Hi Beat,

I was wondering if there was any way to make that bug report a level 1 or 2 priority on Joomlacode. As I am sure you know J1.5 is very very very close to going gold and this sound slike a pretty important bug for the CB community.

Not sure if you have seen this -->

groups.google.com/group/joomla-devel/browse_thread/thread/e551abde11198fbc

Excellent...

Although not all bugs are going to be fixed for them going gold, this looks to be a big one for the CB community.

beat wrote:

Just to be clear, this is not a CB bug, but a joomla bug

Actually, I hate to break it to you, but this IS a CB bug, not a Joomla bug. Here's the problematic code:
[code:1]

// variant 1: (13 lines up to variant 2):
$request_uri = mosGetParam( $_SERVER, 'REQUEST_URI', null );
$isHttps = (isset($_SERVER) && ( !empty( $_SERVER ) ) && ($_SERVER != 'off') );
if (!(strncmp($request_uri, "http:", 5)==0) && !(strncmp($request_uri, "https:", 6)==0)) {
$return = "http".( $isHttps ?"s":""«»)
."://".mosGetParam( $_SERVER, 'HTTP_HOST', null ).((strpos($request_uri, '/') !== 0) ? "/":""«»).$request_uri;
} else {
$return = $request_uri;
}
if (strncmp($mosConfig_live_site, $return, $len_live_site) == 0) {
$return = substr($return, $len_live_site);
if (strncmp($return,"/",1) == 0) {
$return = substr($return, 1);
}
}
[/code:1]

THANKFULLY, there is a true workaround to this, just a few lines down.

All you have to do iscomment all of the above code, so it looks like:
[code:1]
/*
// variant 1: (13 lines up to variant 2):
$request_uri = mosGetParam( $_SERVER, 'REQUEST_URI', null );
$isHttps = (isset($_SERVER) && ( !empty( $_SERVER ) ) && ($_SERVER != 'off') );
if (!(strncmp($request_uri, "http:", 5)==0) && !(strncmp($request_uri, "https:", 6)==0)) {
$return = "http".( $isHttps ?"s":""«»)
."://".mosGetParam( $_SERVER, 'HTTP_HOST', null ).((strpos($request_uri, '/') !== 0) ? "/":""«»).$request_uri;
} else {
$return = $request_uri;
}
if (strncmp($mosConfig_live_site, $return, $len_live_site) == 0) {
$return = substr($return, $len_live_site);
if (strncmp($return,"/",1) == 0) {
$return = substr($return, 1);
}
}
*/
[/code:1]


What was happening here (at least for ME) was the return URL (ie: as sent by your form) was not sent properly to the form. It's the script's responsibility to verify that the data sent to it is properly done.

By commenting out the above lines, AND chaanging
[code:1]
// $return = 'index.php?' . mosGetParam( $_SERVER, 'QUERY_STRING', '' );
[/code:1]
to
[code:1]
$return = 'index.php?' . mosGetParam( $_SERVER, 'QUERY_STRING', '' );
[/code:1]

this solved my issues, nd allowed individuals to login, and register quite successfully, whereas before, not so much. I'd get redirected to the default opendns 404 page.

Not sure what's wrong with the coding for the first box, not really concerned, but it's improperly done.

Post edited by: twhiting9275, at: 2008/01/24 05:10

Even using the version 2 as per the last post does not work. The problem is calling
$login = sefRelToAbs( $login );

on line 431 (for me)

That legacy code changes & to & fine.

But when it sort the form is calls htmlspecialchars for the return parameter. That will change the & in front of the & to & so you get & which is not desireable.

One cannot change the Legacy class. So what to do?
My suggestion is to remove the remove the htmlspecialchars what entrties can go in the parameters? You do need version 2 still by the way.