Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#45225] - [5.4] Prevent HTML warnings in Joomla API response

bug PR-5.4-dev Pending

User tests: Successful: Unsuccessful:

avatar srikishore5727
srikishore5727
26 Mar 2025

Fix #41929: Prevent HTML warnings in Joomla API response

Pull Request for Issue #41929.

Summary of Changes

This pull request addresses a critical issue in the CMSApplication::login method where the $authorisations variable is assumed to always be an array. If this assumption is violated (e.g., due to a plugin returning invalid data), it can cause runtime errors during iteration. Additionally, invalid authorisation objects were not being handled gracefully, leading to potential application crashes.

The following changes have been implemented:

  1. Validation of $authorisations: Added a check to ensure $authorisations is an array before iterating over it. If it is not, a warning is logged, and $authorisations is set to an empty array to prevent further issues.
  2. Validation of authorisation objects: Added a check to ensure each authorisation object has the required status property. If the object is invalid, a warning is logged.
  3. Improved Logging: Added detailed log messages to help developers debug issues related to invalid data structures.
  4. Stability Improvements: Ensured the application remains stable even when unexpected data structures are encountered.

These changes improve the robustness of the login process and prevent runtime errors caused by invalid data.

Testing Instructions

  1. Setup a Test Environment:

    • Use a local Joomla CMS installation or a staging environment.
    • Ensure the CMSApplication class is being used in the application.

  2. Simulate Login Scenarios:

    • Test with valid credentials to ensure the login process works as expected.
    • Test with invalid credentials to verify that the error handling works.
    • Simulate scenarios where $authorisations is not an array (e.g., by mocking the Authentication::authorise method to return invalid data).

  3. Check Logs:

    • Verify that warnings are logged in the Joomla log files (logs/joomla.log.php) when $authorisations is invalid or when an invalid authorisation object is encountered.

Actual result BEFORE applying this Pull Request

  • Runtime errors occur if $authorisations is not an array.
  • Invalid authorisation objects are not handled gracefully, leading to potential application crashes.
  • Debugging such issues is difficult due to the lack of detailed log messages.

Expected result AFTER applying this Pull Request

  • The login process handles invalid $authorisations gracefully by logging warnings and defaulting to an empty array.
  • Invalid authorisation objects are skipped, and warnings are logged for debugging purposes.
  • The application remains stable even when unexpected data structures are encountered.

Link to documentations

Please select:

  • No documentation changes for docs.joomla.org needed
  • No documentation changes for manual.joomla.org needed

Pull Request Link: #41929: Prevent HTML warnings in Joomla API response

avatar srikishore5727 srikishore5727 - open - 26 Mar 2025
avatar srikishore5727 srikishore5727 - change - 26 Mar 2025
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 26 Mar 2025
Category Libraries
avatar srikishore5727 srikishore5727 - change - 26 Mar 2025
The description was changed
avatar srikishore5727 srikishore5727 - edited - 26 Mar 2025
avatar srikishore5727 srikishore5727 - change - 26 Mar 2025
The description was changed
avatar srikishore5727 srikishore5727 - edited - 26 Mar 2025
avatar srikishore5727 srikishore5727 - edited - 26 Mar 2025
avatar srikishore5727 srikishore5727 - change - 26 Mar 2025
The description was changed
avatar srikishore5727 srikishore5727 - edited - 26 Mar 2025
avatar srikishore5727 srikishore5727 - change - 26 Mar 2025
The description was changed
avatar srikishore5727 srikishore5727 - edited - 26 Mar 2025
avatar fgsw
fgsw - comment - 26 Mar 2025

@srikishore5727 Please change in the title "Fix #41929:" to "[5.2]".

avatar srikishore5727 srikishore5727 - change - 28 Mar 2025
Title
Fix #41929: Prevent HTML warnings in Joomla API response
[5.2] Prevent HTML warnings in Joomla API response
avatar srikishore5727 srikishore5727 - edited - 28 Mar 2025
avatar HLeithner
HLeithner - comment - 15 Apr 2025

This pull request has been automatically rebased to 5.3-dev.

avatar HLeithner HLeithner - change - 15 Apr 2025
Title
[5.2] Prevent HTML warnings in Joomla API response
[5.3] Prevent HTML warnings in Joomla API response
avatar HLeithner HLeithner - edited - 15 Apr 2025
avatar HLeithner
HLeithner - comment - 15 Oct 2025

This pull request has been automatically rebased to 5.4-dev.

avatar richard67 richard67 - change - 2 Nov 2025
Labels Added: bug PR-5.3-dev
avatar richard67 richard67 - change - 2 Nov 2025
Title
[5.3] Prevent HTML warnings in Joomla API response
[5.4] Prevent HTML warnings in Joomla API response
avatar richard67 richard67 - edited - 2 Nov 2025
avatar richard67 richard67 - change - 2 Nov 2025
Labels Added: PR-5.4-dev
Removed: PR-5.3-dev
avatar richard67
richard67 - comment - 2 Nov 2025

@srikishore5727 I've allowed myself to apply necessary code style fixes. You can expand the latest 3 resolved conversations to see the details.

Update: I've also fixed the PHPstan errors, see 4 resolved comments below.

Add a Comment

Login with GitHub to post a comment