We've recently migrated from WSL 2.x.x to WSL 3.0.3.
Our website uses an action to customize login markup: <?php do_action( 'wordpress_social_login' ); ?>
When clicking on "Facebook" or "Google" popup shows up, but the URL is not correct. So the error is shown and the user cannot be logged in.
Actual URL:https://xxx.xxx/wp-login.php?action=wordpress_social_authenticate&mode=loginprovider=FacebookExpected URL:https://xxx.xxx/wp-login.php?action=wordpress_social_authenticate&mode=login&provider=Facebook
Character "&" is missing.
In the PHP code I noticed, that missing character will be added in case if it's test or link mode. But nothing for login mode.
// build the authentication url which will call for wsl_process_login() : action=wordpress_social_authenticate
$authenticate_base_url = add_query_arg(
array(
'action' => 'wordpress_social_authenticate',
'mode' => 'login',
),
site_url( 'wp-login.php', 'login_post' )
);
// if not in mode login, we overwrite the auth base url
// > admin auth playground
if( $auth_mode == 'test' )
{
$authenticate_base_url = home_url() . "/?action=wordpress_social_authenticate&mode=test&";
}
// > account linking
elseif( $auth_mode == 'link' )
{
$authenticate_base_url = home_url() . "/?action=wordpress_social_authenticate&mode=link&";
}
In JS code, also no checks for ending character.
The fix might be in both PHP or JS files, for example here:
(function($){
$(function(){
$(document).on( 'click', 'a.wp-social-login-provider', function(){
popupurl = $( '#wsl_popup_base_url' ).val();
// The fix might be like this
if (popupurl.substring(popupurl.length - 1) !== '&') {
popupurl += '&';
}
provider = $(this).attr("data-provider");
var width = 768;
var height = 480;
var top = ( screen.height / 2 ) - ( height / 2 ) - 50;
var left = ( screen.width / 2 ) - ( width / 2 );
window.open( popupurl + 'provider=' + provider, 'hybridauth_social_sing_on', 'location=1,status=0,scrollbars=0,height=' + height + ',width=' + width + ',top=' + top + ',left=' + left);
});
});
})(jQuery);
I'm not sure if it's a bug or some misconfiguration from my side š
We've recently migrated from WSL 2.x.x to WSL 3.0.3.
Our website uses an action to customize login markup:
<?php do_action( 'wordpress_social_login' ); ?>When clicking on "Facebook" or "Google" popup shows up, but the URL is not correct. So the error is shown and the user cannot be logged in.
Actual URL:
https://xxx.xxx/wp-login.php?action=wordpress_social_authenticate&mode=loginprovider=FacebookExpected URL:https://xxx.xxx/wp-login.php?action=wordpress_social_authenticate&mode=login&provider=FacebookCharacter
"&"is missing.In the PHP code I noticed, that missing character will be added in case if it's
testorlinkmode. But nothing forloginmode.In JS code, also no checks for ending character.
The fix might be in both PHP or JS files, for example here:
I'm not sure if it's a bug or some misconfiguration from my side š
Thanks in advance! š