Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[4.4] check for valid referrer #42599

Merged
merged 2 commits into from Jan 10, 2024
Merged

[4.4] check for valid referrer #42599

merged 2 commits into from Jan 10, 2024

Conversation

heelc29
Copy link
Contributor

@heelc29 heelc29 commented Jan 3, 2024

Summary of Changes

check if $_SERVER['HTTP_REFERER'] is valid before call Uri::isInternal()

Testing Instructions

  • login as super user in backend
  • visit https://example.tl/administrator/index.php?option=com_admin&view=sysinfo&format=text (note: link is without token!)
  • check php warnings (PHP >= 8.1 required)

Actual result BEFORE applying this Pull Request

PHP Deprecated: str_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated in libraries/src/Uri/Uri.php on line 243

Expected result AFTER applying this Pull Request

No deprecation warning

Link to documentations

Please select:

  • No documentation changes for docs.joomla.org needed
  • No documentation changes for manual.joomla.org needed

@Quy
Copy link
Contributor

Quy commented Jan 4, 2024

I have tested this item ✅ successfully on 432c681

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/42599.

1 similar comment
@viocassel
Copy link
Contributor

I have tested this item ✅ successfully on 432c681

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/42599.

@alikon
Copy link
Contributor

alikon commented Jan 8, 2024

RTC

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/42599.

@joomla-cms-bot joomla-cms-bot added the RTC This Pull Request is Ready To Commit label Jan 8, 2024
@MacJoom MacJoom self-assigned this Jan 10, 2024
@MacJoom MacJoom added this to the Joomla 4.4.3 milestone Jan 10, 2024
@MacJoom MacJoom merged commit 14a1ad4 into joomla:4.4-dev Jan 10, 2024
3 checks passed
@joomla-cms-bot joomla-cms-bot removed the RTC This Pull Request is Ready To Commit label Jan 10, 2024
@heelc29 heelc29 deleted the 4.4/mvc/base-controller/referrer branch January 11, 2024 10:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@MacJoom MacJoom

Labels
PR-4.4-dev
Projects
None yet
Milestone
Joomla 4.4.3
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@heelc29 @Quy @viocassel @alikon @MacJoom @joomla-cms-bot