Joomla! Issue Tracker | Joomla! CMS #27835 - [4.0]fix change undefined $cspValue to $row in method compileAutomaticCspH…

? ? ?

Closed
11 Mar 2020
Medium
Build: 4.0-dev
# 27835
Diff
Kicktemp:4.0-dev

Pending

Pending Hound Hound is busy sniffing around... Details

User tests: Successful: Unsuccessful:

nielsnuebel
7 Feb 2020

This PR solves the problem of an undefined variable $cspValue copied from the method setCspHeader to compileAutomaticCspHeaderRules.

20430d6 7 Feb 2020

fix change undefined $cspValue to $row in method compileAutomaticCspHeaderRules

nielsnuebel - open - 7 Feb 2020

nielsnuebel - change - 7 Feb 2020

Status

New

⇒

Pending

joomla-cms-bot - change - 7 Feb 2020

Category

⇒

Front End Plugins

nielsnuebel - change - 7 Feb 2020

Title

…

fix change undefined $cspValue to $row in method compileAutomaticCspH…

[4.0]fix change undefined $cspValue to $row in method compileAutomaticCspH…

nielsnuebel - edited - 7 Feb 2020

jwaisner - comment - 7 Feb 2020

@nielsnuebel Please provide test instructions for your PR.

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/27835.}

jwaisner - change - 9 Feb 2020

Labels

Added: ?

richard67 - comment - 11 Feb 2020

@nielsnuebel Could you check @wilsonge 's comment above and implement the suggested change, i.e. change $row->directive to $cspHeaderValue->directive in lines 412 and 418? This should then also solve @zero-24 ' review comment.
P.S.: And provide some testing instructions please.

nielsnuebel - comment - 12 Feb 2020

testing instructions:

go to backend -> system -> Content Security Policy -> Options -> enabled CSP, Mode = Detect
go to site and CSP will be created
go back to backend -> system -> Content Security Policy -> Options -> enabled CSP, Mode = Automatic
go to -> system -> Content Security Policy -> change an item status to published for Example
Set in Global Configuration error_reporting to development and now you will get some errors on frotend and one in the Backend depends #26505

Quy - comment - 13 Feb 2020

Here is var_dump $cspHeaderCollection:

array(3) {
  ["default-src"]=>
  string(64) " 'unsafe-inline' 'unsafe-inline' 'unsafe-inline' 'unsafe-inline'"
  ["script-src"]=>
  string(0) ""
  ["style-src"]=>
  string(0) ""
}

and var_dump $cspHeaderkey:

string(11) "default-src"

Thus, one can assume $cspValue->directive should be $cspHeaderkey

Quy - comment - 11 Mar 2020

Closing in favor of #28318

Quy - close - 11 Mar 2020

Quy - change - 11 Mar 2020

Status	Pending	⇒	Closed
Closed_Date	0000-00-00 00:00:00	⇒	2020-03-11 19:46:13
Closed_By		⇒	Quy
Labels	Added: ? ?

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#27835] - [4.0]fix change undefined $cspValue to $row in method compileAutomaticCspH…

Add a Comment