? Success
Pull Request for # 5781

User tests: Successful: Unsuccessful:

avatar Erftralle
Erftralle
20 Feb 2015

This pull request fixes the problem discussed in issue #5781.

avatar Erftralle Erftralle - open - 20 Feb 2015
avatar joomla-cms-bot joomla-cms-bot - change - 20 Feb 2015
Labels Added: ?
avatar zero-24 zero-24 - change - 20 Feb 2015
Rel_Number 5781
Relation Type Pull Request for
Easy No Yes
avatar zero-24 zero-24 - change - 20 Feb 2015
Category Administration
avatar zero-24
zero-24 - comment - 20 Feb 2015

@infograf768 i will add your test from here: #5781 (comment) If it is not ok let me know. Thanks.


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/6130.
avatar zero-24 zero-24 - alter_testresult - 20 Feb 2015 - infograf768: Tested successfully
avatar Bakual
Bakual - comment - 20 Feb 2015

One thing to consider here is that we are essentially removing a security filter.
As far as I see you cna now pass anything you want for that filter. It isn't sanitised anywhere. Or I at least didn't see it when I had a look. Which is very likely a security issue.

avatar sovainfo
sovainfo - comment - 20 Feb 2015

Disagree on removing a security filter. It is about filtering output, not security related.

Do object to the change:

  • Select type plugin, folder Authentication to see the plugins
  • Select type component, to see your components before the change, or get the message there are no components in authentication folder after the change.

My preference is the current implementation ignoring not applicable filter.

avatar mahagr
mahagr - comment - 20 Feb 2015

It's not security filter. At worst you end up having no results:

 WHERE folder='whateverstring'

Value is escaped, so there's nothing that can break.

I would prefer not ignoring the filter, though..

avatar Bakual
Bakual - comment - 20 Feb 2015

Thanks JSST and @sovainfo for checking. Fine for me then :+1:

avatar sovainfo
sovainfo - comment - 20 Feb 2015

Do you really want to piss off experienced administrator by forcing them to clear the filter when not applicable or do you want to tell dummies that the folder only applies to libraries and plugins and therefor is ignored for the other types!

Remember, you are changing functionality. You force people to do something extra because there are dummies that do something extra, which makes no sense, and don't understand the result.

avatar infograf768
infograf768 - comment - 21 Feb 2015

I guess the point here is that it is the only place in core where the results of filtering is incorrect.

avatar sovainfo
sovainfo - comment - 21 Feb 2015

So, the filter for folder should be hidded when it doesn't apply?
Disagree with not beeing correct. It is doing exactly what is expected. For now, it is the only place where we have optional filters. For something that is meant for Super users, that should be an issue.

avatar Erftralle
Erftralle - comment - 22 Feb 2015

I agree to @infograf768 .
The results should reflect the filter settings and not the filter settings combined with some expert knowledge that you only get by studying the source code.

avatar sovainfo
sovainfo - comment - 22 Feb 2015

Don't need to study code, just use your brain. For the record N/A means not applicable. What are you doing here (referring to Extension manager->Manage), you lack the qualifications for Super user!

avatar infograf768
infograf768 - comment - 22 Feb 2015

So, the filter for folder should be hidded when it doesn't apply?

That would indeed be the best.

avatar bertmert
bertmert - comment - 9 Mar 2015

@test Success
I prefer to see what I've selected even if it's nothing (exclusion). One more click. Who cares?
I think hard coded filter conditions by name ('plugin', 'library') are inflexible.

avatar zero-24 zero-24 - alter_testresult - 12 Mar 2015 - bertmert: Tested successfully
avatar nueckman
nueckman - comment - 14 Mar 2015

IMO just commit the patch and open a new PR for conditional fields in the frontend (the whole js-thing).

avatar zero-24 zero-24 - change - 11 Jun 2015
Status Pending Ready to Commit
avatar zero-24 zero-24 - change - 11 Jun 2015
Labels Added: ?
avatar Kubik-Rubik
Kubik-Rubik - comment - 7 Jul 2015

IMO this is a bug and should be fixed. Thank you @Erftralle! Merged.

avatar Kubik-Rubik Kubik-Rubik - change - 7 Jul 2015
Status Ready to Commit Closed
Closed_Date 0000-00-00 00:00:00 2015-07-07 22:21:17
Closed_By Kubik-Rubik
avatar Kubik-Rubik Kubik-Rubik - close - 7 Jul 2015

Add a Comment

Login with GitHub to post a comment