Hi,
Can someone please tell me why this âexitâ exists in subscribelib2.php? What types of hacks does it avert?
I ask because Iâm working on an ajax form (using jquery) to subscribe a user to a phplist newsletter from a distinct website without requiring our user to leave that website. Unfortunately, after my ajax form is submitted to phplist, subscribelib2.php is prematurely exiting at the line above due to âhack attemptâ.
I did some debugging. Here is the print_r() of $_POST[âlistâ] as subscribelib2.php sees it when my ajax form from a distinct domain submits to our phplist site at /lists/index.php?p=asubscribe&id=2:
Array\n(\n [2] => signup\n [] => signup\n)\n
For comparison, here is the print_r() of $_POST[âlistâ] as subscribelib2.php sees it when I attempt to subscribe from the form on the phplist site at /lists/index.php?p=subscribe&id=2
Array\n(\n [2] => signup\n)\n
As you can see, subscribelib2.php sees an additional element in the array whoose index is empty. Then the $key in the code linked above is empty, and therefore subscribelib2.php prematurely exits after the comment âhack attemptâ.
My ajax form has a hidden input as follows:
<input type="hidden" name="list[2]" value="signup" />
I do not define an input with name = âlist[]â. Iâm not sure where php is getting that input; even my browserâs js consoleâs Params tab only shows me the one named âlist[2]â with value âsignupâ. Perhaps the âlist[]â is a confused byproduct of the way jquery.ajax() serializes the data from the form before passing it to phplist?
In any case, Iâm wondering if the âhack attemptâ exit is actually useful. If it is, Iâd like to submit a PR to include comments in the code describing what it exactly is for. If itâs not doing anything, then Iâd like to submit a PR to remove that exit so that my ajax submission form (which is benevolent) will work.
Please let me know if itâs acceptable to remove the logic linked above from subscribelib2.php or not.