[4.x] - Failure to create new articles in the front end under certain circumstances #36500
Description
Steps to reproduce the issue
In a virgin J4.0.5 site:
- Create a Registered user.
- Create a category and give the group the user belongs to the following permissions for that category: Create, Delete, Edit State & Edit Own.
- Create a menu item of type 'Category List'.
- Login in the front end as the new user.
- Navigate to the Category List.
- Click 'New Article'.
- Enter at least the title and click 'Save'.
Expected result
The new article being succesfully created and showing up in the Category List.
Actual result
A 404 with error message: Invalid field: Start Featured
System information (as much as possible)
Joomla! 4.0.5
Additional comments
I traced the cause of the error to line 501 of the front end article model Joomla\Component\Content\Administrator\Model\ArticleModel (administrator/components/com_content/src/Model/ArticleModel.php). That line and preceeding comment read:
// Get ID of the article from input, for frontend, we use a_id while backend uses id
$articleIdFromInput = (int) $app->input->getInt('a_id') ?: $app->input->getInt('id', 0);
First of all I wonder why the back end id is checked in a front end model.
Secondly, the id obtained from $app->input can apparently contain a value other than the record id (didn't check but it looks like the category id). This sets the $articleIdFromInput to a non 0 value, whereas it should be 0 for new articles. The result is that permission, to edit certain attributes of the the record, are checked against a wrong or invalid record id, eventually resulting in the above mentioned error or unjustified acceptation or rejection of the record.
EDIT: I removed the proposed solution. Thanx to @ReLater who pointed out my stupid mistake.
Maybe this is a better approach:
$articleIdFromInput = $app->isClient('site')
? (int) $app->input->getInt('a_id', 0)
: $app->input->getInt('id', 0);