Fixing PATH defines if index.php placed into the root folder of the filesystem

[nextend]

Pull Request for Issue #23148

Summary of Changes

If __DIR__ holds /, simply use empty string in /index.php and /administrator/index.php

[nextend]

On Windows I do not think there is a way to use the DIRECTORY_SEPARATOR cd \ to access anything, so __DIR__ will never hold that value. But if that happen somehow, this fix will work there too.

[richard67]

@SniperSister @zero-24 It seems this fixes an issue with Joomla running on a webserver which is isolated in a chroot enviroment. Is this something for the SST? Is is not easy to set up such an environment, so it might not be easy to find testers for this PR. Do you think the SST could help with that?

[brianteeman]

that host has always been a problem. I remember discussing things with them at the first polish joomladay

[nextend]

@PhilETaylor You are right, I just traced back this in our support system and this was related to home.pl

[richard67]

From code review the change in this PR here looks ok to me, and I also don't see a risk in it for "normal" hosts.

But it might be wrong, and that might be the risk then ;-)

And without a real test I can't say if it will fix everything for such a host.

So I have no idea what to do with this PR.

[richard67]

Gulp.

[zero-24]

I'm not sure where this is comming from when it is an hosting config error i would say fix the hosting right?

[richard67]

Seems I did not look into it deep enough.

[laoneo]

@PhilETaylor did you test this pr?

[laoneo]

I was reading it and came across "So on code review alone I would say this PR is heading in the right direction", what made me unsure about the testing state from you. I would like to move forward with this one, but I can't test it by myself so I need others to look into it.

[HLeithner]

First sorry @nextend that this took so long, it's not trivial to test this.

I tested this on my infrastructure and it's a pain to get this running (I use a really restrictive setup) (you need to have /dev/random in the website else joomla can't have random values or even a session id). Surprisingly Joomla 3 runs pretty good on "/" as document root. Also the PR seems to solves an issue. Now the but(s). this PR (or better the fact that's joomla in "/") breaks our path obscurity filter for error messages (

)

Even if this could be fixed (add a check into the message filter if JPATH_ROOT is empty). We are still on Joomla 3.

If you try out Joomla 4 on "/" as base directory it seems similar to J3, the patch needs to be adapted, we also have some more locations where JPATH_BASE is set.

I think it's not worth to fix this mainly because having joomla root folder is extremely uncommon but I would except a proper pull request with all fields analysed where JPATH_BASE/ROOT is used (CMS and framework). For example we have about 37 occurrence where JPATH_ROOT is used in a str_replace which could lead to an unexpected behavior when JPATH_ROOT is empty (see image). I would expect same is true if JPATH_ROOT is "/".

I'm closing this PR as unsupported environment for Joomla. If you @nextend or anyone else want's to reopen it please fill free and check the complete cms with proper test introductions.

If someone would like to have this fix in a local installation a define.php file can be manually added with the following content:

define('JPATH_BASE', dirname(__DIR__) === DIRECTORY_SEPARATOR ? '' : dirname(__DIR__));
define('_JDEFINES', true)
require_once JPATH_BASE . '/includes/defines.php';

this should work at least the same as this PR.