Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Bugfix - Facebook Connect does not auto-pull email address due to incorrect API call

When a user clicks to create a new account via Facebook Connect, Vanilla tries unsuccessfully to pull the user's email from the Facebook API.

Since the email pull fails, a new page emerges in which the user is asked to manually re-type the email and username:

This is particularly bad because it completely defeats the forum option to "Use Facebook names for usernames." Instead, the user is forced to manually type in a username, as well as their email.

The problem lies in a single malformed API call. In class.facebook.plugin.php, in getProfile($AccessToken), we have the following line:

$Url = "$AccessToken";

This is a call to /me without specifying what fields you want. As a result, Facebook automatically spits out only the name and id as follows:

{ "name": "Mike Battaglia", "id": "10102191134460877" }

To fix this, simply change the request to this:

$Url = "$AccessToken&fields=name,id,email";

and now everything works flawlessly.



Sign In or Register to comment.