Image should be uploaded to the current sub folder
Image is uploaded to the root /images/ folder
Joomla 3.8.8
Testing on sites using these two configurations:
PHP 7.0.30
Apache
cgi-fcgi PHP interface
PHP 7.1.17
LiteSpeed
litespeed PHP interface
I've confirmed this issue on 4 different 3.8.8 installs.
Uploading files from the media manager (Content > Media) does not have this issue; only uploading files from the modal window.
In comparing the request sent between the Content > Media upload and the Modal upload there is difference in the "folder" query string parameter:
Content > Media:
https://www.*.com/administrator/index.php?option=com_media&task=file.upload&tmpl=component&a060f310b0b3488489015fe158b7c9f9=7gq9043nuoe8gqflgki7l4rke1&ef7e91aa39a03bf2f8dc0971139f2f8a=1&format=html&folder=stories/2018
Modal:
https://www.*.com/administrator/index.php?option=com_media&task=file.upload&tmpl=component&a060f310b0b3488489015fe158b7c9f9=7gq9043nuoe8gqflgki7l4rke1&ef7e91aa39a03bf2f8dc0971139f2f8a=1&asset=com_content&author=&view=images&folder=stories%252F2018
As you can see, the first one is not escaped at all. The second one is double-escaped.
The double escaping is resulting in /administrator/com_media/controllers/file.php line 45 to return an empty string:
$this->folder = $this->input->get('folder', '', 'path');
Which is what is leading to the images being uploaded to the root images folder.
/administrator/com_media/views/imageslist/tmpl/default_folder.php
/administrator/com_media/views/imageslist/tmpl/default_image.php
/administrator/com_media/views/images/tmpl/default.php
That didn't seem to have any affect on the issue (the folder value is still double-escaped).
Labels |
Added:
?
|
Status | New | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-05-29 17:05:34 |
Closed_By | ⇒ | drewgg |
Ah, fooy. My initial search of open issues didn't reveal #20586. I've added that patch and the issue is fixed.