Behavior change for Uri::isInternal for URLs without protocol/nl: Difference between revisions
From Joomla! Documentation
Created page with "J5.x:Gedragsverandering voor Uri::isInternal voor URL's zonder protocol" |
Created page with "==Gerapporteerde fouten==" |
||
| Line 2: | Line 2: | ||
<!-- Start with an intro below this line --> | <!-- Start with an intro below this line --> | ||
==Gerapporteerde fouten== <!-- Fill errors below --> | |||
<div lang="en" dir="ltr" class="mw-content-ltr"> | <div lang="en" dir="ltr" class="mw-content-ltr"> | ||
This release for Joomla 5.1.3 and 4.4.7 changed how Uri::isInternal handles URLs without scheme/protocol. That might lead to redirects, that previously worked, to break after the update. | This release for Joomla 5.1.3 and 4.4.7 changed how Uri::isInternal handles URLs without scheme/protocol. That might lead to redirects, that previously worked, to break after the update. | ||
Revision as of 07:58, 21 August 2024
Gerapporteerde fouten
This release for Joomla 5.1.3 and 4.4.7 changed how Uri::isInternal handles URLs without scheme/protocol. That might lead to redirects, that previously worked, to break after the update.
==Versions affected==
This pertains only to Joomla! version(s): 5.1.3, 4.4.7
==What is the cause== The Uri::isInternal method considered URLs containing a valid hostname but not a scheme ("www.example.org") as internal URLs. This behavior caused multiple attack vectors. With this release, the behavior has been changed. URLs containg a valid hostname will only be considered internal if the scheme ("https://") is provided in the method call and the scheme matches the currently used scheme of the request.
==How to fix==
Provide absolute URLs including the scheme/protocol or use relative URLs.