Profile cover photo
Profile photo
klas b
klas's posts

Post has attachment
My 5 cents on JComponent helper returning wrong results:

I sent this report to the JSST on 26.7.11, never got any reply about its content, just standard thank you blabla... I originally sent this to JSST as wrong result of this function combined with vulnerable extension could be a potential danger, but after more than one year it is safe to claim they decided it is not an issue so IMHO it is safe to publish. Also function has apparently not changed since 2009, which is being discussed in a topic.


Perhaps just this clarification for result column:
OK - component renders,
NOT_FOUND - system returns COMPONENT NOT FOUND status
Marked by red fields are results when under specified conditions component renders  when it should indeed return NOT_FOUND.  In combination with vulnerable extension this could lead to security breach.

Orange marks conditions when issue is a functional bug, but IMHO not a security problem.

EDIT: Forgot to add this: it becomes a security issue if someone relies on Disable to prevent unsafe users from accessing vulnerable component (backend - second red OK) or when vulnerable component is deinstalled from database (== not installed) but files remain there (e.g. due to file permission problems) - this is valid fro the frontend first red OK). Not a release triggering issue, but should be fixed anyway.

Post has attachment

Post has attachment
Joomla Extension developers - now is the time to test your old content elements with Joomfish 2.5. & report issues you might find

Post has attachment

Post has attachment
In case you missed it on twitter: Blogpost => How to override Joomla 1.5. component router
Wait while more posts are being loaded