[#22677] - Fix redirection from a restricted page to the page with associated language after log in
- Closed
- 18 Oct 2018
- Medium
- Build: staging
- # 22677
- Diff
- csthomas:fix_app_assoc
User tests: Successful: Unsuccessful:
Summary of Changes
This patch fix a redirection issue on a multilingual website with association enabled.
Testing Instructions
On multilingual website create two associated articles (in English and in other one, e.g. Polish), then create separated menu item for them:
/en/blog/simple-article
/pl/blog/prosty-artykul
and associate them (menu items for articles) with each other.
Create a user with frontend Polish language. Go to /en/blog/simple-article. After log in you will go to /pl/blog/prosty-artykul. It works before and after patch.
Now go to backend and set Access Level to Registered for both menu items.
Log out and go to /en/blog/simple-article, it should redirect you to login page.
Expected result
After log in you are redirected to /pl/blog/prosty-artykul - association works correctly
Actual result
After log in you are redirected to /en/blog/simple-article - association does not work
Note
There is a change in libraries/src/Router/SiteRouter.php, which does not set $vars['limitstart'] in processParseRules() but it is set later in (parseRawRoute, parseSefRoute)
and
I changed it in order to include limitstart URL query parameter in $this->getVars() result.
Documentation Changes Required
No
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Libraries Unit Tests |
I guess you have set language filter to Automatic Language Change?
Yes
I see the issue, but the order of things here is wrong. We have to first check the access level of the content item and do the redirect to the login and if that was successfull, we can do the redirect to some other content. The way it is now, that it redirects directly to the associated content item, this could even be considered a security issue, since it is an information disclosure. You have a hidden article and then you are disclosing that you have another hidden article in another language.
I can have an URL to some restricted article from a various places, newsletters.
After log in I should be able to see content and this is OK in J3.
The newsletters may have only English version URLs.
My intension when "Automatic Language Change" is ON.
if the administrator in the meantime adds an another article association (in my language) to the article then I should be redirected to my native language.
I see I was wrong.
this could even be considered a security issue, since it is an information disclosure. You have a hidden article and then you are disclosing that you have another hidden article in another language.
Hidden (e.g. only for Registered users), if another hidden article/menu item in another language has different access then the System - Language Filter should check that before redirecting to another page.
I don't think that you are wrong, I'm just saying that the order of things right now is not right. We first have to check for the access setting and then do the redirect for associated items.
I do not know I understand you correctly.
Do you agree to do this on J4? Or I can do this for J3 if I add check access...
Where should be the access checked, in "System - Language Filter" or somewhere before?
The current system is wrong. the language filter plugin does a redirect without any regard to the access setting and it currently can't know about those. So we would have to add an access column to the associations table and only do redirects when the current user has access to them. Otherwise the component would first have to handle the checks and redirect to the login page or something like that. Such a change is not possible in 3.x and would have to be delayed to 4.0.
Your current changes would not be necessary then anymore and thus would not break B/C.
Simply said, we would have to add an access column to the associations table and check if there is an association for the current item AND user access level and only then do the redirect.
Hmm, menu item has access column, article has access column, another associated article has access column.
If I check access to associated menu item and to the article in the another language then it should be enough. I'm not very familiar with association component so I probably miss something.
One more explanation
echo JUri::getInstance() - returns SEF URL like "/news/people/1-article" but
$uri = new \JUri('index.php');
$uri->setQuery($this->getRouter()->getVars());
echo $uri->toString();
will return non SEF URL like index.php?Itemid=101&option=com_content&...
Thanks to this I can have Itemid parameter and I can use it to find the correct association item.
I know that you would say, that association works without it, but do you know how?
When Joomla show you "Read more" to restricted article then it is generated as
<?php $menu = JFactory::getApplication()->getMenu(); ?>
<?php $active = $menu->getActive(); ?>
<?php $itemId = $active->id; ?>
<?php $link = new JUri(JRoute::_('index.php?option=com_users&view=login&Itemid=' . $itemId, false)); ?>
<?php $link->setVar('return', base64_encode(ContentHelperRoute::getArticleRoute($this->item->slug, $this->item->catid, $this->item->language))); ?>the return parameter does not contain Itemid that could be easy get by $app->input->get('Itemid'); (without additional parsing SEF URL)
The Itemid is retrieved from forced active menu (JRoute::_('index.php?option=com_users&view=login&Itemid=' . $itemId, false)) and used in "System - Language Filter" plugin.
| Status | Pending | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-10-18 10:30:24 |
| Closed_By | ⇒ | csthomas | |
| Labels |
Added:
?
?
|
||
The associations don't just work for articles. The same system/table is used for contacts, products in shops, documents in a download component, etc.
@Hackwar What do you thing about this?