Fixed _getRegistrationInputData()

Jeremy P

Jeremy P

XenForo developer
Staff member
In XenForo_ControllerPublic_Register the _getRegistrationInputData() method unsets some $_POST data, making it impossible for the method to be run twice properly.

The code comments seem to acknowledge it's a bit hacky ;)

In an add-on, I ended up doing something like this so that I could run the method without messing up when XenForo runs it the 2nd time:

PHP: 
protected $_inputData = array();

protected function _getRegistrationInputData()
{
    if (!empty($this->_inputData)) {
        $this->_inputData = parent::_getRegistrationInputData();
    }

    return $this->_inputData;
}

Seems like a simple fix and it would be nice to see in core :)
 
I suppose there is a situation where caching like that could interfere with something an add-on is doing. I guess that could be worked around by doing the caching in a separate function and calling that.

I'm curious why you'd ever call the function twice in a single request though.
 
If you're extending actionRegister() with an add-on, for example, and your custom code needs access to the input data, it's really convenient to be able to call it and have access to everything.

Then later when the custom code is done and calls the parent, XenForo calls the method again but is unable to get the password input because the honeypot fields have been unset to prevent them from being captured in logs.

Unless you can think of a different way of going about it in the add-on?
 
Jeremy P said:
If you're extending actionRegister() with an add-on, for example, and your custom code needs access to the input data, it's really convenient to be able to call it and have access to everything.

Then later when the custom code is done and calls the parent, XenForo calls the method again but is unable to get the password input because the honeypot fields have been unset to prevent them from being captured in logs.

Unless you can think of a different way of going about it in the add-on?
Click to expand...
I dont know your purpose but if want to get password I will extend to DataWriter rather that :)
 
I don't want the password. For my purposes I just need the POST data for the registration, and in an extension of the controller.

The method does something with the password data that prevents this method from being run more than once, but the password isn't relevant to my needs.
 
I have fixed this now. Just to note that it was done via a new function, _getRegistrationInputDataSafe. This ensures that if anyone has already extended _getRegistrationInputData, their values will still be written into the cache value. You should change your add-on to call the new function.
 
This happened to me, and caused a bug with one of my addons not letting people login/register because of it...

Thanks for changing :)
 

Similar threads

K
Method XF\BbCodeRenderer\Html::getValidUrl should be in a utility class
Replies
0
Views
186
Kirby
K
grantus
  • Question Question
XF 2.1 How to pass file input into _postSave?
Replies
2
Views
245
grantus
grantus
J
  • Question Question
XF 2.2 Rogue Threads Due to Prior Forum Delete Failure
Replies
1
Views
165
John917
J
Steffen
"Register using Google" (and probably others) creates xf_ip entry for action "avatar_update" with user_id=0
Replies
0
Views
158
Steffen
Steffen
digitalpoint
  • Suggestion Suggestion
Add geo columns to xf_ip
Replies
7
Views
822
ekool
ekool
Top Bottom