Joomla! Issue Tracker | Joomla! CMS #30057 - [3+] handle blank $root

? ?

Closed
17 Aug 2020
Medium
Build: staging
# 30057
Diff
PhilETaylor:rootuser3

Pending

Pending Hound Hound is busy sniffing around... Details

User tests: Successful: Unsuccessful:

PhilETaylor
8 Jul 2020

Closes #30051

Summary of Changes

only shows message when $root_user has an actual value and not when $root_user = ''; in configuration.php

Same fix needs to bubble up to Joomla 4 as Joomla 4 has the same bug.

Testing Instructions

Install Joomla 3
manually edit /configuration.php and create class property of

	public $root_user = '';

visit /administrator/ when logged out

Actual result BEFORE applying this Pull Request

Expected result AFTER applying this Pull Request

Documentation Changes Required

none

1b983cb 8 Jul 2020

handle blank $root_user correctly

PhilETaylor - open - 8 Jul 2020

PhilETaylor - change - 8 Jul 2020

Status

New

⇒

Pending

joomla-cms-bot - change - 8 Jul 2020

Category

⇒

Libraries

a3a7212 8 Jul 2020

simplify further

PhilETaylor - change - 8 Jul 2020

Labels

Added: ?

toivo - test_item - 9 Jul 2020 - Tested successfully

toivo - comment - 9 Jul 2020

I have tested this item ✅ successfully on a3a7212

Testted successfully in 3.9.20-dev of 9 July.

WIndows 10 Wampserver 3.2.2 Apache 2.4.43 MySQL 8.0.20 PHP 7.4.7

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30057.}

Quy - test_item - 9 Jul 2020 - Tested successfully

Quy - comment - 9 Jul 2020

I have tested this item ✅ successfully on a3a7212

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30057.}

Quy - change - 9 Jul 2020

Status

Pending

⇒

Ready to Commit

Quy - comment - 9 Jul 2020

RTC

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30057.}

HLeithner - comment - 17 Aug 2020

I think the current behavior is correct because we unset the property and don't want that is set at all.

PhilETaylor - comment - 17 Aug 2020

I think the current behavior is correct

The current behaviour states "you are logged in" - which is factually incorrect.

The current behaviour displays a security based message to the public before authentication has taken place

For those reasons alone this PR is acceptable to be merged.

Also remember that this $root_suer has to be set manually, so also has to be removed manually. Leaving $root_user = ''; should not be the same as $root_user = 'admin';, it should be the same as removing the property completely.

This PR is already RTC... up to you if you merge it or yet more wasted time on presumptive PRs and people testing.

HLeithner - comment - 17 Aug 2020

Documentation says you have to delete this line, actually the error message get only displayed if you set an empty root_user.

I will not change this behavior this class property should not exists on a production site.

Thanks for you contribution.

HLeithner - change - 17 Aug 2020

Status	Ready to Commit	⇒	Closed
Closed_Date	0000-00-00 00:00:00	⇒	2020-08-17 11:19:36
Closed_By		⇒	HLeithner
Labels	Added: ?

HLeithner - close - 17 Aug 2020

PhilETaylor - comment - 17 Aug 2020

Your faith in people reading correctly documentation and accurately following it is misplaced, after all, this issue would not have been reported to me by "a normal user" if they had read, and had followed the documentation as written.

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#30057] - [3+] handle blank $root_user correctly

Summary of Changes

Testing Instructions

Actual result BEFORE applying this Pull Request

Expected result AFTER applying this Pull Request

Documentation Changes Required

Add a Comment