Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make sure the URL installer does not allow other schemas then http and https #32087

Merged
merged 5 commits into from
Jan 24, 2021
Merged

Make sure the URL installer does not allow other schemas then http and https #32087

merged 5 commits into from
Jan 24, 2021

Conversation

zero-24
Copy link
Contributor

@zero-24 zero-24 commented Jan 19, 2021

Pull Request for an Issue raised to the JSST.

Summary of Changes

Make sure the URL installer does not allow other schemas then http and https

Testing Instructions

  • Try to install an extension form this url: ftp://joomla.zip
  • Joomla tires to contact an FTP server
  • apply this patch
  • try ftp://joomla.zip again.
  • There is now a dedicated message and we dont try to contact an FTP server
  • make sure that extension installation from URL still works as before.

Actual result BEFORE applying this Pull Request

There is an message but we still try to contact the FTP server

Expected result AFTER applying this Pull Request

There is now a dedicated message and we dont try to contact an FTP server

Documentation Changes Required

none

@joomla-cms-bot joomla-cms-bot added Language Change This is for Translators PR-staging labels Jan 19, 2021
@zero-24 @brianteeman
Update administrator/language/en-GB/en-GB.com_installer.ini
eae250f 
Co-authored-by: Brian Teeman <brian@teeman.net>
@toivo
Copy link
Contributor

toivo commented Jan 20, 2021

I have tested this item ✅ successfully on eae250f

Tested successfully in 3.9.25-dev of 20 January using PHP 8.0.1.

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32087.

@ghost
Copy link

ghost commented Jan 20, 2021

I have tested this item ✅ successfully on eae250f

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32087.

@zero-24 zero-24 added this to the Joomla! 3.9.25 milestone Jan 20, 2021
@PhilETaylor

This comment was marked as abuse.

Sign in to view
@zero-24
Copy link
Contributor Author

zero-24 commented Jan 21, 2021

Lol when I reported this years ago I was told it was a non-problem and only idiots would try to use a non http prefix ...

Well its still not handled as security issue but it was reported as one. ;) Given that we had some kind of not working JS "validation" we choose to move this forward to the public tracker and get it fixed anyway.

@richard67
Copy link
Member

I have tested this item ✅ successfully on e393a65

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32087.

1 similar comment
@ghost
Copy link

ghost commented Jan 24, 2021

I have tested this item ✅ successfully on e393a65

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32087.

@joomla-cms-bot joomla-cms-bot removed this from the Joomla! 3.9.25 milestone Jan 24, 2021
@richard67
Copy link
Member

RTC

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32087.

@joomla-cms-bot joomla-cms-bot added the RTC This Pull Request is Ready To Commit label Jan 24, 2021
@drmenzelit drmenzelit added this to the Joomla! 3.9.25 milestone Jan 24, 2021
@drmenzelit drmenzelit merged commit 361a90a into joomla:staging Jan 24, 2021
@joomla-cms-bot joomla-cms-bot removed the RTC This Pull Request is Ready To Commit label Jan 24, 2021
@drmenzelit
Copy link
Contributor

Thanks

@zero-24 zero-24 deleted the url_check branch January 24, 2021 16:07
@zero-24
Copy link
Contributor Author

zero-24 commented Jan 24, 2021

Thanks @drmenzelit

@jgerman-bot jgerman-bot mentioned this pull request Jan 24, 2021
Closed
Kostelano added a commit to JPathRu/localisation that referenced this pull request Feb 28, 2021
@Kostelano
Новые константы (3.9.25 RC)
8971f84 
joomla/joomla-cms#32099 +
joomla/joomla-cms#32087 +
joomla/joomla-cms#32505 +
heelc29 added a commit to heelc29/joomla that referenced this pull request Sep 13, 2024
@heelc29
remove string
42e1908 
joomla/joomla-cms#32087
@heelc29 heelc29 mentioned this pull request Sep 13, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brianteeman brianteeman brianteeman left review comments

@PhilETaylor PhilETaylor PhilETaylor left review comments

@Quy Quy Quy left review comments

Assignees
No one assigned
Labels
Language Change This is for Translators
Projects
None yet
Milestone
Joomla! 3.9.25
Development

Successfully merging this pull request may close these issues.
8 participants
@zero-24 @toivo @PhilETaylor @richard67 @drmenzelit @Quy @brianteeman @joomla-cms-bot