Feeling Lucky
No Code Attached Yet
[#44006] - Bug fix not in Joomla 5 and 6
- Closed
- 14 Sep 2024
- Critical
- Build: > J4
- # 44006
Hi,
I made a router fix last year. But the fix was only checked into J4. It is not in all later version.
Can someone who is familiar with the github system please create a pool to check into all later release?
Thank you!
The function is getInstance($uri = 'SERVER') in file libraries/src/Uri/Uri.php
public static function getInstance($uri = 'SERVER')
{
if (empty(static::$instances[$uri])) {
// Are we obtaining the URI from the server?
if ($uri === 'SERVER') {
// Determine if the request was over SSL (HTTPS).
if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) !== 'off')) {
$https = 's://';
} elseif (
(isset($_SERVER['HTTP_X_FORWARDED_PROTO'])
&& !empty($_SERVER['HTTP_X_FORWARDED_PROTO'])
&& (strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) !== 'http'))
) {
$https = 's://';
} else {
$https = '://';
}
/*
* Since we are assigning the URI from the server variables, we first need
* to determine if we are running on apache or IIS. If PHP_SELF and REQUEST_URI
* are present, we will assume we are running on apache.
*/
if (!empty($_SERVER['PHP_SELF']) && !empty($_SERVER['PATH_INFO']) && !empty($_SERVER['QUERY_STRING'])) {
// Convert browser url to uqery string url according to ReWrite rule
$theURI = 'http' . $https . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'] . $_SERVER["PATH_INFO"] . '?' . $_SERVER['QUERY_STRING'];
} else if (!empty($_SERVER['PHP_SELF']) && !empty($_SERVER['REQUEST_URI'])) {
// To build the entire URI we need to prepend the protocol, and the http host
// to the URI string.
$theURI = 'http' . $https . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
} else {
/*
* Since we do not have REQUEST_URI to work with, we will assume we are
* running on IIS and will therefore need to work some magic with the SCRIPT_NAME and
* QUERY_STRING environment variables.
*
* IIS uses the SCRIPT_NAME variable instead of a REQUEST_URI variable... thanks, MS
*/
$theURI = 'http' . $https . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'];
// If the query string exists append it to the URI string
if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) {
$theURI .= '?' . $_SERVER['QUERY_STRING'];
}
}
// Extra cleanup to remove invalid chars in the URL to prevent injections through the Host header
$theURI = str_replace(["'", '"', '<', '>'], ['%27', '%22', '%3C', '%3E'], $theURI);
} else {
// We were given a URI
$theURI = $uri;
}
static::$instances[$uri] = new static($theURI);
}
return static::$instances[$uri];
}
| Labels |
Removed:
?
|
||
joomla-cms-bot
- | Labels |
Added:
No Code Attached Yet
|
||
ChristineWk
- comment
- 31 Aug 2024
@Hackwar
Found this here: #42123 and #42150
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/44006.
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2024-09-14 09:05:23 |
| Closed_By | ⇒ | Hackwar |
Hackwar
- comment
- 14 Sep 2024
As was said, your code never was merged. If you want to try that again, please open a new pull request. Closing this issue now.
All changes from 4.x are also in 5.x/6.0. Can you please write what you changed so that we can understand what you did?