[5.3] Router: Discover tainted URLs for core components #44477
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 tasks
|
I have tested this item ✅ successfully on 1e5d91a This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/44477. |
9 tasks
Quy
reviewed
Nov 19, 2024
|
I have tested this item ✅ successfully on 1e5d91a This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/44477. |
|
RTC This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/44477. |
|
Thanks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary of Changes
The routing in Joomla has had 2 issues in the past: When IDs were enabled in URLs you could basically modify the alias part of the URL at will and if you wanted to switch from ID based URLs to those without, there was no way to automatically redirect everything. This PR tries to fix both issues.
The PR is depending on #44455 to mark a parsed URL as tainted. There are two modes here:
This PR was made possible by the support of djumla. Thank you for that.
IDs switched on
When reading the content item or category segment of a URL, the ID is read and based on that ID the alias is read from the database and if the two don't match, the URL is marked as tainted and later redirected to the "correct" URL. (#43992 is fixing the alias for that URL then) This prevents modified aliases in the URL.
IDs switched off
If IDs are switched off, we are first searching for the normal content item or category as we are doing now, but when we don't find a match, we assume that we are actually reading a legacy URL with IDs switched on. In that case we mark the URL as tainted (regardless of it being totally broken or not, since when we fail to parse the URL at all, we already throw a 404 before we reach the handling of tainted URLs) and then compare the segment with the segment we would get with IDs enabled. If that matches, we return the ID and later redirect to the correct URL. This means that you can switch from ID-based URLs to "clean" URLs and Joomla will automatically redirect all pages to the correct URLs.
Testing Instructions
Actual result BEFORE applying this Pull Request
for 1.: You get the same content with more than one URL
for 2.: You get a 404 error
Expected result AFTER applying this Pull Request
for 1.: You are redirected to the right URL again with the correct alias.
for 2.: You are redirected to the right URL without IDs
Link to documentations
Please select:
Documentation link for docs.joomla.org:
No documentation changes for docs.joomla.org needed
Pull Request link for manual.joomla.org:
No documentation changes for manual.joomla.org needed