Problems in shortcodes framework.php

[ptopenweb]

Hi, i detect some language issues in shortcodes framework.php I have made a branch with some changes and some comments Please see the changes and read the comments in the code itself https://github.com/ptopenweb/yjsg/commit/5ba85f5b5b29ddf1d76a2343df65aef358afbc04

[ptopenweb]

Hi again, still reggarding this issue, wouldn't it be better if instead of making an external script for shortcodes, having YJSG to print out the shortcode html inside Joomla/YJSG framework?

I think this would be more secure (no direct access to php files) and since it would be inside joomla framework all session/user/language vars would be easier to access.

The idea is something like com_ajax but inside YJSG Example: https://docs.joomla.org/Using_Joomla_Ajax_Interface

Something similiar like the media popup inside the media shortcode: https://github.com/YJSGframework/yjsg/blob/master/yjsg.php#L168 https://github.com/YJSGframework/yjsg/blob/master/yjsg.php#L727 https://github.com/YJSGframework/yjsg/blob/master/yjsg.php#L1039

Thanks

[danyj]

That is same thing as what it is done now , the framework is on the top, and is the same instance as the install . What we would have to do is overcomplicate the framework.php for the same thing that is doing now. We can always lock the framework.php for admins and editors wich I was thinking on doing. This way the shortcodes would not be shown at all if accessed directly. But think of it as over precaution since again , we are loading same joomla instance , not rendering / requesting anything

[ptopenweb]

Isnt's exactly the same thing as showed in https://github.com/ptopenweb/yjsg/commit/5ba85f5b5b29ddf1d76a2343df65aef358afbc04 . The framework.php doesn't know if the user is on admin site or live site, or which language is chosen in the live site. So, how will it show the shortcodes in the user current language? (in a worst case scenario, image a site with 2 or 3 languages in frontend for instance and more 2 for admin site). I could be wrong but i think this is not possible to do in a external script.

I also notice that because my server has all direct access php files inside joomla subdirectories blocked by default (only site and admin index.php is allowed) it gave a web page blocked ( i then manually adapt it to work ), and i know, for security, that are a lot of servers and/or firewalls configured like this. I think, using joomla native or sef urls is always a better option for this.

In another subject i saw now the "->setlanguage()" will be deprecated in joomla 4.0 (CMS) so it may be better not to use it. See https://github.com/joomla/joomla-cms/commit/aaf62e1075eb0ae8a0447495b88ba0038b3fb3fb

Thanks

[danyj]

@ptopenweb I think the lock can be done via check for layout=edit, testing now and finalizing the last changes for new release

about new JLanguagefor 4.0 we would have to deal with it when time comes. By the time it is out alot can change so we will wait for RC and those changes will not be so hard to do.