User tests: Successful: Unsuccessful:
Pull Request for Issue #29519 .
Same as PR #29567 is for staging, but here for 4.0.
This Pull Request (PR) changes the special security check when using a remote database server to allow port numbers to be used in the host name.
The database drivers already seem to support that at least for hostnames and IPv4 addresses.
With IPv6 I'm not sure yet (the address should be enclosed in square brackets to distinguish the colon to separate the port from the colons in the IPv6 address).
On a clean, current current 4.0-dev branch or 4.0 Beta 1 or latest 4.0 nightly build, apply the patch for this PR.
Make a new installation.
When coming to the database part, fill in correct data and use either "localhost", "127.0.0.1" or "::1" (the latter only if IPv6 works) as database host, together with the port number on which the database server works, which normally is 3306 for MySQL or MariaDB and 5432 for PostgreSQL, i.e. use as database host
Start the installation.
Result: There is no extra security check using a temporary file, the installation works as usual when using a local database host.
Clear the session cookie or close the browser window so the next test starts with a new session.
Repeat the previous steps 1 to 4, i.e. make again a new installation using another empty database or creating another nerw one, but this time don't use a port number, and in case of IPv6 leave away the square brackets.
Result: There is again no extra security check using a temporary file, the installation works.
Clear the session cookie or close the browser window so the next test starts with a new session.
Repeat step 6, i.e. make again a new installation using another empty database or creating another nerw one, but this time use something else than "localhost" or "127.0.0.1"or "::1", e.g. use the real computer name of that server and make sure it can be resolved to an IP address e.g. by adding it to the local hosts file ("c:\windows\system32\drivers\etc\hosts" on Windows or "/etc/hosts" on Linux). It's ok if this resolves to 127.0.0.1, too, it just needs a different name than the ones listed before. Use a port number like in the first installation.
Result: This time there is extra security check using a temporary file, the installation works.
Clear the session cookie or close the browser window so the next test starts with a new session.
Repeat step 8, but this time don't use a port number.
Result: Again there is extra security check using a temporary file, the installation works.
No security check when using "localhost:1234", "127.0.0.1:1234" or "[::1]:1234" as database host, with "1234" being the port number on which that server works.
No security check when using "localhost", "127.0.0.1" or "::1" as database host.
Security check when using something else than "localhost", "127.0.0.1" or "::1" with or without port number as database host.
Security check when using "localhost:1234", "127.0.0.1:1234" or "[::1]:1234" as database host, with "1234" being the port number on which that server works, as if it was a remote host.
No security check when using "localhost", "127.0.0.1" or "::1" as database host.
Security check when using something else than "localhost", "127.0.0.1" or "::1" with or without port number as database host.
Don't think so, but am not 100% sure.
Status | New | ⇒ | Pending |
Category | ⇒ | Installation |
Labels |
Added:
?
|
I have tested this item
MySQL 8.0.19
MariaDB 10.4.10
Status | Pending | ⇒ | Ready to Commit |
rtc
Can you fix the conflict please :)
yes ... they were expected by the way ;-)
Labels |
Added:
?
|
Done.
Status | Ready to Commit | ⇒ | Fixed in Code Base |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2020-06-12 22:56:20 |
Closed_By | ⇒ | wilsonge |
Thanks!
I have tested this item✅ successfully on 942798e
Tested successfully in Joomla 4.0.0-beta2-dev of 11 May. Using IPv4, no PostgreSQL.
Environment: Wampserver 3.2.2 Apache 2.4.43a MySQL 8.0.20 MariaDB 10.4.13 PHP 7.4.7
MySQL: MySQLi, MySQL (PDO) localhost:3308, localhost
MariaDB: MySQL (PDO) databaseserver, databaseserver:3306
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/29568.