Thread

I tried updating the mod.member_register.php to redirect after registration as shown below:

$data = array(    'title'     => $LANG->line('mbr_registration_complete'),
                        'heading'    => $LANG->line('thank_you'),
                        'content'    => $LANG->line('mbr_registration_completed').$message,
                        'redirect'    => "http://www2.testing.com/l/51/2008-05-06/CF6F?email=".$data['email']
                ."&firstname;=".$cust_fields['m_field_id_1']."&lastname;=".$cust_fields['m_field_id_11'],
                        'link'        => array($return, $site_name)
                     );

I changed the values of redirect… which seemed to work fine as the meta-refresh on success page is correctly specified.

However, for some reason… the value of redirect is changed/encoded into somethng like…

<a href="http://www2.testing.com/l/51/2008-05-06/[email protected]&firstname=allan&lastnametan">http://www2.testing.com/l/51/2008-05-06/[email protected]&firstname;=allan&lastname;tan</a>

The value in firstname=allan had a semicolon just before equal sign… looks like some encoding is performed.

Anybody care to explain and show how it should be done properly.

What is your ultimate goal here? Where are you wanting the redirect to go?

Solspace has an offering that will do this.

We want it to redirect to some analytics tool so we can keep track of registrations… we prefer not to buy another commercial package for this.

Just to clarify… the problem is when we manually specify the URL for redirection via php like

'redirect'    => "http://www2.testing.com/l/51/2008-05-06/CF6F?email=".$data['email']
                ."&firstname;=".$cust_fields['m_field_id_1']."&lastname;=".$cust_fields['m_field_id_11']

No semicolon after the = (e.g. &firstname;=)

The response become contains:

http://www2.testing.com/l/51/2008-05-06/[email protected]&firstname;=allan&lastname;tan

where semicolon is added (&firstname;=) and the semicolon breaks the analytics so we are unable to log the data properly

ok… this is creepy… I posted my original code with the semi-colon between firstname and =.
After I submitted the post, my message becomes encoded with the semicolon as you can see in post above.
Sounds like PHP is encoding this char… any suggestions how to go around this?

On the forum, I believe you’re running into a security filter.  For the redirect…  Hm- I’d probably just put their user id in there- then do a query on the page you redirect them to in order to pull out any relevant data.  May be the issue here- in a quick look, it’s running the redirect through xss_clean:

$REGX->xss_clean($data['redirect']

Money bet, that’s the issue.

But let me shift this one over to ‘How to’ as it’s mostly php and hacking.

Anyone knows how I can change my URL so I can post to a URL with the parameters properly?
I mean, if xss_clean is encoding it, is there a reverse way of writing the URL so parameters will be rendered correctly after xss_clean?