Navigation

Small bug in affiliates pro 3.0.1 (patch included)

By on September 8, 2018 in
Posted in

Hi, I can’t find any email or any way to submit a bug report or patch, so here goes.

This bug is breaking our shipstation export on dev environment, but can cause issues for any plugin using the common action “export”.

In class-affiliates-export.php, there’s a hook into wp_init to check for $_REQUEST[’export-nonce’] without seeing if it exists. This causes an undefined index error on dev environments for any other plugin using request action=export. Since exports are often outputting files, this index notice will send headers and break the file.

Current code:

public static function wp_init()
{
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'export' && wp_verify_nonce($_REQUEST['export-nonce'], 'export-affiliates')) {

Patched code:

public static function wp_init()
{
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'export' && isset($_REQUEST['export-nonce']) && wp_verify_nonce($_REQUEST['export-nonce'], 'export-affiliates')) {

Thanks,
-aaron

4 Responses to Small bug in affiliates pro 3.0.1 (patch included)

  1. Kento September 13, 2018 at 9:05 am #

    Many thanks for pointing out the issue – your suggested fix is correct from what I can see, we need to add this. Thank you very much for taking the time to report it and for providing the fix!

  2. Whitney September 8, 2018 at 6:30 pm #

    Also: the line numbers will differ in your version, as I formatted the class-affiliates-export.php for debugging. It’s line 2 in the file version provided.

  3. Whitney September 8, 2018 at 6:29 pm #

    Hi,

    The plugin is shipstation, but it could happen with others. It also uses the request variable “action” and sets it to “export”, as others could do.Any plugin using this common key/value pair for export could trigger this warning, since wp_init is hooked and there’s no further check to see if this is an affiliates pro call.

    It only appears if you have E_NOTICE enabled, so primarily for dev environments. But it’s still a bug that can be eliminated with the above patch. And as I mentioned, it will break file output since headers are sent. Error below:

    Notice: Undefined index: export-nonce in …/wp-content/plugins/affiliates-pro/lib/ext/includes/class-affiliates-export.php on line 235

    Warning: Cannot modify header information – headers already sent by (output started at …/wp-content/plugins/affiliates-pro/lib/ext/includes/class-affiliates-export.php:235) in …/wp-content/plugins/woocommerce-shipstation/includes/api-requests/class-wc-shipstation-api-export.php on line 2

  4. George September 8, 2018 at 4:25 pm #

    Hi Whitney,

    Thanks for mentioning the bug and for the patch suggestion.
    Do you get anything logged in the debug.log? When does it occur?

    Although wp_verify_nonce checks if the nonce is empty and it shouldn’t produce an issue, it definitely needs further investigation.
    If you could provide some more info on this, like if you use another plugin etc, that would be grateful.

    Kind regards,
    George

We use cookies to optimize your experience on our site and assume you're OK with that if you stay.
OK, hide this message.

Affiliates · Contact · Jobs · Terms & Conditions · Privacy Policy · Documentation · Downloads · Useful Plugins · My Account

Share