[4.x] - Failure to create new articles in the front end under certain circumstances

[pjdevries]

Steps to reproduce the issue

In a virgin J4.0.5 site:

• Create a Registered user.
• Create a category and give the group the user belongs to the following permissions for that category: Create, Delete, Edit State & Edit Own.
• Create a menu item of type 'Category List'.
• Login in the front end as the new user.
• Navigate to the Category List.
• Click 'New Article'.
• Enter at least the title and click 'Save'.

Expected result

The new article being succesfully created and showing up in the Category List.

Actual result

A 404 with error message: Invalid field: Start Featured

System information (as much as possible)

Joomla! 4.0.5

Additional comments

I traced the cause of the error to line 501 of the front end article model Joomla\Component\Content\Administrator\Model\ArticleModel (administrator/components/com_content/src/Model/ArticleModel.php). That line and preceeding comment read:

// Get ID of the article from input, for frontend, we use a_id while backend uses id
$articleIdFromInput = (int) $app->input->getInt('a_id') ?: $app->input->getInt('id', 0);

First of all I wonder why the back end id is checked in a front end model. Secondly, the id obtained from $app->input can apparently contain a value other than the record id (didn't check but it looks like the category id). This sets the $articleIdFromInput to a non 0 value, whereas it should be 0 for new articles. The result is that permission, to edit certain attributes of the the record, are checked against a wrong or invalid record id, eventually resulting in the above mentioned error or unjustified acceptation or rejection of the record.

EDIT: I removed the proposed solution. Thanx to @ReLater who pointed out my stupid mistake.

Maybe this is a better approach:

$articleIdFromInput = $app->isClient('site')
            ? (int) $app->input->getInt('a_id', 0) 
            : $app->input->getInt('id', 0);

[ReLater]

First of all I wonder why the back end id is checked in a front end model.

Because the model is used in frontend and backend. Therefore the line checks first for a frontend ID that normally uses a_id not id inside the edit URL. If a_id not provided check for id which is normally the article id in backend inside the edit URL.

Example for new article in frontend: ?view=form&a_id=0&layout=edit&catid=2&return=xyz

[pjdevries]

Like I mentioned, the problem appears in the front end ArticleModel. Why would that model be used in the back end? Anyhow, the problem exists, is reproducible and can be solved with the proposed modification.

[ReLater]

Your pointing to

Joomla\Component\Content\ Administrator \Model\ArticleModel ( administrator /components/com_content/src/Model/ArticleModel.php).

in your opening post and I was just answering 1 question BTW.

I didn't want to discuss the main issue. Haven't tested.

[pjdevries]

@ReLater You are absolutely right and I feel ashamed for my inconsiderate response. I apologize and will correct the mistake.

[pjdevries]

Not an excuse, but I was completely wrong footed because I was creating a new article in the front end and did not notice it was actually the back end model in which the error occurred. Thanx to @ReLater for pointing that out.

The error is still real though. However, my suggested solution wasn't, so I removed it from the issue.

[joomdonation]

@pjdevries Your better approach is right (except (int) type casting is not needed). Could you please make a PR with your propose code?

[pjdevries]

@joomdonation Unfortunately I can not spare the time to create PR's. They always take unforeseen more time than anticipated and I'm not able to deal with that right now.

[alikon]

please test #36542

[pjdevries]

I tested and approved.