Joomla Templates Club 406,261 posts

[n6rej Friend n6rejJoin date: November 2006Posts: 1040Downloads:0Uploads:63 Thanks: 79 Thanked: 145 times in 90 posts]

#427048

<em>@jooservices 285744 wrote:</em><blockquote>Hi,
Would you mind give me the “bug” of my code

About this code

require_once JPATH_ROOT . DS . 'components' . DS . 'com_content' . DS . 'models' . DS . 'articles.php';
Please note this’s only replace for JModel::addIncludePath not for !app->isAdmin.

And this’s code used to include model Articles directly instead via addIncludePath.

Btw glad to hear if you can give me exploit method

Thank you,</blockquote>
I’ve just go through talking to Tam about my concerns and he agreed with my thoughts…
that if is to test for frontend or backend running. removing it removes that safety check. Further it was put in place to fix
http://www.joomlart.com/forums/topic/fatal-error-call-to-undefined-method-contentmodelarticle/

so removing it will break the other issue once again.
lastly there were other bugs ( duplicate calls ) that were not caught in this fix and that is being fixed also.
Tam has asked that we wait a day or two for this to be fixed properly. It is cued up as we speak.

The bottom line is yes, your fix is a bandaid, but lets not use bandaids, they are for temporary measures. And using a bandaid that breaks other things imo is worse then not using one at all.

1 user says Thank You to n6rej for this useful post

1. dieudonne

[jooservices Friend jooservicesJoin date: October 2014Posts: 8556Downloads:0Uploads:130 Thanked: 1245 times in 1121 posts]

#427052

Hi
I have checked into code for around and please fix me if i have error / mistake code here
#1.

if (!$app->isAdmin())
In this code as far i can “understand” it’s used for trigger only at frontend ? So it should not effect to backend.

#2. I have a small video around 15min to check into this issue. And with Joomla 1.7.3 i don’t see trouble at backend as this one:

http://www.joomlart.com/forums/topic/fatal-error-call-to-undefined-method-contentmodelarticle/

#3.

/**
* Add a directory where JModel should search for models. You may
* either pass a string or an array of directories.
*
* @param mixed $path A path or array of paths to search.
* @param string $prefix A prefix for models.
*
* @return array An array with directory elements. If prefix is equal to '', all directories are returned.
* @since 11.1
*/
public static function addIncludePath($path = '', $prefix = '')
{
static $paths;

if (!isset($paths)) {
$paths = array();
}

if (!isset($paths[$prefix])) {
$paths[$prefix] = array();
}

if (!isset($paths[''])) {
$paths[''] = array();
}

if (!empty($path)) {
jimport('joomla.filesystem.path');

if (!in_array($path, $paths[$prefix])) {
array_unshift($paths[$prefix], JPath::clean($path));
}

if (!in_array($path, $paths[''])) {
array_unshift($paths[''], JPath::clean($path));
}
}

return $paths[$prefix];
}

This function actually just give a array of directories that need looking for when we go with Models.
And inside our own ( i mean our own not in general thing ), for better use we should only include / call which one we really need to use not just include / call everything. I think it’s also better. And that’s why i gave second solution: use include / require once for each Model file we need to use.

Finally, thank you with your suggestion. Please fix me with some code / logic explain from You if i have any wrong logic / code here.

Thank you and have nice day.

1 user says Thank You to jooservices for this useful post

1. dieudonne

[n6rej Friend n6rejJoin date: November 2006Posts: 1040Downloads:0Uploads:63 Thanks: 79 Thanked: 145 times in 90 posts]

#427060

#1 right, that ensures that that section of code will only run if we’re in the frontend

#2 that is where the need for the if was discovered.

#3 correct, however notice that we can pass a path and prefix ergo we can pull ONLY the model class desired via the call.
then on return we simply break the desired one out of the array and go to work with it.
but anyway, as I said Tam will straighten it all out and it will be fixed permanently 🙂

1 user says Thank You to n6rej for this useful post

1. dieudonne

[n6rej Friend n6rejJoin date: November 2006Posts: 1040Downloads:0Uploads:63 Thanks: 79 Thanked: 145 times in 90 posts]

#427251

As promised we’ve come up with a good solution. 🙂
please make the following changes to /plugins/system/jatabs/jatabs.php
from:

/* Check to ensure this file is included in Joomla! */

defined('_JEXEC') or die();
jimport('joomla.plugin.plugin');
jimport('joomla.application.module.helper');
jimport('joomla.application.module.helper');
require_once JPATH_SITE.'/components/com_content/helpers/route.php';
jimport('joomla.application.component.model');
$app = JFactory::getApplication();
if (!$app->isAdmin()){
JModel::addIncludePath(JPATH_SITE.'/components/com_content/models', 'ContentModel');
}
/**
* Jatabs Content Plugin

to:

/* Check to ensure this file is included in Joomla! */

defined('_JEXEC') or die();
$app = JFactory::getApplication();

jimport('joomla.plugin.plugin');
jimport('joomla.application.module.helper');
jimport('joomla.application.component.model');
require_once JPATH_SITE.'/components/com_content/helpers/route.php';

if (!$app->isAdmin()){
require_once JPATH_SITE.'/components/com_content/models/articles.php';
}

/**
* Jatabs Content Plugin

Please note: this is subject to change as we polish this fix more. As we investigate this further. It was brought about by a recent change in J! due to the security fixes they did.

1 user says Thank You to n6rej for this useful post

1. dieudonne

[dieudonne Friend dieudonneJoin date: January 2011Posts: 947Downloads:61Uploads:266 Thanks: 452 Thanked: 107 times in 3 posts]

#428000

Excellent !

It is working now.
Thank you very much for your help.

[jooservices Friend jooservicesJoin date: October 2014Posts: 8556Downloads:0Uploads:130 Thanked: 1245 times in 1121 posts]

#428002

Thank you Troy with “your solution” code.
Topic update as solved.

[Author]

Posts