Bug in the Jumi Module... and a solution

A multipurpose module, plugin and component

Bug in the Jumi Module... and a solution

New postby sitemaker » Tue Jul 21, 2015 2:59 am

I recently updated from a Joomla 1.5 site running an old Jumi version to Joomla 3.4 with the latest Jumi version. The new Jumi module has a serious bug that was not in the old one:

The problem is that mod_jumi doesn't check to see if it has rendered any javascript; it appends a no-script warning to all its output, even if the code it evaluated is pure php that returns only HTML.

This is a serious problem because when the modules are included in newsletters (such as by AcyMailing) the newsletters are peppered with no-javascript warnings all over the place. Worse still, the problem is invisible when previewing the newsletter, but appears when recipients open their mail. The older versions of Jumi never had this problem.

The solution was to patch mod_jumi/tmpl/default.php as shown below. I then made the patched version a template override (i.e., copy it to templates/your-template-name/mod_jumi/default.php )

It would be better if future updates of Jumi would incorporate the fix so I don't have to keep overriding jumi forever. That's why I'm sharing this here.

I don't profess to understand precisely how Jumi works, so if you spot something wrong with my patch, please let me know; however, it does seem to be working.

Every line that I added says "// JLW added" at the end. All the other lines are original.

Code: Select all
/**
* @version   $Id$
* @package   Jumi
* @copyright (C) 2008 - 2010 Martin Hajek, 2011 Edvard Ananyan, 2013 Simon Poghosyan
* @license   GNU/GPL v3 http://www.gnu.org/licenses/gpl.html
*/

defined('_JEXEC') or die('Restricted access');
$JSyes = false; // JLW added
if($code_written.$storage_source != '') { //something to show
  if($code_written != '') //if code written
     if (  strpos($code_written,'<script>') !== false ) $JSyes = true ;  // JLW added
    eval ('?>'.$code_written); //include custom script written

  if($storage_source != '') { // if record id or filepathname
    if(is_int($storage_source)) { //it is record id
      if($code_stored != null) {
      if (  strpos($code_stored,'<script>') !== false ) $JSyes = true ;  // JLW added
                eval ('?>'.$code_stored); //include custom script written
      } else {
                echo '<div style="color:#FF0000;background:#FFFF00;">'.JText::sprintf('ERROR_RECORD', $storage_source).'</div>';
      }
    } else { //it is file
      if(is_readable($storage_source)) {
      $JLW_stored_source = file_get_contents($storage_source) ;  // JLW added
                if (  strpos($JLW_stored_source,'<script>') !== false ) $JSyes = true ; // JLW added
                include($storage_source); //include file
      } else {
                echo '<div style="color:#FF0000;background:#FFFF00;">'.JText::sprintf('ERROR_FILE', $storage_source).'</div>';
      }
    }
  }
} else { //nothing to show
  echo '<div style="color:#FF0000;background:#FFFF00;">'.JText::sprintf('ERROR_CONTENT').'</div>';
}

if ( $JSyes==true  )  { // Only if there is javascript in the output!!!    // JLW added
echo $noscript = '<noscript><strong>JavaScript is currently disabled.</strong>Please enable it for a better experience of <a href="http://2glux.com/projects/jumi">Jumi</a>.</noscript>';
} // JLW added


Note that the patched version should still include the no-script warning if the module is rendering javascript. If not for wanting this, it would have been simpler to just comment out the line that echoes the warning.
Thank you for your attention.
sitemaker
 
Posts: 1
Joined: Tue Jul 21, 2015 2:38 am

Return to Jumi

Who is online

Users browsing this forum: No registered users and 7 guests

cron