Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes wrong replacements when having multibyte characters in tag attr… #50

Closed
wants to merge 1 commit into from
Closed

Fixes wrong replacements when having multibyte characters in tag attr… #50

wants to merge 1 commit into from

Conversation

Erftralle
Copy link

@Erftralle Erftralle commented Aug 22, 2021
edited
Loading

…ibute values

I had a closer look to the problem with the "infinite loop" (which means that at the end you are running into the maximum execution time error) mentioned in joomla/joomla-cms#34967.

The problem is, that escapeAttributeValues() does not handle multibyte characters correctly. It makes wrong replacements in the tag attribute values which leads to the "infinite loop" in the further processing after the function has been applied.

One can reproduce the wrong replacement by doing the following changes to a fresch installation of Joomla 4.0.0

  1. Change the access of the function protected function escapeAttributeValues($source) in /libraries/vendor/joomla/filter/src/InputFilter.php from protected to public.
  2. Add the following code to line 179 of administrator/components/com_cpanel/src/View/Cpanel/HtmlView.php
		$inputFilter = \Joomla\CMS\Filter\InputFilter::getInstance(array(), array(), 1, 1);
		$testhtml = '<input alt="PayPal – The safer, easier way to pay online!" name="submit" src="https://www.paypalobjects.com/de_DE/CH/i/btn/btn_donateCC_LG.gif" type="image" />';

		echo "<p>Before applying escapeAttributeValues():<br/>";
		echo(htmlentities($testhtml));
		echo "</p>";
		echo "<p>After applying escapeAttributeValues():<br/>";
		echo(htmlentities($inputFilter->escapeAttributeValues($testhtml)));
		echo "</p>";
  1. Open the Joomla 4 dashboard in the backend. Notice the hyphen in the "alt" attribute of the input tag, which is a multibyte character (3 bytes). See the wrong replacements ... online!&quot; "ame=.

The problem is, that $matches[0][1] counts in bytes and $attributeValue = StringHelper::substr($remainder, $nextBefore, $nextAfter - $nextBefore); counts in multibyte characters.

After applying the patch there is no wrong replacement any more.

@MrMusic
Copy link

MrMusic commented Sep 13, 2021

I have tested this item ✅ successfully.
Thank you very much.

@SharkyKZ SharkyKZ mentioned this pull request Nov 18, 2022
Closed
@ryandemmer
Copy link
Contributor

Thank you Erftralle

I can confirm that all tests using examples from my issue - joomla/joomla-cms#39193 - and other examples as reported to me, pass with this PR.

@MacJoom
Copy link

MacJoom commented Nov 18, 2022

I have tested this item ✅ successfully. Coming from issue joomla/joomla-cms/issues/39193
Thank you

@richard67
Copy link
Contributor

Hmm, if it shall go into Joomla 4, it should either be made for the 2.0-dev branch, or it has to be merged up from the 1.x-dev into the 2.0-dev branch after it has been merged.

@tgurr tgurr mentioned this pull request Dec 28, 2022
Closed
@MrMusic MrMusic mentioned this pull request Aug 11, 2023
Merged
@Hackwar Hackwar mentioned this pull request Aug 26, 2023
Merged
@Hackwar
Copy link
Contributor

Hackwar commented Aug 26, 2023

I recreated the PR against 2.0-dev in #62. Since 1.0 doesn't get any support anymore, I'm closing this one.

@Hackwar Hackwar closed this Aug 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@Erftralle @MrMusic @ryandemmer @MacJoom @richard67 @Hackwar