Bug with Form Maker Registration

Francisco Javier Viejo

Hi, i found this important bug in Form Maker Registration after months with no answers:

In model.php file, get_data() method do a query without indicate selections (SELECT * FROM):

Guys, its an important anti-pattern...

Due to that, when try to collect user data to save in controller.php, $another_param could have more fields that expected:

In my case, the field that comes is an Object that can not be read by str_replace function due to it is not a string. This not expected field comes when I enable 'Advanced Custom Fields PRO' plugin, but sure that others plugin could add not expected fields here. So an fatal error is thrown.

Could be fixed, please?

Thanks a lot!

 

 

0

Comments

1 comment

Sort by Date Votes
  • Francisco Javier Viejo

    Ok, i investigate better:

    $another_params_array contains column 'another_params' of DB. So the solution is intersect $another_params_array with the keys that we expect. I add that condition in the first foreach:

    if (in_array($key, array('user_reg', 'username', 'password', 'email', 'first_name', 'last_name', 'role', 'info', 'website', 'check_show_other_params', 'additional_data'))) { ... }

    I attach the controller.php fixed:

    <?php

    /**
     * Class WD_FM_REG_controller
     */
    class WD_FM_REG_controller {

      private $model;
      private $view;

      function __construct() {
        require_once 'model.php';
        require_once 'view.php';
        $this->model = new WD_FM_REG_model();
        $this->view  = new WD_FM_REG_view();
      }

      /**
       * Frontend.
       *
       * @param array $params
       */
      public function frontend( $params = array() ) {
        // create user
        $fvals = $params[ 'fvals' ];
        $form_id = $params[ 'form_id' ];
        $custom_fields = $params[ 'custom_fields' ];
        $reg = $this->model->get_data( $form_id );
        if ( $reg->use_reg ) {
          $row = array(
            "username" => '',
            "email" => '',
            "first_name" => '',
            "last_name" => '',
            "role" => '',
            "info" => '',
            "website" => '',
            "password" => ''
          );
          foreach ( $row as $key => $tuft ) {
            $row[ $key ] = $reg->$key;
            foreach ( $fvals as $fval_key => $fval ) {
              $row[ $key ] = str_replace( $fval_key, $fval, $row[ $key ] );
            }
            foreach ( $custom_fields as $custom_key => $custom_val ) {
              if ( (strpos( $row[ $key ], '%' . $custom_key . '%' ) > -1) || (strpos( $row[ $key ], '{' . $custom_key . '}' ) > -1) ) {
                $key_replace = array( '%' . $custom_key . '%', '{' . $custom_key . '}' );
                $row[ $key ] = str_replace( $key_replace, $custom_val, $row[ $key ] );
              }
            }
          }
          if ( $row[ "role" ] == "" ) {
            $row[ "role" ] = "**conds**";
          }
          $r = explode( '**conds**', $row[ "role" ] );
          $row[ "role" ] = $r[ 0 ];
          $r_params = $r[ 1 ];

          if ( strpos( $r_params, "**reg_conds**" ) !== false ) {
            $reg_arr = explode( '**reg_conds**', $r_params );
            $reg_arr = array_slice( $reg_arr, 0, count( $reg_arr ) - 1 );
            foreach ( $reg_arr as $kk => $t ) {
              $t_arr = explode( '****', $t );

              if ( $fvals[ '{' . $t_arr[ 0 ] . '}' ] == $t_arr[ 1 ] ) {
                $row[ "role" ] = $t_arr[ 2 ];
                break;
              }
            }
          }
          if ( username_exists( $row[ "username" ] ) == null ) {
            $show_pass = 0;
            if ( !$row[ "password" ] ) {
              $show_pass = 1;
              $row[ "password" ] = wp_generate_password( 12, false );
            }
            $userdata = array(
              'user_login' => $row[ "username" ],
              'user_pass' => $row[ "password" ],
              'user_url' => $row[ "website" ],
              'user_nicename' => $row[ "username" ],
              'user_email' => $row[ "email" ],
              'first_name' => $row[ "first_name" ],
              'last_name' => $row[ "last_name" ],
              'description' => $row[ "info" ],
              'role' => $row[ "role" ]
            );
            $user_id = wp_insert_user( $userdata );
            if (!is_wp_error($user_id)) {
              if ( $show_pass ) {
                $this->msg = __( 'Your password is', WDFM()->prefix ) . ' <b>' . $row[ "password" ] . '</b>';
                $this->error = false;
                add_filter( 'fm_output_error_from_add_ons', array( $this, 'set_error_message' ), 10, 3 );
              }
              $another_params_array = json_decode( stripslashes( trim( htmlspecialchars_decode( $reg->another_params ), '"' ) ) );
              foreach ( $another_params_array as $key => $another_param ) {
    			if (in_array($key, array('user_reg', 'username', 'password', 'email', 'first_name', 'last_name', 'role', 'info', 'website', 'check_show_other_params', 'additional_data'))) {
    			  foreach ( $fvals as $fval_key => $fval ) {
    				$another_param = str_replace( $fval_key, $fval, $another_param );
    			  }
    			  foreach ( $custom_fields as $custom_key => $custom_val ) {
    				if ( (strpos( $another_param, '%' . $custom_key . '%' ) > -1) || (strpos( $another_param, '{' . $custom_key . '}' ) > -1) ) {
    				  $key_replace = array( '%' . $custom_key . '%', '{' . $custom_key . '}' );
    				  $another_param = str_replace( $key_replace, $custom_val, $another_param );
    				}
    			  }
    			  if ( !add_user_meta( $user_id, $key, $another_param, true ) ) {
    				add_user_meta( $user_id, $key, $another_param );
    			  }
    			}
              }
            }
            else {
              $this->msg = __( 'Unexpected error occurred.', WDFM()->prefix );
              $this->error = true;
              add_filter( 'fm_output_error_from_add_ons', array( $this, 'set_error_message' ), 10, 3 );
            }
          }
          else {
            $this->msg = __( 'This username is already registered. Please choose another one.', WDFM()->prefix );
            $this->error = true;
            add_filter( 'fm_output_error_from_add_ons', array( $this, 'set_error_message' ), 10, 3 );

          }
        }
      }

      public function set_error_message( $values = array() ) {
        if ( $this->error ) {
          $values['error']['WD_FM_REG'] = TRUE;
        }
        $values['message']['WD_FM_REG'] = $this->msg;
        return $values;
      }

      /**
       * Display.
       *
       * @param array $params
       */
      public function display( $params = array() ) {
        $form_id = $params['form_id'];
        $data = $this->model->get_data( $form_id );
        $params['data'] = $data;
        $label_all = $this->model->get_label_all( $form_id );
        $params['label_all'] = $label_all;
        $params['reg_params'] = array('username', 'password', 'email', 'first_name', 'last_name', 'role', 'info', 'website');
        $params['reg_params_name'] = array(__('Username (required)', WDFM()->prefix), __('Password', WDFM()->prefix), __('Email', WDFM()->prefix), __('First Name', WDFM()->prefix), __('Last Name', WDFM()->prefix), __('Role', WDFM()->prefix), __('Biographical Info', WDFM()->prefix), __('Website', WDFM()->prefix));

    	$this->view->display($params);
      }

      /**
       * Save.
       *
       * @param int $id
       * @return bool
       */
      public function save( $id = 0 ) {
        $this->model->save($id);
      }

      /**
       * Save.
       *
       * @param  int $id
       * @param  int $new_id
       * @return bool
       */
      public function duplicate( $id, $new_id ) {
        $this->model->duplicate($id, $new_id);
      }

      /**
       * Delete.
       *
       * @param int $id
       * @return bool
       */
      public function delete( $id = 0) {
        $this->model->delete($id);
      }
    }

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post