Merge commit '54c394d' into 4.0-dev

2024-06-25 23:02:55 +00:00 · 2021-05-03 00:43:44 +01:00 · 2021-05-03 00:43:44 +01:00 · 43542915e8
commit 43542915e8
parent 5ae7cb852d 54c394dc25
14 changed files with 192 additions and 13 deletions
--- a/administrator/components/com_admin/postinstall/behindproxy.php
+++ b/administrator/components/com_admin/postinstall/behindproxy.php
@ -0,0 +1,90 @@
+<?php
+/**
+ * @package     Joomla.Administrator
+ * @subpackage  com_admin
+ *
+ * @copyright   Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved.
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
+ */
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Filesystem\File;
+use Joomla\Registry\Registry;
+use Joomla\Utilities\ArrayHelper;
+
+/**
+ * Notifies users of the new Behind Load Balancer option in Global Config, if we detect they might be behind a proxy
+ *
+ * @return  boolean
+ *
+ * @since   3.9.26
+ */
+function admin_postinstall_behindproxy_condition()
+{
+	$app = JFactory::getApplication();
+
+	if ($app->get('behind_loadbalancer', '0'))
+	{
+		return false;
+	}
+
+	if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) && !empty($_SERVER['HTTP_X_FORWARDED_FOR']))
+	{
+		return true;
+	}
+
+	if (array_key_exists('HTTP_CLIENT_IP', $_SERVER) && !empty($_SERVER['HTTP_CLIENT_IP']))
+	{
+		return true;
+	}
+
+	return false;
+}
+
+
+/**
+ * Enables the Behind Load Balancer setting in Global Configuration
+ *
+ * @return  void
+ *
+ * @since   3.9.26
+ */
+function behindproxy_postinstall_action()
+{
+	$prev = ArrayHelper::fromObject(new JConfig);
+	$data = array_merge($prev, array('behind_loadbalancer' => '1'));
+
+	$config = new Registry($data);
+
+	jimport('joomla.filesystem.path');
+	jimport('joomla.filesystem.file');
+
+	// Set the configuration file path.
+	$file = JPATH_CONFIGURATION . '/configuration.php';
+
+	// Get the new FTP credentials.
+	$ftp = JClientHelper::getCredentials('ftp', true);
+
+	// Attempt to make the file writeable if using FTP.
+	if (!$ftp['enabled'] && JPath::isOwner($file) && !JPath::setPermissions($file, '0644'))
+	{
+		JError::raiseNotice(500, JText::_('COM_CONFIG_ERROR_CONFIGURATION_PHP_NOTWRITABLE'));
+	}
+
+	// Attempt to write the configuration file as a PHP class named JConfig.
+	$configuration = $config->toString('PHP', array('class' => 'JConfig', 'closingtag' => false));
+
+	if (!File::write($file, $configuration))
+	{
+		JFactory::getApplication()->enqueueMessage(JText::_('COM_CONFIG_ERROR_WRITE_FAILED'), 'error');
+
+		return;
+	}
+
+	// Attempt to make the file unwriteable if NOT using FTP.
+	if (!$ftp['enabled'] && JPath::isOwner($file) && !JPath::setPermissions($file, '0444'))
+	{
+		JError::raiseNotice(500, JText::_('COM_CONFIG_ERROR_CONFIGURATION_PHP_NOTUNWRITABLE'));
+	}
+}
--- a/administrator/components/com_admin/sql/updates/mysql/3.9.26-2021-04-07.sql
+++ b/administrator/components/com_admin/sql/updates/mysql/3.9.26-2021-04-07.sql
@ -0,0 +1,3 @@
+INSERT INTO `#__postinstall_messages` (`extension_id`, `title_key`, `description_key`, `action_key`, `language_extension`, `language_client_id`, `type`, `version_introduced`, `enabled`, `condition_file`, `condition_method`, `action_file`, `action`)
+VALUES
+(700, 'COM_ADMIN_POSTINSTALL_MSG_BEHIND_LOAD_BALANCER_TITLE', 'COM_ADMIN_POSTINSTALL_MSG_BEHIND_LOAD_BALANCER_DESCRIPTION', 'COM_ADMIN_POSTINSTALL_MSG_BEHIND_LOAD_BALANCER_ACTION', 'com_admin', 1, 'action', '3.9.26', 1, 'admin://components/com_admin/postinstall/behindproxy.php', 'admin_postinstall_behindproxy_condition', 'admin://components/com_admin/postinstall/behindproxy.php', 'behindproxy_postinstall_action');
--- a/administrator/components/com_admin/sql/updates/postgresql/3.9.26-2021-04-07.sql
+++ b/administrator/components/com_admin/sql/updates/postgresql/3.9.26-2021-04-07.sql
@ -0,0 +1,3 @@
+INSERT INTO "#__postinstall_messages" ("extension_id", "title_key", "description_key", "action_key", "language_extension", "language_client_id", "type", "version_introduced", "enabled", "condition_file", "condition_method", "action_file", "action")
+VALUES
+(700, 'COM_ADMIN_POSTINSTALL_MSG_BEHIND_LOAD_BALANCER_TITLE', 'COM_ADMIN_POSTINSTALL_MSG_BEHIND_LOAD_BALANCER_DESCRIPTION', 'COM_ADMIN_POSTINSTALL_MSG_BEHIND_LOAD_BALANCER_ACTION', 'com_admin', 1, 'action', '3.9.26', 1, 'admin://components/com_admin/postinstall/behindproxy.php', 'admin_postinstall_behindproxy_condition', 'admin://components/com_admin/postinstall/behindproxy.php', 'behindproxy_postinstall_action');
--- a/administrator/components/com_config/forms/application.xml
+++ b/administrator/components/com_config/forms/application.xml
@ -444,6 +444,19 @@
 		name="proxy"
 		label="CONFIG_PROXY_SETTINGS_LABEL">

+		<field
+			name="behind_loadbalancer"
+			type="radio"
+			label="COM_CONFIG_FIELD_LOADBALANCER_ENABLE_LABEL"
+			description="COM_CONFIG_FIELD_LOADBALANCER_ENABLE_DESC"
+			class="btn-group btn-group-yesno"
+			default="0"
+			filter="integer"
+			>
+			<option value="1">JYES</option>
+			<option value="0">JNO</option>
+		</field>
+
 		<field
 			name="proxy_enable"
 			type="radio"
@ -863,6 +876,7 @@
 			name="force_ssl"
 			type="list"
 			label="COM_CONFIG_FIELD_FORCE_SSL_LABEL"
+			description="COM_CONFIG_FIELD_FORCE_SSL_DESC"
 			default="-1"
 			filter="integer"
 			validate="options"
--- a/administrator/components/com_config/src/Model/ApplicationModel.php
+++ b/administrator/components/com_config/src/Model/ApplicationModel.php
@ -115,6 +115,12 @@ class ApplicationModel extends FormModel
 		// Merge in the session data.
 		if (!empty($temp))
 		{
+			// $temp can sometimes be an object, and we need it to be an array
+			if (is_object($temp))
+			{
+				$temp = ArrayHelper::fromObject($temp);
+			}
+
 			$data = array_merge($temp, $data);
 		}

--- a/administrator/components/com_installer/src/Model/UpdatesitesModel.php
+++ b/administrator/components/com_installer/src/Model/UpdatesitesModel.php
@ -444,6 +444,9 @@ class UpdatesitesModel extends InstallerModel
 		{
 			$app->enqueueMessage(Text::_('COM_INSTALLER_MSG_UPDATESITES_REBUILD_MESSAGE'), 'message');
 		}
+
+		// Flush the system cache to ensure extra_query is correctly loaded next time.
+		$this->cleanCache('_system', 1);
 	}

 	/**
--- a/administrator/includes/framework.php
+++ b/administrator/includes/framework.php
@ -9,6 +9,7 @@
 defined('_JEXEC') or die;

 use Joomla\CMS\Version;
+use Joomla\Utilities\IpHelper;

 // System includes
 require_once JPATH_LIBRARIES . '/bootstrap.php';
@ -87,4 +88,21 @@ if (JDEBUG || $config->error_reporting === 'maximum')
 	);
 }

+/**
+ * Correctly set the allowing of IP Overrides if behind a trusted proxy/load balancer.
+ *
+ * We need to do this as high up the stack as we can, as the default in \Joomla\Utilities\IpHelper is to
+ * $allowIpOverride = true which is the wrong default for a generic site NOT behind a trusted proxy/load balancer.
+ */
+if (property_exists($config, 'behind_loadbalancer') && $config->behind_loadbalancer == 1)
+{
+	// If Joomla is configured to be behind a trusted proxy/load balancer, allow HTTP Headers to override the REMOTE_ADDR
+	IpHelper::setAllowIpOverrides(true);
+}
+else
+{
+	// We disable the allowing of IP overriding using headers by default.
+	IpHelper::setAllowIpOverrides(false);
+}
+
 unset($config);
--- a/administrator/language/en-GB/com_admin.ini
+++ b/administrator/language/en-GB/com_admin.ini
@ -135,6 +135,9 @@ COM_ADMIN_PHP_SETTINGS="PHP Settings"
 COM_ADMIN_PHP_VERSION="PHP Version"
 COM_ADMIN_PHPINFO_DISABLED="The built in phpinfo() function has been disabled by your host."
 COM_ADMIN_POST_MAX_SIZE="Post Max Size"
+COM_ADMIN_POSTINSTALL_MSG_BEHIND_LOAD_BALANCER_ACTION="Enable Behind Load Balancer Setting"
+COM_ADMIN_POSTINSTALL_MSG_BEHIND_LOAD_BALANCER_DESCRIPTION="<p>For Joomla sites hosted behind Load Balancers and Reverse Proxies a new Global Configuration setting has been introduced with Joomla 3.9.26</p><p>This setting, when enabled, will allow your Load Balancer/Reverse Proxy to provide the real IP address of your visitors. This IP will then be used in your Action Logs and used for tracking voting on articles (if these features are enabled).</p><p><strong>Only sites behind a Load Balance/Reverse Proxy will wish to enable this feature.</strong></p>"
+COM_ADMIN_POSTINSTALL_MSG_BEHIND_LOAD_BALANCER_TITLE="New Server Setting \"Behind Load Balancer\""
 COM_ADMIN_POSTINSTALL_MSG_HTACCESS_AUTOINDEX_DESCRIPTION="<p>Before 3.9.22 the default htaccess.txt file contained erroneous code meant for disabling directory listings. The security team recommends to manually apply the necessary changes to any existing .htaccess file, as this file can not be updated automatically.</p><p>The old code:</p><pre>&lt;IfModule autoindex&gt;\n  IndexIgnore *\n&lt;/IfModule&gt;</pre><p>The new code:</p><pre>&lt;IfModule mod_autoindex.c&gt;\n  IndexIgnore *\n&lt;/IfModule&gt;</pre>"
 COM_ADMIN_POSTINSTALL_MSG_HTACCESS_AUTOINDEX_TITLE=".htaccess Update Concerning Directory Listings"
 COM_ADMIN_SAVE_SUCCESS="Profile saved."
--- a/administrator/language/en-GB/com_config.ini
+++ b/administrator/language/en-GB/com_config.ini
@ -82,6 +82,7 @@ COM_CONFIG_FIELD_FILTERS_NO_FILTER="No Filtering"
 COM_CONFIG_FIELD_FILTERS_NO_HTML="No HTML"
 COM_CONFIG_FIELD_FILTERS_ALLOWED_LIST="Allowed List"
 COM_CONFIG_FIELD_FORCE_SSL_LABEL="Force HTTPS"
+COM_CONFIG_FIELD_FORCE_SSL_DESC="HTTPS must be enabled on your server or load balancer to utilise this option. Enable 'Behind Load Balancer' if your SSL terminates on your load balancer but your site is served on http on its webserver."
 COM_CONFIG_FIELD_FTP_ENABLE_LABEL="Enable FTP"
 COM_CONFIG_FIELD_FTP_HOST_LABEL="FTP Host"
 COM_CONFIG_FIELD_FTP_PASSWORD_LABEL="FTP Password"
@ -90,6 +91,8 @@ COM_CONFIG_FIELD_FTP_ROOT_LABEL="FTP Root"
 COM_CONFIG_FIELD_FTP_USERNAME_LABEL="FTP Username"
 COM_CONFIG_FIELD_GZIP_COMPRESSION_LABEL="Gzip Page Compression"
 COM_CONFIG_FIELD_HTMLBODY_LABEL="HTML Body"
+COM_CONFIG_FIELD_LOADBALANCER_ENABLE_DESC="If your site is behind a load balancer or reverse proxy, enable this setting so that IP addresses and other configurations within Joomla automatically take this into account."
+COM_CONFIG_FIELD_LOADBALANCER_ENABLE_LABEL="Behind Load Balancer"
 COM_CONFIG_FIELD_LOG_CATEGORIES_DESC="A comma separated list of log categories to include. Common log categories include but are not limited to: database, databasequery, database-error, deprecated and jerror. If empty, all categories will be shown."
 COM_CONFIG_FIELD_LOG_CATEGORIES_LABEL="Log Categories"
 COM_CONFIG_FIELD_LOG_CATEGORY_MODE_EXCLUDE="Exclude"
@ -132,11 +135,11 @@ COM_CONFIG_FIELD_METADESC_LABEL="Site Meta Description"
 COM_CONFIG_FIELD_METAVERSION_LABEL="Joomla Version"
 COM_CONFIG_FIELD_OFFLINE_IMAGE_LABEL="Offline Image"
 COM_CONFIG_FIELD_OFFLINE_MESSAGE_LABEL="Custom Message"
-COM_CONFIG_FIELD_PROXY_ENABLE_LABEL="Enable Proxy"
-COM_CONFIG_FIELD_PROXY_HOST_LABEL="Proxy Host"
-COM_CONFIG_FIELD_PROXY_PASSWORD_LABEL="Proxy Password"
-COM_CONFIG_FIELD_PROXY_PORT_LABEL="Proxy Port"
-COM_CONFIG_FIELD_PROXY_USERNAME_LABEL="Proxy Username"
+COM_CONFIG_FIELD_PROXY_ENABLE_LABEL="Enable Outbound Proxy"
+COM_CONFIG_FIELD_PROXY_HOST_LABEL="Outbound Proxy Host"
+COM_CONFIG_FIELD_PROXY_PASSWORD_LABEL="Outbound Proxy Password"
+COM_CONFIG_FIELD_PROXY_PORT_LABEL="Outbound Proxy Port"
+COM_CONFIG_FIELD_PROXY_USERNAME_LABEL="Outbound Proxy Username"
 COM_CONFIG_FIELD_REDIS_AUTH_LABEL="Redis Server Authentication"
 COM_CONFIG_FIELD_REDIS_DB_LABEL="Redis Database"
 COM_CONFIG_FIELD_REDIS_HOST_LABEL="Redis Server Host"
--- a/api/includes/framework.php
+++ b/api/includes/framework.php
@ -9,6 +9,7 @@
 defined('_JEXEC') or die;

 use Joomla\CMS\Version;
+use Joomla\Utilities\IpHelper;

 // System includes
 require_once JPATH_LIBRARIES . '/bootstrap.php';
@ -92,4 +93,21 @@ if (JDEBUG || $config->error_reporting === 'maximum')
 	);
 }

+/**
+ * Correctly set the allowing of IP Overrides if behind a trusted proxy/load balancer.
+ *
+ * We need to do this as high up the stack as we can, as the default in \Joomla\Utilities\IpHelper is to
+ * $allowIpOverride = true which is the wrong default for a generic site NOT behind a trusted proxy/load balancer.
+ */
+if (property_exists($config, 'behind_loadbalancer') && $config->behind_loadbalancer == 1)
+{
+	// If Joomla is configured to be behind a trusted proxy/load balancer, allow HTTP Headers to override the REMOTE_ADDR
+	IpHelper::setAllowIpOverrides(true);
+}
+else
+{
+	// We disable the allowing of IP overriding using headers by default.
+	IpHelper::setAllowIpOverrides(false);
+}
+
 unset($config);
--- a/includes/framework.php
+++ b/includes/framework.php
@ -9,6 +9,7 @@
 defined('_JEXEC') or die;

 use Joomla\CMS\Version;
+use Joomla\Utilities\IpHelper;

 // System includes
 require_once JPATH_LIBRARIES . '/bootstrap.php';
@ -90,4 +91,21 @@ if (JDEBUG || $config->error_reporting === 'maximum')
 	);
 }

+/**
+ * Correctly set the allowing of IP Overrides if behind a trusted proxy/load balancer.
+ *
+ * We need to do this as high up the stack as we can, as the default in \Joomla\Utilities\IpHelper is to
+ * $allowIpOverride = true which is the wrong default for a generic site NOT behind a trusted proxy/load balancer.
+ */
+if (property_exists($config, 'behind_loadbalancer') && $config->behind_loadbalancer == 1)
+{
+	// If Joomla is configured to be behind a trusted proxy/load balancer, allow HTTP Headers to override the REMOTE_ADDR
+	IpHelper::setAllowIpOverrides(true);
+}
+else
+{
+	// We disable the allowing of IP overriding using headers by default.
+	IpHelper::setAllowIpOverrides(false);
+}
+
 unset($config);
--- a/libraries/src/Installer/Installer.php
+++ b/libraries/src/Installer/Installer.php
@ -125,7 +125,7 @@ class Installer extends Adapter
 	 * Backup extra_query during update_sites rebuild
 	 *
 	 * @var    string
-	 * @since  __DEPLOY_VERSION__
+	 * @since  3.9.26
 	 */
 	public $extraQuery = '';

--- a/libraries/src/Menu/AbstractMenu.php
+++ b/libraries/src/Menu/AbstractMenu.php
@ -58,7 +58,7 @@ abstract class AbstractMenu
 	 * User object to check access levels for
 	 *
 	 * @var    User
-	 * @since  3.9
+	 * @since  3.9.26
 	 */
 	protected $storedUser;

@ -125,7 +125,7 @@ abstract class AbstractMenu
 	 *
 	 * @return null
 	 *
-	 * @since __DEPLOY_VERSION__
+	 * @since 3.9.26
 	 */
 	public function setUser($user)
 	{
@ -386,7 +386,7 @@ abstract class AbstractMenu
 	 *
 	 * @return User
 	 *
-	 * @since __DEPLOY_VERSION__
+	 * @since 3.9.26
 	 */
 	protected function getUser()
 	{
@ -407,7 +407,7 @@ abstract class AbstractMenu
 	 *
 	 * @return User|null
 	 *
-	 * @since __DEPLOY_VERSION__
+	 * @since 3.9.26
 	 */
 	public function __get($propName)
 	{
--- a/tests/Unit/Libraries/Cms/Form/Rule/FilePathRuleTest.php
+++ b/tests/Unit/Libraries/Cms/Form/Rule/FilePathRuleTest.php
@ -17,7 +17,7 @@ use Joomla\Tests\Unit\UnitTestCase;
 *
 * @package     Joomla.UnitTest
 * @subpackage  Form
- * @since       __DEPLOY_VERSION__
+ * @since       3.9.26
 */
 class FilePathRuleTest extends UnitTestCase
 {
@ -26,7 +26,7 @@ class FilePathRuleTest extends UnitTestCase
 	 *
 	 * @return  array
 	 *
-	 * @since   __DEPLOY_VERSION__
+	 * @since   3.9.26
 	 */
 	public function dataTest(): array
 	{
@ -78,7 +78,7 @@ class FilePathRuleTest extends UnitTestCase
 	 *
 	 * @return  void
 	 *
-	 * @since   __DEPLOY_VERSION__
+	 * @since   3.9.26
 	 * @dataProvider dataTest
 	 */
 	public function testRule($expected, $element, $value)