? Success

User tests: Successful: Unsuccessful:

avatar yireo
yireo
2 Jun 2014

Within the onUserBeforeSave() event, the user profile data are checked to make sure they are valid. The "website" value is converted into Puny-code, while the DOB (Date-Of-Birth) is converted from whatever-format to MySQL-format. However, the "website" value is only checked for, when the DOB value is set. The patch places the "website" check outside of the "dob" check, and into its own if-structure.

To test this, I've used a workaround to see whether the PHP-line itself was executed. I tried to enter some kind of non-Punycode URL that would be converted into proper Punycode but I have failed with this so far. If somebody else has suggestions for this (so: how to enter a non-Punycode URL for testing purpose) that would be awesome.

To test the code with my hack, just add the following line, right after the line mentioning the Puny-code:
$data['profile']['website'] = 'http://example.com';

Test without patch:

  • Enable the profile plugin so you are able to enter both website as DOB in your profile.
  • Hack the code as mentioned above
  • Enter no DOB, but do add a website URL (not "http://example.com").
  • The website is saved properly.
  • Repeat this, but now enter a DOB and a website URL.
  • The hack should change the URL to "http://example.com".

The test above should show you that the hack of setting the URL to "example.com" is only applied when the DOB is set, and it is not applied when the DOB is not set.

Test with patch:

  • Enable the profile plugin so you are able to enter both website as DOB in your profile.
  • Hack the code as mentioned above
  • Enter no DOB, but do add a website URL (not "http://example.com").
  • The hack should change the URL to "http://example.com".
  • Repeat this, but now enter a DOB and a website URL.
  • The hack should change the URL to "http://example.com".

The test with patch should result into the hack being applied all the time - so changing the URL to "example.com", regardless of whether the DOB is set or not.

The test can be run from either the backend (for any user profile) or the frontend (for only your own profile).

avatar yireo yireo - open - 2 Jun 2014
avatar brianteeman brianteeman - change - 21 Aug 2014
Status New Pending
avatar nicksavov nicksavov - change - 21 Aug 2014
Labels Removed: ?
avatar brianteeman brianteeman - change - 23 Sep 2014
Category Plugins
avatar waader
waader - comment - 14 Jan 2015

Codewise I can follow what you describe here. But I think that no conversion is needed at all as the filter "url" is set for the field "website".

Testing with current staging I enter a IDN URL and no DOB and it is saved punycoded. The same is true when entering a DOB. Reading https://docs.joomla.org/URL_form_field_type suggests to me, that the filter is doing that.

Am I totally wrong?

avatar yireo
yireo - comment - 15 Jan 2015

Ok, if the filter "url" is set for the field "website", then actually the entire line with JStringPunycode::urlToPunycode should be skipped - it would just be code duplication and because the logic already makes no sense, it is best to clean things up. I hope to get to fix my PR soon.

avatar yireo
yireo - comment - 15 Jan 2015

I've now updated the PR to remove the website check entirely because the filter "url" is already there.

avatar waader
waader - comment - 15 Jan 2015

@test work! Thanks yireo!

To test:

  • after applying the patch
  • activate the "user profil"-plugin
  • edit a user in the "user manager" and go to tab "user profile"
  • fill in an IDN-URL in field "Web site"; alternativly also add a DOB
  • check in the database table "_user_profiles", where colum "profil_key" = "profile website"
  • the contents of column "profile_value" should be punycoded
avatar waader waader - test_item - 15 Jan 2015 - Tested successfully
avatar seagul30
seagul30 - comment - 30 Jan 2015

@test works for frontend and backend.

avatar seagul30 seagul30 - test_item - 30 Jan 2015 - Tested successfully
avatar brianteeman brianteeman - change - 30 Jan 2015
Status Pending Ready to Commit
avatar brianteeman
brianteeman - comment - 30 Jan 2015

Thanks for testing - setting RTC


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/3707.
avatar brianteeman brianteeman - change - 30 Jan 2015
Labels Added: ?
avatar roland-d roland-d - change - 1 Feb 2015
Milestone Added:
avatar roland-d roland-d - change - 1 Feb 2015
Milestone Removed:
avatar roland-d
roland-d - comment - 1 Feb 2015

@yireo Can you please update your PR, it no longer applies when I want to commit it. Thanks.

avatar phproberto phproberto - change - 15 Mar 2015
Milestone Added:
avatar phproberto phproberto - change - 15 Mar 2015
Status Ready to Commit Closed
Closed_Date 0000-00-00 00:00:00 2015-03-15 21:41:00
avatar phproberto phproberto - close - 15 Mar 2015
avatar phproberto phproberto - close - 15 Mar 2015
avatar phproberto
phproberto - comment - 15 Mar 2015

Merged. Thanks!

avatar yireo
yireo - comment - 16 Mar 2015

Thanks :)

Add a Comment

Login with GitHub to post a comment