?
Referenced as Related to: # 4781
avatar Klaasvaak
Klaasvaak
16 Oct 2014

Steps to reproduce the issue

Have the com_redirect plugin activated.
Go to a non-existing URL which is larger than 255 chars. I used an URL which has a length of 373 chars.

The plugin will trigger because there is a 404. It will now check it the URL exists in the redirect table. It does not, so it will add it. The problem here is that it will only add the first 255 chars of the url because the column is of type varchar(255).

When you visit the large URL again the plugin will trigger again as expected. It will check if the link exists in the table. The link does not exist in the table because it only saved the first 255 chars. Now, it will try to insert the URL into the table again. Again, it will use the first 255 chars. This causes an error in MySQL because it is trying to insert a duplicate key. Now the error in Joomla changes from 404 to 1062. Because of this the 404 page is not rendered. The browser will get a 500 error.

Expected result

Because of the column type varchar(255) this can't be solved if this type is not changed. But I still expect to get a 404. Not a 1062 (500 for the browser).

Actual result

Error 500. And no 404 page rendered.

System information (as much as possible)

Redirect plugin version: 3.0.0

Additional comments

For now, in my template override I added a check for jos_redirect_links:
if ($this->error->getCode() == '404' || strpos($this->error->getMessage(), 'jos_redirect_links')) {
// render 404 page
}

if (strpos($this->error->getMessage(), 'jos_redirect_links')) {
// Set to 404
header('HTTP/1.0 404 Not Found');
exit;
}

This renders the 404 page and returns a 404 error to the browser.

Votes

# of Users Experiencing Issue
2/2
Average Importance Score
3.00

avatar Klaasvaak Klaasvaak - open - 16 Oct 2014
avatar nicksavov nicksavov - change - 16 Oct 2014
Labels Added: ?
avatar tristanbailey
tristanbailey - comment - 17 Oct 2014

I have just tested this one and it does chop the url at 255.

I would see it as a security bug too as the error message is being dumped into the status code as well as on page

First try:
404 Category not found

Status Code I get is this when added the long redirect:
1062 Duplicate entry 'http://109.73.224.4/index.php/en/discoveradventure.com/joomla/te' for key 'idx_link_old' SQL=INSERT INTO j_redirect_links (old_url,new_url,referer,comment,hits,published,created_date) VALUES ('http://109.73.224.4/index.php/en/discoveradventure.com/joomla/templates/joostrap/font/din/bold/DINWeb-Bold/2discoveradventure.com/joomla/templates/joostrap/font/din/bold/DINWeb-Bold/3discoveradventure.com/joomla/templates/joostrap/font/din/bold/DINWeb-Bold/4discoveradventure.com/joomla/templates/joostrap/font/din/bold/DINWeb-Bold', '' ,'', '',1,0, '2014-10-17 05:35:37')



This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/4692.

avatar tristanbailey
tristanbailey - comment - 17 Oct 2014

As an extra note the code 1062 is a mysql error #1062 - Duplicate entry for key. Just to show it is not a status for the page Joomla has created, but the error message instead.



This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/4692.

avatar aDaneInSpain
aDaneInSpain - comment - 17 Oct 2014

The field should be changed from VARCHAR to TEXT

avatar brianteeman
brianteeman - comment - 17 Oct 2014

@aDaneInSpain want to do a PR for that? Please

avatar tristanbailey
tristanbailey - comment - 17 Oct 2014

Should it also be looked at that the error message went in to the status code or is that a separate task?

Happy to check it if you do a PR as I am not sure where you do DB changes to do one. Would you change the set up scripts?

avatar Kixo
Kixo - comment - 17 Oct 2014

are you working on this @tristanbailey if not I can take this one

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/4692.

avatar aDaneInSpain
aDaneInSpain - comment - 17 Oct 2014

@brianteeman I did not do it as I am not sure how DB changes are made. I suppose in the install SQL but I expect that there should also be an upgrade SQL file that alters the table.

avatar brianteeman
brianteeman - comment - 17 Oct 2014

Yes thats right. I dont know how either but I thought I would ask you ;)

On 17 October 2014 12:44, Søren Beck Jensen notifications@github.com
wrote:

@brianteeman https://github.com/brianteeman I did not do it as I am not
sure how DB changes are made. I suppose in the install SQL but I expect
that there should also be an upgrade SQL file that alters the table.


Reply to this email directly or view it on GitHub
#4692 (comment).

Brian Teeman
Co-founder Joomla! and OpenSourceMatters Inc.
http://brian.teeman.net/

avatar tristanbailey
tristanbailey - comment - 17 Oct 2014

@Kixo go ahead I will be interested in the coding for how you fix it but should be only 2-3 lines of SQL at the core.

avatar Kixo
Kixo - comment - 17 Oct 2014

ok

after some reading up I found up that maximum allowed URL in IE is 2083, other browsers allow much higher numbers, even over 100.000, but we must stand with the lowest one, so I set it up for 2083.
Example description here: http://www.boutell.com/newfaq/misc/urllength.html

In this PR I have removed unique constraint. When we insert new row we are actually doing this check inside of the Joomla code, so this is not needed. And it was making a trouble because maximum varchar key for unique key is 767. So while removing it for mysql, I removed it for all DBs because as stated above, it is not needed.

Please check this code against Postgre and sqlazure if possible.

#4781


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/4692.

avatar aDaneInSpain
aDaneInSpain - comment - 17 Oct 2014

Hmm.... did not know you could make varchar over 255. Nice to know, thanks.

avatar jissues-bot jissues-bot - close - 17 Oct 2014
avatar zero-24 zero-24 - close - 17 Oct 2014
avatar zero-24 zero-24 - change - 17 Oct 2014
Status New Closed
avatar zero-24
zero-24 - comment - 17 Oct 2014

closing as we have a PR by Kixo: http://issues.joomla.org/tracker/joomla-cms/4781

avatar jissues-bot
jissues-bot - comment - 17 Oct 2014

Set to "closed" on behalf of @zero-24 by The JTracker Application at issues.joomla.org/joomla-cms/4692

avatar jissues-bot jissues-bot - change - 17 Oct 2014
Closed_Date 0000-00-00 00:00:00 2014-10-17 13:54:00
avatar Kixo
Kixo - comment - 17 Oct 2014

yes you can, before MySQL 5.0.3, a VARCHAR could only store up to 255 characters. But Joomla requires 5.1 so we are good to have a 65535 characters

avatar zero-24 zero-24 - change - 7 Jul 2015
Labels Added: ?

Add a Comment

Login with GitHub to post a comment