Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#32087] - Make sure the URL installer does not allow other schemas then http and https

? ? ? Pending

User tests: Successful: Unsuccessful:

avatar zero-24
zero-24
19 Jan 2021

Pull Request for an Issue raised to the JSST.

Summary of Changes

Make sure the URL installer does not allow other schemas then http and https

Testing Instructions

  • Try to install an extension form this url: ftp://joomla.zip
  • Joomla tires to contact an FTP server
  • apply this patch
  • try ftp://joomla.zip again.
  • There is now a dedicated message and we dont try to contact an FTP server
  • make sure that extension installation from URL still works as before.

Actual result BEFORE applying this Pull Request

There is an message but we still try to contact the FTP server

Expected result AFTER applying this Pull Request

There is now a dedicated message and we dont try to contact an FTP server

Documentation Changes Required

none

avatar zero-24 zero-24 - open - 19 Jan 2021
avatar zero-24 zero-24 - change - 19 Jan 2021
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 19 Jan 2021
Category Administration com_installer Language & Strings Front End Plugins
avatar zero-24 zero-24 - change - 19 Jan 2021
Labels Added: ? ?
avatar toivo toivo - test_item - 20 Jan 2021 - Tested successfully
avatar toivo
toivo - comment - 20 Jan 2021

I have tested this item successfully on eae250f

Tested successfully in 3.9.25-dev of 20 January using PHP 8.0.1.

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32087.

avatar gostn gostn - test_item - 20 Jan 2021 - Tested successfully
avatar gostn
gostn - comment - 20 Jan 2021

I have tested this item successfully on eae250f

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32087.

avatar PhilETaylor
PhilETaylor - comment - 21 Jan 2021

Lol when I reported this years ago I was told it was a non-problem and only idiots would try to use a non http prefix ...

avatar zero-24
zero-24 - comment - 21 Jan 2021

Lol when I reported this years ago I was told it was a non-problem and only idiots would try to use a non http prefix ...

Well its still not handled as security issue but it was reported as one. ;) Given that we had some kind of not working JS "validation" we choose to move this forward to the public tracker and get it fixed anyway.

avatar richard67 richard67 - test_item - 24 Jan 2021 - Tested successfully
avatar richard67
richard67 - comment - 24 Jan 2021

I have tested this item successfully on e393a65

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32087.

avatar gostn gostn - test_item - 24 Jan 2021 - Tested successfully
avatar gostn
gostn - comment - 24 Jan 2021

I have tested this item successfully on e393a65

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32087.

avatar richard67 richard67 - change - 24 Jan 2021
Status Pending Ready to Commit
avatar richard67
richard67 - comment - 24 Jan 2021

RTC

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32087.

avatar drmenzelit drmenzelit - close - 24 Jan 2021
avatar drmenzelit drmenzelit - merge - 24 Jan 2021
avatar drmenzelit drmenzelit - change - 24 Jan 2021
Status Ready to Commit Fixed in Code Base
Closed_Date 0000-00-00 00:00:00 2021-01-24 15:54:08
Closed_By drmenzelit
Labels Added: ?
avatar drmenzelit
drmenzelit - comment - 24 Jan 2021

Thanks

avatar zero-24
zero-24 - comment - 24 Jan 2021

Thanks @drmenzelit

Add a Comment

Login with GitHub to post a comment