Feeling Lucky
?
[#29695] - [4.0] TODO Abort if installer hash not validated
- Closed
- 13 Jul 2020
- Medium
- Build: staging
- # 29695
Steps to reproduce the issue
Not a bug - but on code review, this change should now be activated in Joomla 4 (according to the note) to increase the security of Joomla 4 and installing extensions.
When installing an extension in Joomla 4 with an invalid hash, installation should "abort" apparently
// The validation was not successful. Just a warning for now.
// TODO: In Joomla 4 this will abort the installation
if ($check === InstallerHelper::HASH_NOT_VALIDATED)
{
$app->enqueueMessage(Text::_('COM_INSTALLER_INSTALL_CHECKSUM_WRONG'), 'error');
}and
// The validation was not successful for now just a warning.
// TODO: In Joomla 4 this will abort the installation
if ($result['check'] === false)
{
$message = Text::_('COM_JOOMLAUPDATE_VIEW_UPDATE_CHECKSUM_WRONG');
$messageType = 'warning';
try
{
Log::add($message, Log::INFO, 'Update');
}
catch (\RuntimeException $exception)
{
// Informational log only
}
}Expected result
Joomla 4 should "abort the installation"
Actual result
Joomla 4 just shows a "a warning for now"
System information (as much as possible)
Additional comments
joomla-cms-bot
- | Labels |
Added:
?
|
||
alikon
- comment
- 12 Jul 2020
@joomla/bug-squad please don't close this one till #30076 is a draft
richard67
- comment
- 12 Jul 2020
Both of my alternatives mean the same, but the opposite to what you wrote.
alikon
- comment
- 12 Jul 2020
grr damned english
richard67
- comment
- 12 Jul 2020
Chinese would be harder ;-)
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2020-07-13 16:51:24 |
| Closed_By | ⇒ | alikon |
@PhilETaylor can you give some feedback on #30076