[#38987] - [[4.3] Allow creating of name.min.css
- Fixed in Code Base
- 15 Nov 2022
- Medium
- Build: 4.3-dev
- # 38987
- Diff
- brianteeman:dots
User tests: Successful: Unsuccessful:
Pull Request for Issue # #38455 .
Second attempt - different approach to #38458
Summary of Changes
(?!\.) - don't allow . at start
(?!.*\.\.) - don't allow 2 consecutive dots
(?!.*\.$) - don't allow . at end
[a-zA-Z0-9_.] only allow these characters
It is currently possible to upload a file.min.css, file.min.js, file.asset.json
However it is not possible to rename or create a new file as we had a check to prevent having a . in the name
There really is no need for this restriction. It dates back 10 years to a security fix but it wasn't needed as the rest of the security fix is still valid.
NOTE: This does not add .min.css or .min.js or asset.json to the list of filetypes. They are still just css, js and json but now you can put a dot in the filename
Testing Instructions
-
Create files as below
-
Rename existing files as below
.template
template.
template
template.min
_template
template_
temp_late
9emplate
template9
temp.la.te.
temp..late
Expected result AFTER applying this Pull Request
.template ❌ (note this will be saved as template)
template. ❌
template ✔️
template.min ✔️
_template ✔️
template_ ❌
temp_late ✔️
9emplate ✔️
template9 ✔️
temp.la.te. ❌
temp..late ❌
Link to documentations
Please select:
-
Documentation link for docs.joomla.org:
-
No documentation changes for docs.joomla.org needed
-
Pull Request link for manual.joomla.org:
-
No documentation changes for manual.joomla.org needed
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Administration com_templates Language & Strings |
@brianteeman Maybe you should quote the file names in the testing instructions like we quote code because the underscores are not visible. The text is shown in italics instead. At least that's what I see on GitHub.
@richard67 thanks - I didnt spot that - I have updated it now
Drone errors are unrelated to this PR
| Labels |
Added:
Language Change
PR-4.3-dev
|
||
I have tested this item
.something
template.
template
template.min
template
**template
temp_late
9emplate
template9
temp.la.te.
temp..late
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/38987.
I have tested this item
Saving .tada.css will not fail, but save as tada.css (on Windows system).
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/38987.
I have tested this item
Saving .tada.css will not fail, but save as tada.css (on Windows system).
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/38987.
Saving .tada.css will not fail, but save as tada.css (on Windows system).
That's the same before this PR. There is other validation taking place elsewhere
I have tested this item
Thank you Brian!
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/38987.
| Status | Pending | ⇒ | Ready to Commit |
RTC
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/38987.
| Labels |
Added:
?
|
||
| Status | Ready to Commit | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2022-11-15 18:59:29 |
| Closed_By | ⇒ | obuisard |
Thank you Brian @brianteeman for the PR!
Thank you. Now just needs the tinymce.min.css pr to be merged
Thank you. Now just needs the tinymce.min.css pr to be merged
@brianteeman You mean this one #39124 ? Or a new one which is to be created?
yes thats the one
That's for 4.2-dev. So it would not only need to be merged but also to be merged up afterwards.
well it needs to be tested as well ;)
//cc @joomla/security in case you want to review. Not a blocker for them to review though - I think this looks fine in my eyes