[#30500] - media path error when options saved
- Closed
- 30 Aug 2020
- Medium
- Build: 3.9.21
- # 30500
Steps to reproduce the issue
Navigate to Content >>> Media ... Options
Change the 'Maximum size'
Save
Expected result
Get message saved
Actual result
Error
Invalid field: Path to Files Folder
Invalid field: Path to Images Folder
System information (as much as possible)
Wamp localhost
Additional comments
This only happens on Wamp localhost not on a remote Host
It happens on fresh 3.9.21 installs and sites updated to 3.9.21
Votes
joomla-cms-bot
- 
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2020-08-28 13:00:25 |
| Closed_By | ⇒ | SharkyKZ |
| Status | Closed | ⇒ | New |
| Closed_Date | 2020-08-28 13:00:25 | ⇒ | |
| Closed_By | SharkyKZ | ⇒ |
@joomla/security Can you take a look at this? What's the logic in checking that path is equal to path put through JPath::clean()?
It is intended to not be out of the root folder for example. What from the path did clean filter that causes the issue?
This line fails because JPath::check() runs path through JPath::clean() and then it's compared to original non-cleaned path:
So any slash/backslash or duplicate slash discrepancies fail here.
So any slash/backslash or duplicate slash discrepancies fail here.
yes when it is not a valid path right?
It worked before the update. Can you compare how it was before and after the update then fix it?
It worked before the update. Can you compare how it was before and after the update then fix it?
can you show me the value for that field that you use and that cause issues for you?
Vhange value of Maximum Size (in MB) and save or just save. Only fails on wamp localhost not live site or or test site on subdirectory of live site. One user in the forum has reported that it also fails on xampp localhost
yes when it is not a valid path right?
No, it always fails on Windows because slash is used instead of DIRECTORY_SEPARATOR in the rule. Changing this alone is not enough because if value contains a slash (e.g. images/banners) this still fails on Windows even though Windows supports both slashes and backslashes.
Ok will take a look into it.
we could also include a str_replace of / and \ with directory seperator to be sure. What do you think?
No, it always fails on Windows because slash is used instead of
DIRECTORY_SEPARATORin the rule. Changing this alone is not enough because if value contains a slash (e.g.images/banners) this still fails on Windows even though Windows supports both slashes and backslashes.
But it worked upto J3.9.20, it's only emerged since J3.9.21. Spot the difference between the path in J3.9.2.0 and J2.9.21 and that is where the problem is. One of the PR's altered the way the path was written
But it worked upto J3.9.20, it's only emerged since J3.9.21.
Yes with 3.9.21 we added the path validation rule.
So we have to make sure that path validation rule works correctly
I'm just trying to understand what's the purpose of comparing original path with path put through JPath::clean(). Should we just return true if Path::check() passes without throwing exceptions?
Should we just return true if Path::check() passes without throwing exceptions?
That work in that case too. The other check was there to make sure that the path is also passing Path::clean()
@SniperSister @bembelimen can we get your inputs here? Whether we should do that additional check (that has than to be fixed that it passes on valid paths)
Should we just return true if Path::check() passes without throwing exceptions?
Sounds good to me
I can test a patch when one is created.
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2020-08-30 17:32:21 |
| Closed_By | ⇒ | zero-24 |
I had this problem on one of my three websites. I noticed that on the site where the problem occured the configuration.php was set to readonly.
Resetting it did not seem to work. After checking security and comparing it with the other two, it stayed readonly unchecked.
I tried setting configuration.php on the 2nd site to readonly and that also now gave the same error, as did the 3th site, which I did not touch?
Rebooting ,clearing cash, nothing helped. Finnally found this issue, so it seems to happen only in 3.9.21
First site has "images" the other two "images" Checking the media on the first site shows the full system path on the bottom of the browser, the other two just show subfolder name, when present.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30500.
typo, firsts site has "images" not "images"
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30500.
not a typo, backslash disappears after enter.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30500.
Hi @Nubro01 yes this is an know issue that is going to be fixed in the next release. You can apply this change until the next release is out: https://patch-diff.githubusercontent.com/raw/joomla/joomla-cms/pull/30521.diff
Please test PR #30502.