joomla-framework / filter Goto Github PK
View Code? Open in Web Editor NEWJoomla Framework Filter Package
License: GNU General Public License v2.0
Joomla Framework Filter Package
License: GNU General Public License v2.0
It seems that beginning with version 2.0.0-beta3, the filter package breaks saving Global Configuration in the 4.0-dev branch of the CMS, see joomla/joomla-cms#32207 (comment) .
I.e. update the filter package on J4 to version 2.0.0-beta3 or 2.0.0-beta4. Then go to Global Configuration and try to save.
Works.
PHP Recoverable fatal error: Object of class stdClass could not be converted to string
in /home/richard/lamp/public_html/joomla-cms-4.0-dev/libraries/vendor/joomla/filter/src/InputFilter.php on line 239,
referer: https://www.joomla-40-dev.vmkubu02.vmnet2.local/administrator/index.php?option=com_config
Please see:
joomla/joomla-cms#4492
@mbabker Is it time for a 1.1.7 release of the filter package?
Paths with dots at the beginning of folder or file name doesn't pass current path filter regular expressions. For example /var/www/.secret
doesn't pass, even it is valid path. This influence Joomla CMS update system, when used such path for global temp dir.
Set in Joomla global configuration Temp path with hidden folder (starting with dot), for example /var/www/.tmp
.
Go to Joomla update component and try to download and install update.
No error, update is installed.
Error is displayed, update is not installed.
Joomla CMS with Joomla Filter 1.4.3
This is B/C break in Joomla CMS, as it influence Joomla update system. Path doesn't pass filter, so returns empty string, which causes updater to fail download update file, with incorrect error message.
Tried to solve it in joomla/joomla-cms#33151, which was incorrect, as I was noticed of double dots folders (and also PR to wrong project :))
This is an issue that was found out in joomla/joomla-cms#38993 and is still valid in the current codebase of the filter package. In 0556634 the language class from the CMS is used in the OutputFilter class and besides that, the use-statement is wrong. So right now this stringUrlSafe() does not work.
var_dump((new Joomla\Filter\InputFilter)->clean(1, 'raw'));
int 1
string '1'
Since e4d3d15.
/var/www/vhosts/website-net/subdomain-website-net/._hiddenTemp
/var/www/vhosts/website.net/subdomain.website.net/._hiddenTemp
/var/www/vhosts/website-net/subdomain-website-net/._hiddenTemp
/var/www/vhosts/website.net/subdomain.website.net/._hiddenTemp
/var/www/vhosts/website-net/subdomain-website-net/._hiddenTemp
``
Plesk servers use the domain/subdomain pattern 2 so this is a live issue.
Additionally the use of hidden files/folders is a valid and security enhancing use case - setting the Joomla tmp or log directory to a hidden *nix folder is a good thing. Also can be used to install a hidden Joomla installation in an obscure and hidden sub-folder of a live site.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.