search

joomla / joomla-cms

Home of the Joomla! Content Management System
https://www.joomla.org
GNU General Public License v2.0
4.76k stars 3.65k forks source link

Pagenator error #44257

Open akbet opened 1 week ago

akbet commented 1 week ago

Hello

Joomlla 4.4.8 and Joomla 5.1.4

Steps to reproduce the issue

any url where use pagenator, created like describer there: https://ordasoft.com/Forum/BookLibary-Component-Support/49107-Navigation-Link-Issues-on-Next-Page.html

Pagenator not save in URL some parameter which not exist in your params list, in my case "catid"

Pagenator remove it

Expected result

Must save it. Any Parameter must exist in pagenator

Actual result

"catid" removed from Pagenator. And any other. You save only "default list"

System information (as much as possible)

Error in file: libraries/src/Pagination/Pagination.php

You save only parameters in url which exist in 

    // Platform defaults
    $defaultUrlParams = [
        'format'        => 'CMD',
        'option'        => 'CMD',
        'controller'    => 'CMD',
        'view'          => 'CMD',
        'layout'        => 'STRING',
        'task'          => 'CMD',
        'template'      => 'CMD',
        'templateStyle' => 'INT',
        'tmpl'          => 'CMD',
        'tpl'           => 'CMD',
        'id'            => 'STRING',
        'Itemid'        => 'INT',
    ];

In old Joomla version libraries/src/Pagination/Pagination.php work good

if I will use: $defaultUrlParams = [ 'format' => 'CMD', 'option' => 'CMD', 'controller' => 'CMD', 'view' => 'CMD', 'layout' => 'STRING', 'task' => 'CMD', 'template' => 'CMD', 'templateStyle' => 'INT', 'tmpl' => 'CMD', 'tpl' => 'CMD', 'catid' => 'STRING', 'id' => 'STRING', 'Itemid' => 'INT', ];

catid - will exist in pagenator URL

Additional comments

Regards Andrew

drmenzelit commented 1 week ago

It is not clear to me, if you are describing a problem in Joomla itself or in a third-party component. Security versions 4.4.7 and 5.1.3 introduced changes in the war pagination works. Here is an explanation and the way extensions can add parameters: https://docs.joomla.org/J5.x:Pagination_class_removes_query_parameters

akbet commented 1 week ago

Hello

In Last Joomla versions the Pagenator API start work ONLY with parameters from this list

$defaultUrlParams = [
    'format'        => 'CMD',
    'option'        => 'CMD',
    'controller'    => 'CMD',
    'view'          => 'CMD',
    'layout'        => 'STRING',
    'task'          => 'CMD',
    'template'      => 'CMD',
    'templateStyle' => 'INT',
    'tmpl'          => 'CMD',
    'tpl'           => 'CMD',
    'id'            => 'STRING',
    'Itemid'        => 'INT',
];

The if I use any other parameter "catid", "name", ......

The API with Joomla Pagenator will remove it.

Please turn OFF Router and create link to page with Pagenator - and add to that link any parameter not in your list(which I show before) - and Pagenator will not support it.

Please or fix this or return back old Pagenator file

Regards Andrew

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/44257.

akbet commented 1 week ago

May be

setAdditionalUrlParam('month', $state->get('filter.month'));

Is a good solution - only as result in configure able "Search forms" - will need set a lot additional settings - so more code, more complicate component, more errors, low site speed ....

and as me seem this "That behavior create a cache poisoning attack vector" must resolve with another methods

Regards Andrew

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/44257.

rdeutz commented 1 week ago

It is still not clear if you are having a problem with Joomla Core or a 3rd part extension. Please let us know.