search

joomla / joomla-cms

Home of the Joomla! Content Management System
https://www.joomla.org
GNU General Public License v2.0
4.73k stars 3.64k forks source link

Joomla updates will fail when spaces in temp path #35684

Open smohila opened 2 years ago

smohila commented 2 years ago

Steps to reproduce the issue

Expected result

The joomla update process should run through as normal (update from 3.9.27 to 3.10.2).

Actual result

Update could not be installed. Got an error The checksum verification failed. Please make sure you are using the correct update server!.

Reason for this error

In file libraries/vendor/joomla/filter/src/InputFilter.php in method cleanPath (line 1017) a regexp for checking the path for Linux or Windows file systems fails. For Linux systems the patters is defined as:

$linuxPattern = '/^[A-Za-z0-9_\/-]+[A-Za-z0-9_\.-]*([\\\\\/]+[A-Za-z0-9_-]+[A-Za-z0-9_\.-]*)*$/';

This pattern does not accept any spaces. Thus a tmp_path containing any spaces will fail.

Solution

The pattern should allow space, e.g.

$linuxPattern = '/^[A-Za-z0-9 _\/-]+[A-Za-z0-9 _\.-]*([\\\\\/]+[A-Za-z0-9 _-]+[A-Za-z0-9 _\.-]*)*$/';

Then the method cleanPath will return the correct path and the update process works as expected.

Additional comments

Tested/reproduced on Joomla! 3.9.27 trying to update to 3.10.2

brianteeman commented 2 years ago

spaces in files and folder names under linux is never recommended afaik

PhilETaylor commented 2 years ago

If you really must add a space in the regex please use '\s' and not just a white space space

smohila commented 2 years ago

spaces in files and folder names under linux is never recommended afaik

You're basically right but on local systems (MacOS, Windows) it's not unusal that people have paths to there systems with spaces afaik.

PhilETaylor commented 2 years ago

InputFilter is not a Joomla (CMS) class and so this should be addressed upstream in the framework repo if at all.

smohila commented 2 years ago

InputFilter is not a Joomla (CMS) class and so this should be addressed upstream in the framework repo if at all.

Thanks for your hint, I placed it here: https://github.com/joomla/framework.joomla.org/issues/77

Hackwar commented 1 year ago

@smohila the correct place for that issue report would have been here: https://github.com/joomla-framework/input/issues I'll copy the one from you over.