Joomla updates will fail when spaces in temp path #41
Description
This has been copied over from joomla/framework.joomla.org#77 from @smohila since it was wrong in the framework.joomla.org project.
As a follow up to joomla/joomla-cms#35684 I would like to place this issue here:
Steps to reproduce the issue
- Set up a path with a space character in the
$config->tmp_pathvariable (e.g. /Users/test/files/joomla projects/mysite/tmp) - Start a joomla update in the joomla backend
Expected result
The joomla update process should run through as normal (update from 3.9.27 to 3.10.2).
Actual result
Update could not be installed. Got an error The checksum verification failed. Please make sure you are using the correct update server!.
Reason for this error
In file libraries/vendor/joomla/filter/src/InputFilter.php in method cleanPath (line 1017) a regexp for checking the path for Linux or Windows file systems fails. For Linux systems the patters is defined as:
$linuxPattern = '/^[A-Za-z0-9_\/-]+[A-Za-z0-9_\.-]*([\\\\\/]+[A-Za-z0-9_-]+[A-Za-z0-9_\.-]*)*$/';
This pattern does not accept any spaces. Thus a tmp_path containing any spaces will fail.
Solution
The pattern should allow space, e.g.
$linuxPattern = '/^[A-Za-z0-9 _\/-]+[A-Za-z0-9 _\.-]*([\\\\\/]+[A-Za-z0-9 _-]+[A-Za-z0-9 _\.-]*)*$/';
Then the method cleanPath will return the correct path and the update process works as expected.
Additional comments
Tested/reproduced on Joomla! 3.9.27 trying to update to 3.10.2