[Bug] VM 2.6.10 - Dot in Product/Category/Manufacturer Alias generate 404 error

Started by Tanase B., September 16, 2014, 10:03:34 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Tanase B.

September 16, 2014, 10:03:34 AM
Hi,

On one of my website I was getting a lot of errors like this (from error_log):
Code Select
File does not exists: public_html/category-name, refferer http://website.com/category-name/product-name-alias.with-dots.in-it/
... and users that were trying to access those products were blocked by server firewall because they were generating a lot of errors like that one.
The server simply thinks that the url is pointing to a file on the server.

I found a temporary solution that does not involves re-editing the products aliases by modifying the RewriteCond rule in Joomla! .htaccess (using default sef component/settings) from this
Code Select
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
to this
Code Select
RewriteCond %{REQUEST_URI} /component/|(|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
Basically, I removed the condition that blocks the dot in the url /[^.]*

After a test with Joomla's com_content component, I noticed that alias it's created normally, without dots (if any in title), so this is VM related.
I see also that this happens with VM 2.6.6.

*Probably, using a sef component will solve this, but for those that use the default sef it is a problem.
**This also happens for category alias & manufacturer alias.

Milbo

#1
September 16, 2014, 11:57:56 AM
Thank you Tanase for the solution with the htaccess.

We follow this standard http://tools.ietf.org/html/rfc1738 .

. are completly allowed and it is a wrong server configuration. We may add a config, so that people can exclude the dots optionally.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Tanase B.

#2
September 16, 2014, 12:15:26 PM Last Edit: September 16, 2014, 12:22:22 PM by Tanase B.
You welcome!

I understand. I thought that Joomla itself has a standard for url rewriting since in its default components does not allow dots on aliases (are automatically converted in dashes (-)).
Also, I'm using the default .htaccess file that comes with Joomla! - at the beginning I thought that my .htaccess was old from previous Joomla 2.5.x versions so I downloaded a fresh install and replaced it.

An option like that would be great!
Thank you  :)

LE: I see that .htaccess for Joomla! 3.x has the same line that blocks the dot. Maybe the Joomla! team should apply this solution for components that allows dots in alias.

Milbo

#3
September 17, 2014, 14:59:27 PM
Interesting,... it seems that a double dot can be still a security problem http://serverfault.com/questions/551015/apache-forbidden-with-dot-in-url

So removing the dot, protects week server setups. Then lets filter it again.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/
Print
Go Up Pages1
User actions