Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#32076] - Add path filter to joomla updates download process for the temp folder

? ? Pending

User tests: Successful: Unsuccessful:

avatar zero-24
zero-24
18 Jan 2021

Summary of Changes

The JSST has been contacted about an missing path filter whithin the joomla download process. Given that an successfull attack requires a Super User access to change the tmp path setting and also to trigger the update itself the JSST decided to move this patch to the public tracker.

Testing Instructions

Actual result BEFORE applying this Pull Request

The upgrade works as expected

Expected result AFTER applying this Pull Request

The upgrade works as expected

Documentation Changes Required

none

avatar zero-24 zero-24 - open - 18 Jan 2021
avatar zero-24 zero-24 - change - 18 Jan 2021
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 18 Jan 2021
Category Administration com_joomlaupdate
avatar nibra
nibra - comment - 18 Jan 2021

You can then replace the whole switch statement with
$result = parent::clean($source, $type);

avatar zero-24
zero-24 - comment - 18 Jan 2021

Right even better ?

avatar zero-24 zero-24 - change - 19 Jan 2021
Labels Added: ?
avatar richard67
richard67 - comment - 24 Jan 2021

@zero-24 Shall we test this, or shall we wait until the Todo's are done? If test: Could you add the missing link to an update package in the testing instructions (currently "(to be generated)")?

avatar zero-24
zero-24 - comment - 24 Jan 2021

This has to wait for the archive package to be merged and the path filter patched as noted above. The package i mean is the one generated by drone.

avatar joomla-cms-bot joomla-cms-bot - change - 26 Jan 2021
Category Administration com_joomlaupdate Administration com_joomlaupdate Libraries
avatar zero-24 zero-24 - change - 27 Jan 2021
The description was changed
avatar zero-24 zero-24 - edited - 27 Jan 2021
avatar richard67 richard67 - change - 27 Jan 2021
The description was changed
avatar richard67 richard67 - edited - 27 Jan 2021
avatar richard67 richard67 - change - 29 Jan 2021
The description was changed
avatar richard67 richard67 - edited - 29 Jan 2021
avatar richard67
richard67 - comment - 29 Jan 2021

@zero-24 I've updated in the description the link to the update package for this PR so it points to the latest build.

avatar richard67
richard67 - comment - 29 Jan 2021

Test on Linux was ok, but on Windows it was failing. See joomla-framework/filter#40 for the fix in the framework package.

avatar richard67
richard67 - comment - 1 Feb 2021

Now we have to wait for #32206 to be merged.

avatar zero-24
zero-24 - comment - 1 Feb 2021

I have just merged the filter package and updated the branch here so this is ready to be tested again.

avatar richard67 richard67 - change - 1 Feb 2021
The description was changed
avatar richard67 richard67 - edited - 1 Feb 2021
avatar richard67
richard67 - comment - 1 Feb 2021

I've updated in the description the link to the update package for this PR so it points to the latest build.

avatar zero-24
zero-24 - comment - 1 Feb 2021

I've updated in the description the link to the update package for this PR so it points to the latest build.

Thanks was about to do that too as we have to wait for it to be generated?

avatar richard67
richard67 - comment - 1 Feb 2021

I had to do it again because I had to restart drone.

avatar richard67 richard67 - change - 1 Feb 2021
The description was changed
avatar richard67 richard67 - edited - 1 Feb 2021
avatar richard67 richard67 - test_item - 1 Feb 2021 - Tested successfully
avatar richard67
richard67 - comment - 1 Feb 2021

I have tested this item successfully on adab40b

Tested with 2 server environments, one Linux with PHP 7.3, and one Windows with PHP 7.4.

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32076.

avatar richard67 richard67 - change - 2 Feb 2021
The description was changed
avatar richard67 richard67 - edited - 2 Feb 2021
avatar richard67
richard67 - comment - 2 Feb 2021

@zero-24 I've removed the "Todo's" section from the description because that stuff has been done meanwhile.

avatar chmst chmst - test_item - 2 Feb 2021 - Tested successfully
avatar chmst
chmst - comment - 2 Feb 2021

I have tested this item successfully on adab40b

Tested on win10, with php8, following the testing instructions

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32076.

avatar richard67 richard67 - change - 2 Feb 2021
Status Pending Ready to Commit
avatar richard67
richard67 - comment - 2 Feb 2021

RTC

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32076.

avatar richard67
richard67 - comment - 2 Feb 2021

@zero-24 Could you check @Quy 's suggestion above and fix it? #32076 (comment) . It will not change RTC status.

avatar zero-24 zero-24 - change - 2 Feb 2021
Labels Added: ?
avatar zero-24
zero-24 - comment - 2 Feb 2021

@zero-24 Could you check @Quy 's suggestion above and fix it? #32076 (comment) . It will not change RTC status.

Moved with: ce05326

avatar richard67 richard67 - alter_testresult - 2 Feb 2021 - richard67: Tested successfully
avatar richard67 richard67 - alter_testresult - 2 Feb 2021 - chmst: Tested successfully
avatar richard67
richard67 - comment - 2 Feb 2021

Previous tests are still valid since last change after tests was code style only. I've restored the test results in the tracker.

avatar HLeithner HLeithner - change - 3 Feb 2021
Status Ready to Commit Fixed in Code Base
Closed_Date 0000-00-00 00:00:00 2021-02-03 11:18:50
Closed_By HLeithner
avatar HLeithner HLeithner - close - 3 Feb 2021
avatar HLeithner HLeithner - merge - 3 Feb 2021
avatar HLeithner
HLeithner - comment - 3 Feb 2021

Thanks

Add a Comment

Login with GitHub to post a comment