Ok, this is for perfectionists! For most users this wouldn't be an issue.

How to simulate this:

1. Invite a user with a email with '+' in it. This according to rfcs are valid. So something like user+1@email.com is a perfectly valid email id
2. Now try deleting this invite
3. You'll get a message saying this is deleted, but the email will still be there
4. This is because, + in urlencode is translated as space thus the above email will be searched as user1@email.com which will fail in the sql query

Enough babble, where's the fix?

function invite_delete($email) {
global $user;

//RD: when email has + in it, that is equal to space in an encoded
//url. urlencode converts space to +
//rawurldecode does not convert + back to space thus preserving +
$email = urlencode($email);
$email = rawurldecode($email);

if ($email){

This should fix the problem. If the email doesn't have a + then this isn't an issue at all.

Comments

AjK’s picture

AjK commented
Status: Active » Fixed

Committed to DRUPAL-4-7 and DRUPAL-5. Thanks.

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)
AjK’s picture

AjK commented
Status: Closed (fixed) » Active

This patch/commit actually broke delete altogether and so was rolled back by http://drupal.org/node/113539

As it stands, the module is "a little" broken rather than totally broken regarding deletions. I don't have too much time to look at it now so suggestions/patches welcome.

knseibert’s picture

knseibert commented

I can't reproduce this error in version 5. And version 4.7 of invite_delete() does not seem any different. Is this bug still active?

smk-ka’s picture

smk-ka commented
Status: Active » Fixed

I can't either. Marking as fixed, as the current implementation seems to work flawlessly.
--
Stefan Kudwien
www.unleashedmind.com

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)