Error

Error The Travis CI build could not complete due to an error Details

Pull Request for # 6397

User tests: Successful: Unsuccessful:

nikosdion
16 Mar 2015

This PR fixes gh-6397 "JFilterInput::isSafeFile() fail on very deep $_FILES array"

Testing instructions

Download and install the Joomla! 3 sample component from https://github.com/joomla/Joomla-3.2-Hello-World-Component/archive/step-10-adding-decorations-to-the-backend.zip
Open the file administrator/components/com_helloworld/models/forms/helloworld.xml and add the following before the closing </fieldset>

        <field type="file" name="document"  label="Document" />
        <fields name="files">
            <fields name="files0">
                <field type="file" name="file"  label="File 1" />
            </fields>
            <fields name="files1">
                <field type="file" name="file"  label="File 2" />
            </fields>
            <fields name="files2">
                <field type="file" name="file"  label="File 3" />
            </fields>
        </fields>
        <fields name="images">
            <fields name="images0">
                <field type="file" name="file"  label="Images 1" />
            </fields>
            <fields name="images1">
                <field type="file" name="file"  label="Images 2" />
            </fields>
        </fields>

Open the file administrator/components/com_helloworld/controllers/helloworld.php and add the following between the two curly braces

    public function save($key = null, $urlVar = null)
    {
        $app = JFactory::getApplication();
        $files = $app->input->files->get('jform');

        die('CHECK');

        return parent::save($key, $urlVar); // TODO: Change the autogenerated stub
    }

Go to Global Configuration and set Error Reporting to Development
Go to Components, Hello World and click on the "Hello, world" link to edit the item.
Click each file selection field and choose a small image from your computer. It's best to select files where each one is less than 100Kb to prevent upload issues with PHP itself.
Click on the Save & Close button

Result before the patch
A lot of PHP warnings

Result after the patch
No PHP warnings, just the word "CHECK" printed on your page

Technical notes

There were two corrective actions taken:

The safe file check was moved into get(). This may have a performance impact on unoptimised code calling $app->input->files->get() repeatedly over the same files, but there's no work around due to the way PHP reports uploaded files. Sorry :(
The JFilterInput::isSafeFile method was modified to handle nested file arrays, either in the raw $_FILES format or as nested arrays of file descriptors (these are the only two possible variations that exist)

Signed-off-by: Nicholas K. Dionysopoulos nicholas@akeebabackup.com

ec2e4c6 16 Mar 2015

Fix gh-6397 isSafeFile fails on deeply nested $_FILES

nikosdion - open - 16 Mar 2015

brianteeman - change - 16 Mar 2015

Rel_Number	⇒	6397
Relation Type	⇒	Pull Request for
Build	⇒	.

Fedik - test_item - 16 Mar 2015 - Tested successfully

Fedik - comment - 16 Mar 2015

thanks @nikosdion

test
work good

brianteeman - comment - 16 Mar 2015

@nikosdion travis isnt happy

_{This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/6454.}

51267a7 16 Mar 2015

Make Travis happy

nikosdion - comment - 16 Mar 2015

It's not really my fault. Travis chokes on a line I copied verbatim from JInputFiles. Apparently core code doesn't conform to the core coding standards... Anyway, I updated the PR to make Travis a happy chap.

brianteeman - comment - 16 Mar 2015

I only said travis wasnt happy. I did not apportion blame :)

nikosdion - comment - 16 Mar 2015

I know, Brian. Let me and Michael complain about the state of the core :)