-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GeoIP "geoip2.phar" don't work with Joomla 3.9.3 #23907
Comments
i found this https://www.drupal.org/project/drupal/issues/3028265 |
This is quick path:
|
See TYPO3/phar-stream-wrapper#15 for upstream fix Patching third party files is only a solution for a temporary fix, this type of change cannot be allowed in the CMS. |
Also as pointed out in https://www.drupal.org/project/drupal/issues/3026443 and related conversation, that patch is actually pretty likely to re-introduce security issues. |
yes, this is just quick solution that work for me. Without this solution my service dont work... Gets Joomla update with fix in version 3.9.4? |
It depends on when the upstream fix is released. The quick fix that you suggested though should not be included in a release because it re-introduces a similar issue that adding that library tries to solve (basically if you're rolling with that patch you're suggesting on a production site you need to be pretty darn certain that no other PHAR files are able to get into your environment, or you should roll a temporary patch that explicitly whitelists only that PHAR). |
@jurihahn maybe you can help test TYPO3/phar-stream-wrapper#15 and give the typo3 devs feedback if it works. 3.9.4 release is planned for 12. March so it should be ready a week before. |
Quickest thing I can come up with is apply the changes from that repo's |
Set to "closed" on behalf of @Quy by The JTracker Application at issues.joomla.org/joomla-cms/23907 |
Please test PR #23956 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/23907. |
Steps to reproduce the issue
Create library for Joomla with files
geoip2.phar from https://github.com/maxmind/GeoIP2-php
"geoip.php":
include_once('geoip2.phar');
use
jimport('libraryname.geoip');
Expected result
No exceptions, all works as with Joomla 3.9.2
Actual result
Exception:
Failed opening required 'phar://geoip2.phar/vendor/autoload.php
System information (as much as possible)
Joomla 3.9.3
PHP 7.2
Additional comments
i think it is after this fix:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7743
The text was updated successfully, but these errors were encountered: