Patch for HTTPS issue with bookingform/login.php

  • Resolved cofix

    (@cofix)


    8 years, 4 months ago

    Dear events-manager developers,

    I’ve recently noticed the following issue with the events-manager plugin (version 5.6.6.1 with WordPress 4.6.1) on a server hosted at OVH (France) that serves pages in HTTPS:

    The login form that is included in the page of each event contains a “redirect_to” field whose URL uses the HTTP protocol, not HTTPS. As a result, when clicking on the button “Se connecter”, the redirection does not work properly and this can be quite confusing for the users.

    I’ve investigated a bit the code of this form and I would like to propose the patch below that I’ve successfully tested with our website, and which should be applicable for both environments: with HTTPS enabled or not.

    https://gist.github.com/erikmd/c4bf8e98b616a4e0ba1180b63406d07d

    Kind regards.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support angelo_nwl

    (@angelo_nwl)

    thanks, we will going to let the devs know about this.

    Thread Starter cofix

    (@cofix)

    Hello @angelo_nwl,

    I was just wondering whether the devs had the opportunity to review my patch, so the bugfix could be part of the upcoming release?

    To sum up, my patch consisted in changing one line in events-manager/templates/forms/bookingform/login.php so the redirection from an HTTPS-served page also uses the HTTPS protocol:

    
-	<input type="hidden" name="redirect_to" value="<?php echo esc_url($_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']); ?>#em-booking" />
+	<input type="hidden" name="redirect_to" value="<?php echo esc_url(($_SERVER['HTTPS'] ? 'https://' : 'https://') . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']); ?>#em-booking" />

    Best regards.

    Plugin Author Marcus (aka @msykes)

    (@netweblogic)

    Hi, I’m sorry for the delayed reply and thanks for the report with a suggested solution.

    We’re going to go with something similar to what you suggested but will fix the problem:

    <input type="hidden" name="redirect_to" value="<?php echo esc_url( get_site_url(false, $_SERVER['REQUEST_URI']) ); ?>#em-booking" />

    Thread Starter cofix

    (@cofix)

    Hi Marcus,
    OK, thanks for your feedback!
    Do you want to mark this thread as resolved from now, or only after your upcoming release of events-manager?
    Best regards.

    Plugin Author Marcus (aka @msykes)

    (@netweblogic)

    I’ll mark it resolved now, one less thing to do on release day ??

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Patch for HTTPS issue with bookingform/login.php’ is closed to new replies.