Joomla! Issue Tracker | Joomla! CMS #15794 - Frontend com

J3 Issue ?

Closed
10 Feb 2019
Medium
Build: master
# 15794

PhilETaylor
3 May 2017

Steps to reproduce the issue

http://joomla4/index.php?option=com_config&view=modules = Call to a member function getLabel() on null

http://joomla4/index.php?option=com_config&view=templates = Call to a member function getFieldsets() on null

http://joomla4/index.php?option=com_config&view=config = Call to a member function getFieldset() on null

E.g.

PhilETaylor - open - 3 May 2017

joomla-cms-bot - change - 3 May 2017

Labels

Added: ?

joomla-cms-bot - labeled - 3 May 2017

PhilETaylor - edited - 3 May 2017

joomla-cms-bot - change - 3 May 2017

The description was changed

joomla-cms-bot - edited - 3 May 2017

franz-wohlkoenig - change - 3 May 2017

Category

⇒

com_config Front End

joomdonation - comment - 3 May 2017

I don't know how com_config is used in frontend but just checked and saw that the same error happens with Joomla 3.7, so this is not really an issue with Joomla 4

PhilETaylor - edited - 3 May 2017

PhilETaylor - change - 3 May 2017

Title

…

~~[4.0]~~ Frontend com_config issues

Frontend com_config issues

joomla-cms-bot - change - 3 May 2017

Title

…

~~[4.0]~~ Frontend com_config issues

Frontend com_config issues

joomla-cms-bot - edited - 3 May 2017

PhilETaylor - comment - 3 May 2017

franz-wohlkoenig - change - 9 May 2017

Status

New

⇒

Discussion

joomla-cms-bot - change - 9 May 2017

The description was changed

joomla-cms-bot - edited - 9 May 2017

joomla-cms-bot - change - 9 May 2017

Title

…

Frontend com_config issues

[4.0] Frontend com_config issues

brianteeman - comment - 14 May 2017

its true that you get an error if you go to the reported urls but i dont see where you can generate those urls except by typing them directly

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/15794.}

PhilETaylor - comment - 14 May 2017

And there lies in the bug, hackers don't care if you cannot generate urls, they will find a way to generate urls manually, and test that the result in output has some juicy information - these urls luckily generate error messages, instead of disclosing information

NO url I can craft to your site should return a PHP fatal error, information disclosure or the like, this should be correctly handled.

brianteeman - comment - 14 May 2017

as they correctly disclose error messages and do not disclose information what is the problem

PhilETaylor - comment - 14 May 2017

They do not "correctly" disclose error messages - that is the whole point. They disclose PHP errors, not correctly handled errors and exceptions.

brianteeman - change - 25 Mar 2018

Labels

Added: J4 Issue

brianteeman - labeled - 25 Mar 2018

joomla-cms-bot - edited - 20 May 2018

Quy - change - 20 May 2018

Title

…

~~[4.0]~~ Frontend com_config issues

Frontend com_config issues

Quy - comment - 20 May 2018

This is a v3 issue and not v4. Removed [4.0] from title.

@brianteeman Please change label to J3 Issue. Thanks.

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/15794.}

zero-24 - change - 20 May 2018

Labels

Added: J3 Issue
Removed: J4 Issue

zero-24 - labeled - 20 May 2018

zero-24 - unlabeled - 20 May 2018

PhilETaylor - change - 10 Feb 2019

Status	Discussion	⇒	Closed
Closed_Date	0000-00-00 00:00:00	⇒	2019-02-10 21:33:46
Closed_By		⇒	PhilETaylor

PhilETaylor - close - 10 Feb 2019

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#15794] - Frontend com_config issues

Steps to reproduce the issue

Add a Comment