How to fix pagination in your extensions for Joomla 5.1.3+. Backwards breaking changes

This is information about a possible break in backward compatibility in a class. Pagination Joomla 5.1.3+. Release 5.1.3 was associated with closing vulnerabilities (see Joomla 5.1.3 and 4.4.7 Security and Bug Fix Release), it changed the approach to generating links for pagination pages. Because of this, pagination page links in third-party Joomla components may stop working. In core components, pagination errors were fixed in release 5.1.4.

How was it?

Until now, links to individual pages, as well as links to the “To the top”, “To the bottom”, “Forward” and “Previous” pages, automatically included all query parameters that were present in the current query ($app->getInput()). This behavior creates the possibility of an attack vector for intruders to infect the cache.

How did it happen?

To mitigate this factor, it was necessary to make changes to the class behavior. Pagination. Pagination class by default will only include the following query parameters in the URL generation process:

<?php
// @see \Joomla\CMS\Pagination\Pagination::_buildDataObject

$defaultUrlParams = [
            'format'        => 'CMD',
            'option'        => 'CMD',
            'controller'    => 'CMD',
            'view'          => 'CMD',
            'layout'        => 'STRING',
            'task'          => 'CMD',
            'template'      => 'CMD',
            'templateStyle' => 'INT',
            'tmpl'          => 'CMD',
            'tpl'           => 'CMD',
            'id'            => 'STRING',
            'Itemid'        => 'INT',
        ];

If these parameters are sufficient to form a correct URL using Route::_()then you don’t have to change anything. If you need atypical parameters (for example, project_id, cat_id, product_id etc.), then they should be added to the pagination object in the method display() yours View.

<?php
use Joomla\CMS\Factory;

\defined('_JEXEC') or die;

public function display($tpl = null)
{

     $app = Factory::getApplication();
     $this->pagination = $this->get('Pagination');

     // Flag indicates to not add limitstart=0 to URL
     $this->pagination->hideEmptyLimitstart = true;

     // Add additional parameters to pagination url
     $queryParameterList = [
               'catid'      => 'int',
               'project_id' => 'int',
               'language'   => 'string',
     ];

     foreach ($queryParameterList as $parameter => $filter)
     {
          $value = $app->getInput()->get($parameter, null, $filter);

          if (is_null($value))
               {
                    continue;
               }

          $this->pagination->setAdditionalUrlParam($parameter, $value);
     }
  
   // Остальное содержимое метода
}

Please note that for each parameter you need to specify the filter type (Joomla Input – Introduction official documentation): int, string, cmd, word etc.

Also examples for com_finder and com_content on GitHub

Useful resources

Community Resources:

Telegram:

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *