• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Fixed RegistrationRequired ugly hack

xfrocks

Well-known member
#1
Just found out the hack in XenForo_ViewPublic_Error_RegistrationRequired caused a JavaScript error in this scenario:
  1. Put a link with .OverlayTrigger in the index page
  2. Click it
  3. For some reason, permission failed and the login form is rendered
Expected: overlay with login form
Actual Result: no overlay

Looks like this line is causing issue:
PHP:
$requestUri = $this->_renderer->getRequest()->get('_xfRequestUri');
Because the link is in index page, _xfRequestUri equals "/" so the view happily replaces all "/" with the link uri and render invalid mark up. Something like this:

Code:
..."errorTemplateHtml":"\n\n\n\n\n\n\n\n\n\n<form action=\"login\/overlay\/link?&amp;_xfRequestUri=%2F&amp;_xfNoRedirect=1&amp;_xfResponseType=jsonlogin\" method=\"post\" class=\"xenForm\" id=\"pageLogin\">\n\n\t\n\t\t<div class=\"errorPanel\"><span class=\"errors\">\n\t\t\tB\u1ea1n ph\u1ea3i \u0111\u0103ng nh\u1eadp \u0111\u1ec3 th\u1ef1c hi\u1ec7n thao t\u00e1c n\u00e0y.\n\t\t<\/overlay\/link?&amp;_xfRequestUri=%2F&amp;_xfNoRedirect=1&amp;_xfResponseType=jsonspan><\/overlay\/link?&amp;_xfRequestUri=%2F&amp;_xfNoRedirect=1&amp;_xfResponseType=jsondiv>\n\t\n\t\n\t<h2 class=\"textHeading\">\u0110\u0103ng Nh\u1eadp ho\u1eb7c \u0110\u0103ng K\u00fd<\/overlay\/link?&amp;_xfRequestUri=%2F&amp;_xfNoRedirect=1&amp;_xfResponseType=jsonh2>...
 

Mike

XenForo developer
Staff member
#2
For this usage, I think looking for "<value>" is more accurate and shouldn't have the false positives. So fixed, thanks!