User tests: Successful: Unsuccessful:
Pull Request for Issue #23046 .
Use the correct http schema.
Test user registration with and without forced https on http and https
Status | New | ⇒ | Pending |
Category | ⇒ | Libraries |
Value 2 is forcing http and that should still works.
Value -1
should do that also, as described above. With this patch, menu item settings aren't respected anymore.
The API for route::link is different then the https force options.
We convert it before we call route::link
you will find this in the registration.php:
$linkMode = $config->get('force_ssl', 0) == 2 ? 1 : -1;
Secure
menu item option is different from Force SSL
option in global configuration. Somewhere between 3.1 and 3.2 the description of $ssl
param was changed but behavior remained the same. This is from 3.1.0:
/**
* Translates an internal Joomla URL to a humanly readible URL.
*
* @param string $url Absolute or Relative URI to Joomla resource.
* @param boolean $xhtml Replace & by & for XML compilance.
* @param integer $ssl Secure state for the resolved URI.
* 1: Make URI secure using global secure site URI.
* 0: Leave URI in the same secure state as it was passed to the function.
* -1: Make URI unsecure using the global unsecure site URI.
*
* @return The translated humanly readible URL.
*
* @since 11.1
*/
public static function _($url, $xhtml = true, $ssl = null)
So it's technically correct that -1
forces HTTP. But we do need a new option to use protocol from request.
-1 doesn't force it, -1 uses the current protocol. It's used because it's int and not 0 but don't ask me why not NULL is used.
Without patch value -1 forces HTTP and this is fine. Changing this is going to break secure
option in menu items. Also with this patch value 2 doesn't force HTTP when current URL is HTTPS.
A B/C safe solution is to introduce another value to replace -1 wherever we want to use protocol from request.
To be more clear, behavior with both -1 and 2 is exactly the same and it must remain so.
So I rewrote route::_ and route::link to support absolute parameter.
And also deprecated -1 and added constants to the route class.
Labels |
Added:
?
|
Category | Libraries | ⇒ | Administration com_messages Front End com_users Libraries Plugins |
Thank you all for your work. The test was not successful but it is the first time I have tested a Joomla patch so please bear with me if it was my fault:
Steps to test the patch
In Joomla "staging" from https://github.com/joomla/joomla-cms
With release patch installed but no patch applied from https://github.com/joomla-extensions/patchtester/releases/tag/2.0.1
Users: Options: Allow User Registration: Yes
Users: Options: New User Account Activation: Administrators
include {loadmodule mod_login} in an article
link a published menu module to a visible menu
publish a single article menu item for the article in the visible menu
create a hidden menu not linked to any menu module
publish a menu item alias menu item for the single article menu item in the hidden menu
publish a users registration form menu item with the menu item alias menu item as owner
set all the above menu items Metadata Secure = On
select the single article menu item and select Create an account
note that registration links emailed to users and administrators do not honour the security setting but instead use http:
apply patch 24089
clear Joomla cache and expired cache and browser cache
select the single article menu item and select Create an account
Expected result
registration links emailed to users and administrators honour the security setting by using https:
Actual result
https://localhost/joomla-cms-staging/index.php/registration-form?task=registration.register
Error message: The requested page cannot be found
Error: 0 Class 'Route' not found
@chrisxchrisxchrisx please mark your test as unsuccessfully > https://docs.joomla.org/Testing_Joomla!_patches#Recording_test_results
I have tested this item
Thank you all for your work. The test was not successful but it is the first time I have tested a Joomla patch so please bear with me if it was my fault:
Steps to test the patch
In Joomla "staging" from https://github.com/joomla/joomla-cms
With release patch installed but no patch applied from https://github.com/joomla-extensions/patchtester/releases/tag/2.0.1
Users: Options: Allow User Registration: Yes
Users: Options: New User Account Activation: Administrators
include {loadmodule mod_login} in an article
link a published menu module to a visible menu
publish a single article menu item for the article in the visible menu
create a hidden menu not linked to any menu module
publish a menu item alias menu item for the single article menu item in the hidden menu
publish a users registration form menu item with the menu item alias menu item as owner
set all the above menu items Metadata Secure = On
select the single article menu item, select Create an account, complete form and submit
note that registration links emailed to users and administrators do not honour the security setting but instead use http:
apply patch 24089
clear Joomla cache and expired cache and browser cache
select the single article menu item, select Create an account, complete form and submit
Expected result
registration links emailed to users and administrators honour the security setting by using https:
Actual result
at index.php/registration-form?task=registration.register
Error message: The requested page cannot be found
Error: 0 Class 'Route' not found
I have tested this item
Thank you all for your work. The test was not successful but it is the first time I have tested a Joomla patch so please bear with me if it was my fault:
Steps to test the patch
In Joomla "staging" from https://github.com/joomla/joomla-cms
With release patch installed but no patch applied from https://github.com/joomla-extensions/patchtester/releases/tag/2.0.1
Users: Options: Allow User Registration: Yes
Users: Options: New User Account Activation: Administrators
include {loadmodule mod_login} in an article
link a published menu module to a visible menu
publish a single article menu item for the article in the visible menu
create a hidden menu not linked to any menu module
publish a menu item alias menu item for the single article menu item in the hidden menu
publish a users registration form menu item with the menu item alias menu item as owner
set all the above menu items Metadata Secure = On
select the single article menu item, select Create an account, complete form and submit
note that registration links emailed to users and administrators do not honour the security setting but instead use http:
apply patch 24089
clear Joomla cache and expired cache and browser cache
select the single article menu item, select Create an account, complete form and submit
Expected result
registration links emailed to users and administrators honour the security setting by using https:
Actual result
at index.php/registration-form?task=registration.register
Error message: The requested page cannot be found
Error: 0 Class 'Route' not found
Labels |
Removed:
J3 Issue
|
thx @chrisxchrisxchrisx fixed now
I have tested this item
Test as before yields expected result. Well done guys.
I have tested this item
Test as before yields expected result. Well done guys.
I have tested this item
I have tested this item
Status | Pending | ⇒ | Ready to Commit |
Status "Ready To Commit".
Labels |
Added:
?
|
Status | Ready to Commit | ⇒ | Fixed in Code Base |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2019-06-05 14:36:15 |
Closed_By | ⇒ | HLeithner |
It's not documented anymore, but
$ssl
with value-1
should force HTTP. It's what menu items have:joomla-cms/administrator/components/com_menus/models/forms/item_component.xml
Lines 133 to 142 in 7515081
Basing protocol on request would require another option, I think.