Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#43603] - Custom text field: HTML filter active after migration to J5

No Code Attached Yet
avatar hytsch
hytsch
3 Jun 2024

Steps to reproduce the problem

Create a text custom field in Joomla 3. Insert a text with a special character in an article, for example ‘Price: EUR 10 > million’. save the article. The entered value is displayed correctly. Migrate the website to Joomla 4 and then to Joomla 5.

Expected result

The content in custom fields is displayed correctly.

Actual result

The filter ‘safe HTML’ is applied to the text field mentioned above. This cleans the existing values in custom fields, the above example then reads ‘Price: EUR million’.

System information (as far as possible)

Additional comments

avatar hytsch hytsch - open - 3 Jun 2024
avatar joomla-cms-bot joomla-cms-bot - change - 3 Jun 2024
Labels Added: No Code Attached Yet
avatar joomla-cms-bot joomla-cms-bot - labeled - 3 Jun 2024
avatar hytsch
hytsch - comment - 3 Jun 2024

I assume that it is sufficient to create the custom fields in J4, fill them with content and then migrate them to j5, but I have not been able to test this.

avatar brianteeman
brianteeman - comment - 1 Aug 2024

Need to check with @JSST but I am fairly sure that this is the intended behaviour now to santize the input field otherwise there is a security vulnerability.

cc @SniperSister

avatar SniperSister
SniperSister - comment - 1 Aug 2024

That is indeed intended behavior. J3.x lacked a reasonable filtering settings for com_fields.

avatar brianteeman
brianteeman - comment - 19 Aug 2024

This should be closed as the expected behaviour

avatar Quy Quy - change - 19 Aug 2024
Status New Closed
Closed_Date 0000-00-00 00:00:00 2024-08-19 17:10:05
Closed_By Quy
avatar Quy Quy - close - 19 Aug 2024

Add a Comment

Login with GitHub to post a comment