1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Fixed RegistrationRequired ugly hack

Discussion in 'Resolved Bug Reports' started by xfrocks, Jun 16, 2016.

  1. xfrocks

    xfrocks Well-Known Member

    Just found out the hack in XenForo_ViewPublic_Error_RegistrationRequired caused a JavaScript error in this scenario:
    1. Put a link with .OverlayTrigger in the index page
    2. Click it
    3. For some reason, permission failed and the login form is rendered
    Expected: overlay with login form
    Actual Result: no overlay

    Looks like this line is causing issue:
    $requestUri $this->_renderer->getRequest()->get('_xfRequestUri');
    Because the link is in index page, _xfRequestUri equals "/" so the view happily replaces all "/" with the link uri and render invalid mark up. Something like this:

    ..."errorTemplateHtml":"\n\n\n\n\n\n\n\n\n\n<form action=\"login\/overlay\/link?&amp;_xfRequestUri=%2F&amp;_xfNoRedirect=1&amp;_xfResponseType=jsonlogin\" method=\"post\" class=\"xenForm\" id=\"pageLogin\">\n\n\t\n\t\t<div class=\"errorPanel\"><span class=\"errors\">\n\t\t\tB\u1ea1n ph\u1ea3i \u0111\u0103ng nh\u1eadp \u0111\u1ec3 th\u1ef1c hi\u1ec7n thao t\u00e1c n\u00e0y.\n\t\t<\/overlay\/link?&amp;_xfRequestUri=%2F&amp;_xfNoRedirect=1&amp;_xfResponseType=jsonspan><\/overlay\/link?&amp;_xfRequestUri=%2F&amp;_xfNoRedirect=1&amp;_xfResponseType=jsondiv>\n\t\n\t\n\t<h2 class=\"textHeading\">\u0110\u0103ng Nh\u1eadp ho\u1eb7c \u0110\u0103ng K\u00fd<\/overlay\/link?&amp;_xfRequestUri=%2F&amp;_xfNoRedirect=1&amp;_xfResponseType=jsonh2>...
    SAS1024 likes this.
  2. Mike

    Mike XenForo Developer Staff Member

    For this usage, I think looking for "<value>" is more accurate and shouldn't have the false positives. So fixed, thanks!
    empire likes this.

Share This Page