wpForo mangles site URLs that contain port number (:xxxx)
We are developing a WordPress site and have multiple development sites hosted on different ports on the same host. Our site URLs look something like `mysite.mybox.com:1234`. When clicking some wpForo links (going to the next page on forums, synching user profiles, regenerating topic statistics), wpForo tries to do the action but it is blocked by some browsers (Chrome, Edge) and user/admin is sent to an "about:blank#blocked" screen.
After some debugging, I have discovered that the issue is that wpForo calls a function `can_do` in Actions.php, which then calls `wpforo_get_request_uri` in functions.php, which then eventually calls `wpforo_fix_url`. In this last function, the URL is being rewritten with an escape code for the colon in our site URL. For example:
[15-Dec-2022 03:05:00 UTC] old url: http://mysite.mybox.com:1234/wp-admin/admin.php?page=wpforo-overview&wpfaction=synch_user_profiles&_wpnonce=08564289f1
[15-Dec-2022 03:05:00 UTC] new url: http://mysite.mybox.com%3a1234/wp-admin/admin.php?page=wpforo-overview&wpfaction=synch_user_profiles&_wpnonce=08564289f1
Notice that in the second 'new url' after `wpforo_fix_url` is called, the colon is converted to %3a. This raises Chrome/Edges alert, because it seems like a site is trying to redirect me to another site.
If I comment out `wpforo_fix_url` in `wpforo_get_request_uri`, then everything runs as it should and all of the actions can run without Chrome choking.
This is the cause of this bug report: https://wpforo.com/community/general-forums-bug-reports/updating-user-statistics-leads-to-blank/
I am seeing the same problem !