Text only | Text with Images

ElkArte Community

Elk Development => Bug Reports => Exterminated Bugs => Topic started by: AaronB on March 25, 2014, 10:14:15 pm

Title: Nasty little Registration / XML error
Post by: AaronB on March 25, 2014, 10:14:15 pm
OK .... I think it is nasty, others may not.  :)

This occurs on a live site and on a local host. Browser is FF 28.0.  Browser had been cleaned of cookies. Below is the error followed by the steps I took to create the error. I would have attached a .png but the FF Screengrab! would not function after the error.

The error:

This XML file does not appear to have any style information associated with it. The document tree is shown below.

    <elk>

      <username valid="1">Iwantin Here</username>

    </elk>

The steps to produce the error:

Go to Registration screen and accept the terms.
At the username screen enter the user ID of:  Iwantin Here
At the email screen enter the email address:  aa@aa.com
Click on register ( non-sticky balloon appears indicating missing fields, don't enter anything )
Click on register again. ( ignore warnings and anything else )
Go to the upper left corner and click on the Login button.  ( do not enter any userid/pw )
Enter a non valid user name in the upper left corner login box for user name
Do not enter a password
Click on the login for the upper left corner.
Now enter a valid user name and password in the upper left corner login area.
Click on login.
Error is now produced.

I do know that at one time I was able to force a login on my admin account.  :o   Maybe that was coincidence.


Title: Re: Nasty little Registration / XML error
Post by: emanuele on March 26, 2014, 03:57:43 pm
This is related to that one:
http://www.elkarte.net/community/index.php?topic=1169.0

For the moment we can use a workaround, in Subs.php:
Code: (find) [Select]
if (strpos($_SERVER['REQUEST_URL'], 'action=dlattach') === false && strpos($_SERVER['REQUEST_URL'], 'action=viewadminfile') === false)
Code: (replace with) [Select]
if (strpos($_SERVER['REQUEST_URL'], 'action=dlattach') === false && strpos($_SERVER['REQUEST_URL'], 'action=viewadminfile') === false && strpos($_SERVER['REQUEST_URL'], ';xml') === false)
In 1.1 it may be worth create a function to validate this kind of situations.

It may not work in all the situations (for example when coming from SSI or some custom coded page...).
Title: Re: Nasty little Registration / XML error
Post by: scripple on March 26, 2014, 04:05:01 pm
Maybe in 1.1 actions should set a flag to say set this to oldurl, or at least have the option to say don't set it, rather than just having a big function that has to guess how every action (including those in mods) is going to format urls that you can't go back to.
Title: Re: Nasty little Registration / XML error
Post by: emanuele on March 26, 2014, 05:08:52 pm
That's a possibility too.
Text only | Text with Images