New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[com_redirect] urls larger than 255 chars gives an error #4692
Comments
I have just tested this one and it does chop the url at 255. I would see it as a security bug too as the error message is being dumped into the status code as well as on page First try: Status Code I get is this when added the long redirect:
|
As an extra note the code 1062 is a mysql error #1062 - Duplicate entry for key. Just to show it is not a status for the page Joomla has created, but the error message instead.
|
The field should be changed from VARCHAR to TEXT |
@aDaneInSpain want to do a PR for that? Please |
Should it also be looked at that the error message went in to the status code or is that a separate task? Happy to check it if you do a PR as I am not sure where you do DB changes to do one. Would you change the set up scripts? |
are you working on this @tristanbailey if not I can take this one |
@brianteeman I did not do it as I am not sure how DB changes are made. I suppose in the install SQL but I expect that there should also be an upgrade SQL file that alters the table. |
Yes thats right. I dont know how either but I thought I would ask you ;) On 17 October 2014 12:44, Søren Beck Jensen notifications@github.com
Brian Teeman |
@Kixo go ahead I will be interested in the coding for how you fix it but should be only 2-3 lines of SQL at the core. |
ok after some reading up I found up that maximum allowed URL in IE is 2083, other browsers allow much higher numbers, even over 100.000, but we must stand with the lowest one, so I set it up for 2083. In this PR I have removed unique constraint. When we insert new row we are actually doing this check inside of the Joomla code, so this is not needed. And it was making a trouble because maximum varchar key for unique key is 767. So while removing it for mysql, I removed it for all DBs because as stated above, it is not needed. Please check this code against Postgre and sqlazure if possible. #4781 |
Hmm.... did not know you could make varchar over 255. Nice to know, thanks. |
Set to "closed" on behalf of @zero-24 by The JTracker Application at issues.joomla.org/joomla-cms/4692 |
closing as we have a PR by Kixo: http://issues.joomla.org/tracker/joomla-cms/4781 |
yes you can, before MySQL 5.0.3, a VARCHAR could only store up to 255 characters. But Joomla requires 5.1 so we are good to have a 65535 characters |
Steps to reproduce the issue
Have the com_redirect plugin activated.
Go to a non-existing URL which is larger than 255 chars. I used an URL which has a length of 373 chars.
The plugin will trigger because there is a 404. It will now check it the URL exists in the redirect table. It does not, so it will add it. The problem here is that it will only add the first 255 chars of the url because the column is of type varchar(255).
When you visit the large URL again the plugin will trigger again as expected. It will check if the link exists in the table. The link does not exist in the table because it only saved the first 255 chars. Now, it will try to insert the URL into the table again. Again, it will use the first 255 chars. This causes an error in MySQL because it is trying to insert a duplicate key. Now the error in Joomla changes from 404 to 1062. Because of this the 404 page is not rendered. The browser will get a 500 error.
Expected result
Because of the column type varchar(255) this can't be solved if this type is not changed. But I still expect to get a 404. Not a 1062 (500 for the browser).
Actual result
Error 500. And no 404 page rendered.
System information (as much as possible)
Redirect plugin version: 3.0.0
Additional comments
For now, in my template override I added a check for jos_redirect_links:
if ($this->error->getCode() == '404' || strpos($this->error->getMessage(), 'jos_redirect_links')) {
// render 404 page
}
if (strpos($this->error->getMessage(), 'jos_redirect_links')) {
// Set to 404
header('HTTP/1.0 404 Not Found');
exit;
}
This renders the 404 page and returns a 404 error to the browser.
The text was updated successfully, but these errors were encountered: