Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#42615] - Update SiteRouter.php - check $force_ssl non type safe

RTC bug PR-4.4-dev Pending

User tests: Successful: Unsuccessful:

avatar sba
sba
5 Jan 2024

Summary of Changes

When updateing joomla from joomla 3 to joomla 4.4 the value in cofiguration.php is still saved with public $force_ssl = '2' instead of public $force_ssl = 2. If set as string, the force_ssl setting has no effect, the redirection to https is not working.

Furthermore, the cli command '/cli/joomla.php config:set force_ssl=2' also sets the configuration.php to public $force_ssl = '2'.

The change should have no further effect, everywhere else in the code force_ssl is checked non type-safe.

Testing Instructions

Joomla 4.4.1
Run '/cli/joomla.php config:set force_ssl=2' and you will get public $force_ssl = '2'; in configuration.php

Actual result BEFORE applying this Pull Request

redirection to https is not wotking, site loads with http://...

Expected result AFTER applying this Pull Request

Force SSL is working, when opening with http://... the site is redirected to https://...

Link to documentations

Please select:

  • No documentation changes for docs.joomla.org needed
  • No documentation changes for manual.joomla.org needed
avatar sba sba - open - 5 Jan 2024
avatar sba sba - change - 5 Jan 2024
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 5 Jan 2024
Category Libraries
avatar richard67 richard67 - change - 5 Jan 2024
The description was changed
avatar richard67 richard67 - edited - 5 Jan 2024
avatar rdeutz
rdeutz - comment - 6 Jan 2024

We should make sure the value is saved properly and not rely on the type converting of PHP

avatar richard67
richard67 - comment - 6 Jan 2024

We should make sure the value is saved properly and not rely on the type converting of PHP

@rdeutz I agree, but it seems this would require a bigger change, see discussion in the other PR #42618 . And we would still have the problem when someone updates from J3 and has never edited global configuration in backend so we still have ALL values as strings in configuration.php. That's why we currently either cast the values when reading or we don't do a type safe comparison. So I think this PR here is the right fix for now, possibly with a small change like I suggested above.

avatar sba sba - change - 7 Jan 2024
Labels Added: bug PR-4.4-dev
avatar richard67 richard67 - test_item - 7 Jan 2024 - Tested successfully
avatar richard67
richard67 - comment - 7 Jan 2024

I have tested this item ✅ successfully on a0520bc

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/42615.

avatar sba sba - change - 8 Jan 2024
The description was changed
avatar sba sba - edited - 8 Jan 2024
avatar viocassel viocassel - test_item - 8 Jan 2024 - Tested successfully
avatar viocassel
viocassel - comment - 8 Jan 2024

I have tested this item ✅ successfully on a0520bc

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/42615.

avatar richard67 richard67 - change - 8 Jan 2024
Status Pending Ready to Commit
avatar richard67
richard67 - comment - 8 Jan 2024

RTC

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/42615.

avatar MacJoom MacJoom - change - 10 Jan 2024
Labels Added: RTC
avatar MacJoom MacJoom - change - 10 Jan 2024
Status Ready to Commit Fixed in Code Base
Closed_Date 0000-00-00 00:00:00 2024-01-10 17:16:24
Closed_By MacJoom
avatar MacJoom MacJoom - close - 10 Jan 2024
avatar MacJoom MacJoom - merge - 10 Jan 2024

Add a Comment

Login with GitHub to post a comment