? ? Success

User tests: Successful: Unsuccessful:

avatar demis-palma
demis-palma
15 Apr 2016

An attempt to further manipulate the encoded json returned by the PHP function json_encode(), leads to a corrupted json notation.
During the opposite process, trying to recreate the Object from the corrupted data, json_decode() fails and returns an object that is not valid.

The test below uses menu item or module parameters, but note that this problem actually affects all the JRegistry objects.

Summary of Changes

  1. Fixed JRegistry UTF8 crash
  2. Removed bugged, useless, and no longer used unicode_to_utf converters

Testing Instructions

  1. Ensure to have Multibyte String PHP Extension (mb_string). This bug only affects systems with mb_strings features.
  2. Create a new menu item, no matter its type. I chose "Featured Articles".
  3. Fill out menu item parameters at will, for example "Page Heading" and "Show Page Heading".
  4. Click Save, to ensure that the data is being saved. Not essential to reproduce the problem, but useful to see the effect of the crash.

parameters

  1. Fill out any text field with a string that could be interpreted as an unicode character. For example, put \u20ac that represents the Euro sign €. British people can put \u00a3 (Pound sign £), if they prefer. :smile:

unicode

  1. Save again.
  2. All the parameters in the menu item have been wiped out.

flushed

Discussion

  1. The methods unicode_to_utf8() and unicode_to_utf16() are clearly bugged
  2. Even if they worked well, they would replace the string \u00a3 with £, but this replacement should not be applied at all. If the user entered \u00a3 in a text input, he expects to find the same string after save. What about entering "\u00a3 represents £ sign" as Browser Page Title? It would not be possible with the automatic replacement.
  3. Inconsistent behaviour: Even if they worked well, they would be applied to the Parameters only. The Menu Item Title currently accepts strings like \u00a3 without applying this kind of replacement.
avatar demis-palma demis-palma - open - 15 Apr 2016
avatar demis-palma demis-palma - change - 15 Apr 2016
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 15 Apr 2016
Labels Added: ? ?
avatar mbabker
mbabker - comment - 15 Apr 2016

1) These changes need to go to the respective Framework repos. No file in
the libraries/vendor directory should be manually edited.

2) Even if the string methods are bugged, they can't just be removed in
full until a major version bump. With that said proof they're bugged would
be helpful to justifying their deprecations. The auto convert behavior can
be problematic, but IMO that doesn't justify removing the string methods.

On Thursday, April 14, 2016, Demis Palma ツ notifications@github.com wrote:

An attempt to further manipulate the encoded json returned by the PHP
function json_encode(), leads to a corrupted json notation.
During the opposite process, trying to recreate the Object from the
corrupted data, json_decode() fails and returns an object that is not valid.

The test below uses menu item or module parameters, but note that this
problem actually affects all the JRegistry objects.
Summary of Changes

  1. Fixed JRegistry UTF8 crash
  2. Removed bugged, useless, and no longer used unicode_to_utf converters

Testing Instructions

  1. Ensure to have Multibyte String PHP Extension (mb_string). This bug only affects systems with mb_strings features.
  2. Create a new menu item, no matter its type. I chose "Featured Articles".
  3. Fill out menu item parameters at will, for example "Page Heading" and "Show Page Heading" under "Page Dispay" tab.
  4. Click Save, to ensure that the data is being saved. Not essential to reproduce the problem, but useful to see the effect of the crash.

[image: parameters]
https://cloud.githubusercontent.com/assets/1609992/14548020/1ed5864a-02ab-11e6-9723-dd085a5ffa07.png

  1. Fill out any text field with a string that could be interpreted as an unicode character. For example, put \u20ac that represents the Euro sign €. British people can put \u00a3 (Pound sign £), if they prefer. [image: :smile:]

[image: unicode]
https://cloud.githubusercontent.com/assets/1609992/14548031/35daa582-02ab-11e6-8c68-97d292ce0dba.png

  1. Save again.
  2. All the parameters in the menu item have been wiped out.

[image: flushed]
https://cloud.githubusercontent.com/assets/1609992/14548038/3eb09a90-02ab-11e6-9dca-31740ca7f84e.png
Discussion

  1. The methods unicode_to_utf8() and unicode_to_utf16() are clearly bugged
  2. Even if they worked well, they would replace the string \u00a3 with £, but this replacement should not be applied at all. If the user entered \u00a3 in a text input, he expects to find the same string after save. What about entering "\u00a3 represents £ sign" as Browser Page Title? It would not be possible with the automatic replacement.
  3. Inconsistent behaviour: Even if they worked well, they would be applied to the Parameters only. The Menu Item Title currently accepts strings like \u00a3 without applying this kind of replacement.

You can view, comment on, or merge this pull request online at:

#9922
Commit Summary

  • Fixed JRegistry UTF8 crash
  • Removed bugged, useless, and no longer used unicode_to_utf converters

File Changes

Patch Links:


You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub
#9922

avatar brianteeman
brianteeman - comment - 15 Apr 2016

Closed for reasons stated above by @mbabker please submit to the framework repos

avatar brianteeman brianteeman - change - 15 Apr 2016
Status Pending Closed
Closed_Date 0000-00-00 00:00:00 2016-04-15 03:25:56
Closed_By brianteeman

Add a Comment

Login with GitHub to post a comment