I dont believe your analysis on your blog post is correct

. Imagine if you have several missing images on your pages, then you can see that the problem can become substantial, because each one will generate a separate load of the CMS.
Yes if you enter a non existent image into the url address bar you will get the Joomla error page

If you have a non existent image in a web page then this is not the case and the server handles the 404. Please provide an example of where a missing image on a web page exhibits the behaviour you describe in your blog post

Actually Brian I think you are correct, I made a mistake during testing. I will close the pull request.

Probably a good idea to close your blog post as well

On 31 October 2016 at 10:53, Fiona Coulter notifications@github.com wrote:

Actually Brian I think you are correct, I made a mistake during testing. I
will close the pull request.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#12657 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABPH8YZ1jbt5T-YwX4D8lBF-1aug0Kqzks5q5ci5gaJpZM4Kk3M0
.

Brian Teeman
Co-founder Joomla! and OpenSourceMatters Inc.
https://brian.teeman.net/ http://brian.teeman.net/

Well it may be useful sometimes. But I will add some claficiation. I originally wrote it because I was dealing with a site where this was an issue, and the modification to the .htaccess helped. I think this was because the site used a .htaccess inherited from Joomla 2.5 where I think this really was an issue. This was the source of my error, I was doing a lot of testing, had a lot of .htaccess files, and tested against the wrong one.

In Joomla 3 I think it is this line which already prevents the issue:

RewriteCond %{REQUEST_URI} /component/|(/[^.]*|.(php|html?|feed|pdf|vcf|raw))$

So no need for any modification.

My apologies for the confusion.

In Joomla 2.5 the behaviour is the same
See http://www.joomlatraining.org.uk/fiona as an example

RewriteCond %{REQUEST_URI} /component/|(/[^.]*|.(php|html?|feed|pdf|vcf|raw))$

That line does not exist in the Joomla htaccess file
https://github.com/joomla/joomla-cms/blob/staging/htaccess.txt

Of course its your choice if you want to gain a reputation for publishing false blog posts

Brian, I have already added a note in big letters to the post saying that is is an outdated article and does not apply to Joomla 3.

Since you seem to be determined to make a meal of something that was just an honest mistake, lets be clear, this is not about this issue at all, but my other blog post.

Apart from the rather click-baity headline, which I do regret now because it seems to have attracted a lot of attention from people who clearly could not be bothered to read the actual post, presumably because it was too much of a "wall of text", please point me to anything in the article which is incorrect? I will be happy to correct it. I was simply interested in how the vulnerability came about, which seems to be a legitimate question.

I find it ironic that I am being accused of discouraging people from contributing to open source projects, when I have been told to "f*ck off" by a member of the JSST for simply asking a question. Hardly encouraging open debate is it?

Grow up, the lot of you.

No I am only referring to this blog post and as I stated above it doesnt apply to Joomla 2.5 or Joomla 1.5 either.

I cannot comment on what someone else might have said about your other blog post. I can say that personally speaking I was very disappointed at that other blog post but that is not relevant.

I am sure that at the end of the day we all want the best for Joomla and the community and inaccurate and misleading blog posts dont help

Closing and locking this conversation as it is widely off the original topic