Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix the construction of category routes to include the correct layout #20304

Closed
wants to merge 1 commit into from
Closed

Fix the construction of category routes to include the correct layout #20304

wants to merge 1 commit into from

Conversation

continga
Copy link

@continga continga commented May 5, 2018
edited
Loading

This commit fixes a bug where special characters like a semicolon get incorrectly removed from the layout parameter, leading to the url using an invalid layout.

Summary of Changes

Using the ContentHelperRoute class to construct a category route can sometimes result in generating an invalid url. The layout parameter has been obtained by JInput::get which by default will use the cmd filter, which removes certain special characters from the string.

We should use the string filter instead here, which allows more characters than cmd. Note: This does not introduce any security issues as far as I'd assess, because XSS-suspicious strings still get removed by the string filter, and other stuff should be catched by url-encoding methods such as JRoute::_. I might have overseen something though, so if somebody could confirm this I'd be very happy.

Testing Instructions

Create a layout with some special characters in it, e.g. a semicolon. This is e.g. being used YOOthemes Warp Framework to split the used layout and the used style from each other.
Then call this method from somewhere and notice that your semicolon has been removed, leading to an incorrect link.

Expected result

The link should contain the correct layout paramater.

Actual result

The link contains a layout parameter with certain special characters removed, leading to an incorrect link as the layout will not be found and the default layout used instead.

Fix the construction of category routes to include the correct layout…
c2f5681 
… name.

This commit fixes a bug where special characters like a semicolon get incorrectly
removed from the layout parameter, leading to the url using an invalid layout.
mbabker
mbabker approved these changes May 5, 2018
View reviewed changes
Copy link
Contributor

@mbabker mbabker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is consistent with how BaseController::display() reads the request to determine the layout to use when rendering the page, seems fair to me.

@zero-24 zero-24 added this to the Joomla 3.8.8 milestone May 5, 2018
@SharkyKZ
Copy link
Contributor

SharkyKZ commented May 5, 2018

This is already fixed in #20229.

@zero-24
Copy link
Contributor

zero-24 commented May 5, 2018

As the PR #20229 got merged where the issue got adressed in a different way too I'm going to close here.

@zero-24 zero-24 closed this May 5, 2018
@zero-24 zero-24 removed this from the Joomla 3.8.8 milestone May 5, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mbabker mbabker mbabker approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@continga @SharkyKZ @zero-24 @mbabker @joomla-cms-bot