Skip to content

Commit

Permalink
User profile website only cleaned, when DOB is set
Browse files Browse the repository at this point in the history 
Within the onUserBeforeSave() event, the user profile data are checked to make sure they are valid. The "website" value is converted into Puny-code, while the DOB (Date-Of-Birth) is converted from whatever-format to MySQL-format. However, the "website" value is only checked for, when the DOB value is set. The patch places the "website" check outside of the "dob" check, and into its own if-structure.

To test this, I've used a workaround to see whether the PHP-line itself was executed. I tried to enter some kind of non-Punycode URL that would be converted into proper Punycode but I have failed with this so far. If somebody else has suggestions for this (so: how to enter a non-Punycode URL for testing purpose) that would be awesome.

To test the code with my hack, just add the following line, right after the line mentioning the Puny-code:
$data['profile']['website'] = 'http://example.com';

Test without patch:
* Enable the profile plugin so you are able to enter both website as DOB in your profile.
* Hack the code as mentioned above
* Enter no DOB, but do add a website URL (not "http://example.com").
* The website is saved properly.
* Repeat this, but now enter a DOB and a website URL.
* The hack should change the URL to "http://example.com".

The test above should show you that the hack of setting the URL to "example.com" is only applied when the DOB is set, and it is not applied when the DOB is not set.

Test with patch:
* Enable the profile plugin so you are able to enter both website as DOB in your profile.
* Hack the code as mentioned above
* Enter no DOB, but do add a website URL (not "http://example.com").
* The hack should change the URL to "http://example.com".
* Repeat this, but now enter a DOB and a website URL.
* The hack should change the URL to "http://example.com".

The test with patch should result into the hack being applied all the time - so changing the URL to "example.com", regardless of whether the DOB is set or not.

The test can be run from either the backend (for any user profile) or the frontend (for only your own profile).
  • Loading branch information
@jissereitsma
jissereitsma committed Jun 2, 2014
1 parent acb7e30 commit a2000d7
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions plugins/user/profile/profile.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -344,13 +344,18 @@ public function onContentPrepareForm($form, $data)
*/
public function onUserBeforeSave($user, $isnew, $data)
{
// Convert website url to punycode
if (!empty($data['profile']['website']))
{
$data['profile']['website'] = JStringPunycode::urlToPunycode($data['profile']['website']);
}

// Check that the date is valid.
if (!empty($data['profile']['dob']))
{
try
{
// Convert website url to punycode
$data['profile']['website'] = JStringPunycode::urlToPunycode($data['profile']['website']);


$date = new JDate($data['profile']['dob']);
$this->date = $date->format('Y-m-d');
Expand Down

0 comments on commit a2000d7

Please sign in to comment.