[#8728] - Error in JURI::isInternal
- Closed
- 18 Dec 2015
- Medium
- Build: master
- # 8728
Steps to reproduce the issue
JURI::isInternal('/index.php?option=com_test') - return false (Error '/index.php?option=com_test' - is internal url)
JURI::isInternal('index.php?option=com_test') - return true
Expected result
JURI::isInternal('/index.php?option=com_test') - return true
Actual result
JURI::isInternal('/index.php?option=com_test') - return false
System information (as much as possible)
Additional comments
Votes
| Title |
|
||||||
| Title |
|
||||||
JURI::isInternal('/index.php?option=com_test')
That should certainly not always return true! E.g. If your Joomla install is in a sub-folder.
I think that this is really a duplicate of #8689 and just spreads out our resources. You can add your comment of this (fixed with my feedback) to the comments of #8689 and close this one.
Actually what would be more useful is if someone can propose a very simple and secure PR to improve IsInternal is welcome (simple to be easily reviewable), It needs to pass existing unit tests before new unit tests are added to extend the valid internal URLs.
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2015-12-18 12:46:09 |
| Closed_By | ⇒ | victorantoniak |
This should never return true as isInternal is designed to accept an input starting with index.php and not with a /
If you base64_encode(JRoute::_("index.php?...) this will add a "/" to be beginning of the decode variable, resulting in a url of /index.php?....
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8728.
See also "Wrong redirect after login on front-end since 3.4.6" #8689