[#32664] - tags removed when Template Configuration is saved
- Closed
- 14 Mar 2021
- Medium
- Build: 3.9.25
- # 32664
Steps to reproduce the issue
The Template I'm using allows the inclusion of custom code to be inserted at various points eg after head tag. Anything enclosed in <> is stripped off when the template config is saved eg <script>
It's not specific to the template I'm using as the same issue exists in the template Beez. If you change the default Site Title from Joomla! to <Joomla!> This results in an empty Site Title.
Expected result
Anything enclosed in <> should be retained
Actual result
Anything enclosed in <> is stripped upon save
System information (as much as possible)
Joomla 3.9.25 PHP 7.4.15 mysql 5.6.51
Additional comments
I've tested this on 3 different websites on 2 different hosting services and I get the same result
joomla-cms-bot
- 
That's not a particularly good situation - I'm sure there are many Templates that allow for the insertion of code for Meta data, Google Tag manager, OG Tags etc. These are now all stripped out if the template is modified. Storing the template config in the template_styles table would seem to be the by design solution.
This has literally broken 100 or so websites that I look after.
I don't see the security risk. If website developers and/or owners want to do this it should be their choice to do so.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32664.
The beez template field that you refer to has a "string" filter on the input and it has done so for at least 4 years. So you are trying to taste an orange by biting an apple.
If your template has any input fields you should check and see what filter is set. That's where your problem lies.
You can find the list and definition of filters here https://docs.joomla.org/Retrieving_request_data_using_JInput#Available_Filters
Thanks - I understand the Input Filtering and I can see how Beez is different to what I'm seeing with the template I'm using.
I've been using the same template facility since Joomla 2.5 and never had this problem before. I have and old disused site running Joomla 3.9.19 that I just fired up and it works perfectly i.e. if you save the Template Config which is stored in the template_styles table it works perfectly. Any sites running 3.9.25 have this issue.
Something in the save template config area has changed in one of the latter versions of Joomla that is causing the problem. Its not an issue with the template. Having said that the Template mechanism may need to updated to suit a new regime in Joomla - but what has changed?
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32664.
I have spent some time testing J3.9.22 J3.9.23 J3.9.24 and J3.9.25 and I've confirmed the change was made in J3.9.25. Versions 22, 23 and 24 all work perfectly, Version 25 introduces the erroneous change.
I haven't as yet figured out exactly what has changed that is causing the problem but I see that Filtering has been applied in some of the files.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32664.
rdeutz
- | Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2021-03-14 09:06:44 |
| Closed_By | ⇒ | rdeutz |
This is by design for security purposes