Users running a non-download version of Vanilla (pulled from github), on branch release/2019.016 or master from the last 2 weeks should upgrade to release/2019.017 or latest master for security reasons. Downloaded official open sources releases are not affected.
Please upgrade here. These earlier versions are no longer being updated and have security issues.

Bugfix - Facebook Connect does not auto-pull email address due to incorrect API call

When a user clicks to create a new account via Facebook Connect, Vanilla tries unsuccessfully to pull the user's email from the Facebook API.

Since the email pull fails, a new page emerges in which the user is asked to manually re-type the email and username:

This is particularly bad because it completely defeats the forum option to "Use Facebook names for usernames." Instead, the user is forced to manually type in a username, as well as their email.

The problem lies in a single malformed API call. In class.facebook.plugin.php, in getProfile($AccessToken), we have the following line:

$Url = "$AccessToken";

This is a call to /me without specifying what fields you want. As a result, Facebook automatically spits out only the name and id as follows:

{ "name": "Mike Battaglia", "id": "10102191134460877" }

To fix this, simply change the request to this:

$Url = "$AccessToken&fields=name,id,email";

and now everything works flawlessly.



Sign In or Register to comment.