didn’t know if pods was relevant at the time. My question has drifted into pods territory. I was reluctant to cross post as that tends to irritate people. Sorry.

I know from experimenting using phpmyadmin that if I plant email addresses in the form rob([email protected]) in the user_email field of the wp_users table, the email works ok. However if I present such an email to the pods add function to the extended user pod the parenthenses are stripped out before storing in the database. Can I prevent or modify this sanitisation? I’ve searched the pods code and cannot identify the culprit. It has happened before the pre_user_email hook.

Thanks again Josh. I was having a bad morning!

The wp page just contains

[pods pods_page="thankspod"]

The name of the pods page came from the dropdown list.

The thankspod page just says

Thankspod
before
<?php var_dump($_GET);?>
after

Thanks Scott. I patched my plugin to change the – to a _
i.e.

if ( thank_you.length )
                    shortcode += ' thank_you="' + thank_you + '"';

and it worked but
[pods name="author" form="1" fields="first_name,last_name,description" label="lookup author" thank_you='/formpage/?new_id=X_ID_X']

caused the URL to be passed as
https://localhost/formpage/?%3Ccode%3Enew_id=647%3C/code%3E

and [pods name="author" form="1" fields="first_name,last_name,description" label="lookup author" thank_you="/formpage/?fill=fill&new_id=X_ID_X&full=full"]
produced

https://localhost/formpage/?fill=fill%3Ccode%3E&new_id=651&full=full%3C/code%3E

Regards,
Rob

Many thanks for your time Scott.

Many thanks, That sorts it out for me.

There is a freebie called agent ransack that I use to search for strings in a tree of folders on windows machines. Its ideal for what you want.

Rob

Many thanks for the suggestion but it only reports/edits the standard WordPress user fields not the PODS extended ones.