[#17337] - [4.0] Disallow access to internal JHtml methods
- Fixed in Code Base
- 30 Jul 2017
- Medium
- Build: 4.0-dev
- # 17337
- Diff
- mbabker:jhtml-no-internal
- Pending hound Hound is busy reviewing changes... Details
User tests: Successful: Unsuccessful:
Summary of Changes
Through JHtml::_(), it is possible to access internal methods of the JHtml class that are not public API. This PR changes the logic to detect if a non-public method of JHtml is being called and will disallow these methods to be called going forward.
Testing Instructions
Make a call to JHtml::_('extract', 'date.relative') and you'll find that the protected JHtml::extract() method is executed and the results returned to the caller without the patch applied. With the patch, an exception is now thrown.
Expected result
No access to internal class methods.
Actual result
Internal class methods can be accessed.
Documentation Changes Required
Technically this is a B/C break and should be noted as devs could conceivably call and use one of the protected methods of JHtml right now, hence the reason I'm doing this against 4.0 instead of 3.x.
joomla-cms-bot
- | Category | ⇒ | Libraries |
| Status | New | ⇒ | Pending |
wilsonge
- | Status | Pending | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2017-07-30 22:40:13 |
| Closed_By | ⇒ | wilsonge | |
| Labels |
Added:
?
|
||
I have tested this item✅ successfully on f11c95e
Looks good to me. Thanks!
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/17337.