[#34993] - [3.10] Pre update checked fails with Javascript errors because of malformed JSON
- Closed
- 31 Jul 2021
- Medium
- Build: staging
- # 34993
Steps to reproduce the issue
Install 3.10 RC1 and launch the Pre Update checker with an extension having a title or image logo within the name
Expected result
No errors
Actual result
Pre update checker totally broken because of malformed json
Update the file root/administrator/components/com_joomlaupdate/views/default/tmpl/default_preupdatecheck.php
to add JSON_HEX_APOS|JSON_HEX_QUOT at line 17
JFactory::getDocument()->addScriptDeclaration("var nonCoreCriticalPlugins = '" . json_encode($this->nonCoreCriticalPlugins, JSON_HEX_APOS|JSON_HEX_QUOT) . "';");
joomla-cms-bot
- | Labels |
Added:
?
|
||
can you post the link of the extension for testing ?
Or at least the name from the manifest xml and how the name looks in database (e.g. checked with phpMyAdmin).
with an extension having a title or image logo within the name
It correctly fails, the name is expected to be a simple string NOT HTML.
From the docs https://docs.joomla.org/Manifest_files:
<name> – raw component name (e.g. com_banners).
@dgrammatiko actually J4 does not fail because it uses addScriptOptions. Having for example an tag THAT IS HTML in the component title fails. The title is translated through the language file, so it can include ALSO HTML. Various vendors include an img tag for the component logo.
@dgrammatiko do not ignore the problem, it's enough that an HTML tag is there and the Joomla pre updater is totally broken = the user can't update the website
Example string:
COM_XXXMYCOMPONENT="<img src='media/com_xxxmycomponent/logo-16x16.png' /> My component title"
@dgrammatiko do not ignore the problem
I'm not Joomla's representative here, I'm just pointing out that if someone is using HTML in that field the Manifest is INVALID
@dgrammatiko that's not the case, it's not that the Manifest has HTML, it's that the Manifest string can be translated!
COM_XXXMYCOMPONENT="<img src='media/com_xxxmycomponent/logo-16x16.png' /> My component title"
You are hijacking the system as I said before the manifest field IS EXPECTED TO BE TEXT STRING, just because you can hide the HTML markup in the translation strings doesn't make it VALID.
Nobody had never said that it must be a string wihout HTML.
Anyway the problem is not if i'm hijacking ths sytem or not, the problem is that there are already plugins out there having HTML code in that name string and with a simple fix that aligns J3 to J4 we can avoid that the preupdater checker gets broken!!!
I won't answer you once more, if you are interested to avoid a bug take into account my advice, otherwise close immediately this issue.
It really doesn't matter if it was expected to be a plain text string or not.
The fact is that it has been possible to add an icon etc in the title language string for a very long time and something that most site builders will see fairly often. I even have one extension with an icon on one of my sites. There is nothing anywhere that says html markup cannot be used in a language string and the com_languages override form does not prevent it.
Which is the better option. Stick your head in the sands and pass the buck on the extension developer and site owner or accept this bug report and work to find a solution that benefits the users.
I've not had a coffee yet but once I have I will take the 5 minutes to try and replicate the report and then look at making a fix. Which if I have read it correctly has been provided above.
(of course just when I want to test things some of the joomla sites are down)
Fedik
- | Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2021-07-31 07:31:25 |
| Closed_By | ⇒ | Fedik |
can you post the link of the extension for testing ?