-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
User profile website only cleaned, when DOB is set #3707
Conversation
Within the onUserBeforeSave() event, the user profile data are checked to make sure they are valid. The "website" value is converted into Puny-code, while the DOB (Date-Of-Birth) is converted from whatever-format to MySQL-format. However, the "website" value is only checked for, when the DOB value is set. The patch places the "website" check outside of the "dob" check, and into its own if-structure. To test this, I've used a workaround to see whether the PHP-line itself was executed. I tried to enter some kind of non-Punycode URL that would be converted into proper Punycode but I have failed with this so far. If somebody else has suggestions for this (so: how to enter a non-Punycode URL for testing purpose) that would be awesome. To test the code with my hack, just add the following line, right after the line mentioning the Puny-code: $data['profile']['website'] = 'http://example.com'; Test without patch: * Enable the profile plugin so you are able to enter both website as DOB in your profile. * Hack the code as mentioned above * Enter no DOB, but do add a website URL (not "http://example.com"). * The website is saved properly. * Repeat this, but now enter a DOB and a website URL. * The hack should change the URL to "http://example.com". The test above should show you that the hack of setting the URL to "example.com" is only applied when the DOB is set, and it is not applied when the DOB is not set. Test with patch: * Enable the profile plugin so you are able to enter both website as DOB in your profile. * Hack the code as mentioned above * Enter no DOB, but do add a website URL (not "http://example.com"). * The hack should change the URL to "http://example.com". * Repeat this, but now enter a DOB and a website URL. * The hack should change the URL to "http://example.com". The test with patch should result into the hack being applied all the time - so changing the URL to "example.com", regardless of whether the DOB is set or not. The test can be run from either the backend (for any user profile) or the frontend (for only your own profile).
Codewise I can follow what you describe here. But I think that no conversion is needed at all as the filter "url" is set for the field "website". Testing with current staging I enter a IDN URL and no DOB and it is saved punycoded. The same is true when entering a DOB. Reading https://docs.joomla.org/URL_form_field_type suggests to me, that the filter is doing that. Am I totally wrong? |
Ok, if the filter "url" is set for the field "website", then actually the entire line with JStringPunycode::urlToPunycode should be skipped - it would just be code duplication and because the logic already makes no sense, it is best to clean things up. I hope to get to fix my PR soon. |
Remove check for Puny URL entirely, because it is already being filtered through the "url" filter. Removed some unneeded white lines as well.
I've now updated the PR to remove the website check entirely because the filter "url" is already there. |
@test work! Thanks yireo! To test:
|
@test works for frontend and backend. |
Thanks for testing - setting RTC This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/3707. |
@yireo Can you please update your PR, it no longer applies when I want to commit it. Thanks. |
Merged. Thanks! |
Thanks :) |
Within the onUserBeforeSave() event, the user profile data are checked to make sure they are valid. The "website" value is converted into Puny-code, while the DOB (Date-Of-Birth) is converted from whatever-format to MySQL-format. However, the "website" value is only checked for, when the DOB value is set. The patch places the "website" check outside of the "dob" check, and into its own if-structure.
To test this, I've used a workaround to see whether the PHP-line itself was executed. I tried to enter some kind of non-Punycode URL that would be converted into proper Punycode but I have failed with this so far. If somebody else has suggestions for this (so: how to enter a non-Punycode URL for testing purpose) that would be awesome.
To test the code with my hack, just add the following line, right after the line mentioning the Puny-code:
$data['profile']['website'] = 'http://example.com';
Test without patch:
The test above should show you that the hack of setting the URL to "example.com" is only applied when the DOB is set, and it is not applied when the DOB is not set.
Test with patch:
The test with patch should result into the hack being applied all the time - so changing the URL to "example.com", regardless of whether the DOB is set or not.
The test can be run from either the backend (for any user profile) or the frontend (for only your own profile).