Calls of protected_node_access_callback without $_GET['destination'] throw warnings

Created on 2 March 2023, over 2 years ago

Updated 16 March 2023, over 2 years ago

Problem/Motivation

If somebody (e.g. Bots) tries to access protected node URLs without a specified destination (e.g. https://host/en/protected-node?protected_page=11554) a warning ist thrown from protected_node_access_callback as it does not check if $_GET['destination'] is set. This fills up the php log if this happens a lot.

Proposed resolution

Check if $_GET['destination'] is set before trying to access it in substr($_GET['destination']. See attached patch.

🐛 Bug report

Status

Fixed

Version

1.0

Component

Code

Created by

🇩🇪Germany meyerrob

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Issue created by @meyerrob
Assigned to Grimreaper
Comment over 2 years ago →
🇫🇷France Grimreaper France 🇫🇷
Issue was unassigned.
Status changed to Fixed over 2 years ago2:42pm 4 March 2023
Comment over 2 years ago →
🇫🇷France Grimreaper France 🇫🇷
Thanks!

Patch merged.

Have you found any other stuff to fix or can I make a new release?
Comment over 2 years ago →
🇩🇪Germany meyerrob
Comment over 2 years ago →
🇩🇪Germany meyerrob
Comment over 2 years ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024