joomla
/
cms
mirror of https://github.com/joomla/joomla-cms.git
29
0
Fork 0
Code Packages Releases Activity

Joomla 4.4.3 Stable

This commit is contained in:
Martin Kopp 2024-02-19 15:44:22 +01:00
parent 9ea824aee9
commit 55f2082f32
No known key found for this signature in database
GPG Key ID: 8B7B8481AA0AD79D
52 changed files with 199 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
administrator/components/com_banners/forms/banner.xml
View File

@ -301,6 +301,9 @@
<field <field
name="imageurl" name="imageurl"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_BANNERS_FIELD_IMAGE_LABEL" label="COM_BANNERS_FIELD_IMAGE_LABEL"
directory="banners" directory="banners"
hide_none="1" hide_none="1"

3
administrator/components/com_categories/forms/category.xml
View File

@ -234,6 +234,9 @@
<field <field
name="image" name="image"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_CATEGORIES_FIELD_IMAGE_LABEL" label="COM_CATEGORIES_FIELD_IMAGE_LABEL"
/> />

3
administrator/components/com_config/forms/application.xml
View File

@ -1022,6 +1022,9 @@
<field <field
name="offline_image" name="offline_image"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_CONFIG_FIELD_OFFLINE_IMAGE_LABEL" label="COM_CONFIG_FIELD_OFFLINE_IMAGE_LABEL"
showon="offline:1" showon="offline:1"
/> />

24
administrator/components/com_contact/config.xml
View File

@ -253,6 +253,9 @@
<field <field
name="image" name="image"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_CONTACT_FIELD_PARAMS_IMAGE_LABEL" label="COM_CONTACT_FIELD_PARAMS_IMAGE_LABEL"
default="" default=""
showon="show_info:1[AND]show_image:1" showon="show_info:1[AND]show_image:1"
@ -410,6 +413,9 @@
<field <field
name="icon_address" name="icon_address"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_CONTACT_FIELD_ICONS_ADDRESS_LABEL" label="COM_CONTACT_FIELD_ICONS_ADDRESS_LABEL"
hide_none="1" hide_none="1"
default="" default=""
@ -419,6 +425,9 @@
<field <field
name="icon_email" name="icon_email"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_CONTACT_FIELD_ICONS_EMAIL_LABEL" label="COM_CONTACT_FIELD_ICONS_EMAIL_LABEL"
hide_none="1" hide_none="1"
default="" default=""
@ -428,6 +437,9 @@
<field <field
name="icon_telephone" name="icon_telephone"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_CONTACT_FIELD_ICONS_TELEPHONE_LABEL" label="COM_CONTACT_FIELD_ICONS_TELEPHONE_LABEL"
hide_none="1" hide_none="1"
default="" default=""
@ -437,6 +449,9 @@
<field <field
name="icon_mobile" name="icon_mobile"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_CONTACT_FIELD_ICONS_MOBILE_LABEL" label="COM_CONTACT_FIELD_ICONS_MOBILE_LABEL"
hide_none="1" hide_none="1"
default="" default=""
@ -446,6 +461,9 @@
<field <field
name="icon_fax" name="icon_fax"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_CONTACT_FIELD_ICONS_FAX_LABEL" label="COM_CONTACT_FIELD_ICONS_FAX_LABEL"
hide_none="1" hide_none="1"
default="" default=""
@ -455,6 +473,9 @@
<field <field
name="icon_webpage" name="icon_webpage"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_CONTACT_FIELD_ICONS_WEBPAGE_LABEL" label="COM_CONTACT_FIELD_ICONS_WEBPAGE_LABEL"
hide_none="1" hide_none="1"
default="" default=""
@ -464,6 +485,9 @@
<field <field
name="icon_misc" name="icon_misc"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_CONTACT_FIELD_ICONS_MISC_LABEL" label="COM_CONTACT_FIELD_ICONS_MISC_LABEL"
hide_none="1" hide_none="1"
default="" default=""

3
administrator/components/com_contact/forms/contact.xml
View File

@ -211,6 +211,9 @@
<field <field
name="image" name="image"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_CONTACT_FIELD_PARAMS_IMAGE_LABEL" label="COM_CONTACT_FIELD_PARAMS_IMAGE_LABEL"
hide_none="1" hide_none="1"
/> />

6
administrator/components/com_content/forms/article.xml
View File

@ -723,6 +723,9 @@
name="image_intro" name="image_intro"
type="media" type="media"
label="COM_CONTENT_FIELD_INTRO_LABEL" label="COM_CONTENT_FIELD_INTRO_LABEL"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
/> />
<field <field
@ -759,6 +762,9 @@
<field <field
name="image_fulltext" name="image_fulltext"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_CONTENT_FIELD_FULL_LABEL" label="COM_CONTENT_FIELD_FULL_LABEL"
/> />

2
administrator/components/com_languages/tmpl/installed/default.php
View File

@ -120,7 +120,7 @@ $listDirn = $this->escape($this->state->get('list.direction'));
<?php echo $this->escape($row->author); ?> <?php echo $this->escape($row->author); ?>
</td> </td>
<td class="d-none d-md-table-cell text-center"> <td class="d-none d-md-table-cell text-center">
<?php echo PunycodeHelper::emailToUTF8($this->escape($row->authorEmail)); ?> <?php echo $this->escape(PunycodeHelper::emailToUTF8($row->authorEmail)); ?>
</td> </td>
<td class="d-none d-md-table-cell text-center"> <td class="d-none d-md-table-cell text-center">
<?php echo $this->escape($row->extension_id); ?> <?php echo $this->escape($row->extension_id); ?>

3
administrator/components/com_menus/forms/item_alias.xml
View File

@ -58,6 +58,9 @@
<field <field
name="menu_image" name="menu_image"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL" label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL"
/> />

3
administrator/components/com_menus/forms/item_component.xml
View File

@ -27,6 +27,9 @@
<field <field
name="menu_image" name="menu_image"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL" label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL"
/> />

3
administrator/components/com_menus/forms/item_heading.xml
View File

@ -28,6 +28,9 @@
<field <field
name="menu_image" name="menu_image"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL" label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL"
/> />

3
administrator/components/com_menus/forms/item_separator.xml
View File

@ -23,6 +23,9 @@
<field <field
name="menu_image" name="menu_image"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL" label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL"
/> />

3
administrator/components/com_menus/forms/item_url.xml
View File

@ -54,6 +54,9 @@
<field <field
name="menu_image" name="menu_image"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL" label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL"
/> />

3
administrator/components/com_menus/forms/itemadmin_alias.xml
View File

@ -38,6 +38,9 @@
<field <field
name="menu_image" name="menu_image"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL" label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL"
/> />

3
administrator/components/com_menus/forms/itemadmin_component.xml
View File

@ -22,6 +22,9 @@
<field <field
name="menu_image" name="menu_image"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL" label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL"
/> />

3
administrator/components/com_menus/forms/itemadmin_container.xml
View File

@ -35,6 +35,9 @@
<field <field
name="menu_image" name="menu_image"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL" label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL"
/> />

3
administrator/components/com_menus/forms/itemadmin_heading.xml
View File

@ -35,6 +35,9 @@
<field <field
name="menu_image" name="menu_image"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL" label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL"
/> />

3
administrator/components/com_menus/forms/itemadmin_url.xml
View File

@ -52,6 +52,9 @@
<field <field
name="menu_image" name="menu_image"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL" label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL"
/> />

6
administrator/components/com_newsfeeds/forms/newsfeed.xml
View File

@ -242,6 +242,9 @@
<field <field
name="image_first" name="image_first"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_NEWSFEEDS_FIELD_FIRST_LABEL" label="COM_NEWSFEEDS_FIELD_FIRST_LABEL"
/> />
@ -285,6 +288,9 @@
<field <field
name="image_second" name="image_second"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_NEWSFEEDS_FIELD_SECOND_LABEL" label="COM_NEWSFEEDS_FIELD_SECOND_LABEL"
/> />

2
administrator/components/com_privacy/tmpl/requests/default.php
View File

@ -98,7 +98,7 @@ $urgentRequestDate->sub(new DateInterval('P' . $this->urgentRequestAge . 'D'));
<span class="float-end badge bg-danger"><?php echo Text::_('COM_PRIVACY_BADGE_URGENT_REQUEST'); ?></span> <span class="float-end badge bg-danger"><?php echo Text::_('COM_PRIVACY_BADGE_URGENT_REQUEST'); ?></span>
<?php endif; ?> <?php endif; ?>
<a href="<?php echo Route::_('index.php?option=com_privacy&view=request&id=' . (int) $item->id); ?>" title="<?php echo Text::_('COM_PRIVACY_ACTION_VIEW'); ?>"> <a href="<?php echo Route::_('index.php?option=com_privacy&view=request&id=' . (int) $item->id); ?>" title="<?php echo Text::_('COM_PRIVACY_ACTION_VIEW'); ?>">
<?php echo PunycodeHelper::emailToUTF8($this->escape($item->email)); ?> <?php echo $this->escape(PunycodeHelper::emailToUTF8($item->email)); ?>
</a> </a>
</th> </th>
<td> <td>

3
administrator/components/com_tags/config.xml
View File

@ -73,6 +73,9 @@
<field <field
name="tag_list_image" name="tag_list_image"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_TAGS_TAG_LIST_MEDIA_LABEL" label="COM_TAGS_TAG_LIST_MEDIA_LABEL"
/> />

6
administrator/components/com_tags/forms/tag.xml
View File

@ -248,6 +248,9 @@
<field <field
name="image_intro" name="image_intro"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_TAGS_FIELD_INTRO_LABEL" label="COM_TAGS_FIELD_INTRO_LABEL"
/> />
@ -280,6 +283,9 @@
<field <field
name="image_fulltext" name="image_fulltext"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_TAGS_FIELD_FULL_LABEL" label="COM_TAGS_FIELD_FULL_LABEL"
/> />

4
administrator/components/com_users/src/Controller/MethodController.php
View File

@ -21,6 +21,7 @@ use Joomla\CMS\Uri\Uri;
use Joomla\CMS\User\User; use Joomla\CMS\User\User;
use Joomla\CMS\User\UserFactoryAwareInterface; use Joomla\CMS\User\UserFactoryAwareInterface;
use Joomla\CMS\User\UserFactoryAwareTrait; use Joomla\CMS\User\UserFactoryAwareTrait;
use Joomla\CMS\User\UserHelper;
use Joomla\Component\Users\Administrator\Helper\Mfa as MfaHelper; use Joomla\Component\Users\Administrator\Helper\Mfa as MfaHelper;
use Joomla\Component\Users\Administrator\Model\BackupcodesModel; use Joomla\Component\Users\Administrator\Model\BackupcodesModel;
use Joomla\Component\Users\Administrator\Model\MethodModel; use Joomla\Component\Users\Administrator\Model\MethodModel;
@ -387,6 +388,9 @@ class MethodController extends BaseControllerAlias implements UserFactoryAwareIn
return; return;
} }
// Method updated, destroy other active sessions
UserHelper::destroyUserSessions($userId, true);
$this->setRedirect($url); $this->setRedirect($url);
} }

2
administrator/components/com_users/tmpl/users/default.php
View File

@ -187,7 +187,7 @@ $mfa = PluginHelper::isEnabled('multifactorauth');
</a> </a>
</td> </td>
<td class="d-none d-xl-table-cell break-word"> <td class="d-none d-xl-table-cell break-word">
<?php echo PunycodeHelper::emailToUTF8($this->escape($item->email)); ?> <?php echo $this->escape(PunycodeHelper::emailToUTF8($item->email)); ?>
</td> </td>
<td class="d-none d-xl-table-cell"> <td class="d-none d-xl-table-cell">
<?php if ($item->lastvisitDate !== null) : ?> <?php if ($item->lastvisitDate !== null) : ?>

2
administrator/language/en-GB/install.xml
View File

@ -3,7 +3,7 @@
<name>English (en-GB)</name> <name>English (en-GB)</name>
<tag>en-GB</tag> <tag>en-GB</tag>
<version>4.4.3</version> <version>4.4.3</version>
<creationDate>2024-01</creationDate> <creationDate>2024-02</creationDate>
<author>Joomla! Project</author> <author>Joomla! Project</author>
<authorEmail>admin@joomla.org</authorEmail> <authorEmail>admin@joomla.org</authorEmail>
<authorUrl>www.joomla.org</authorUrl> <authorUrl>www.joomla.org</authorUrl>

2
administrator/language/en-GB/langmetadata.xml
View File

@ -2,7 +2,7 @@
<metafile client="administrator"> <metafile client="administrator">
<name>English (en-GB)</name> <name>English (en-GB)</name>
<version>4.4.3</version> <version>4.4.3</version>
<creationDate>2024-01</creationDate> <creationDate>2024-02</creationDate>
<author>Joomla! Project</author> <author>Joomla! Project</author>
<authorEmail>admin@joomla.org</authorEmail> <authorEmail>admin@joomla.org</authorEmail>
<authorUrl>www.joomla.org</authorUrl> <authorUrl>www.joomla.org</authorUrl>

1
administrator/language/en-GB/lib_joomla.ini
View File

@ -345,6 +345,7 @@ JLIB_FORM_VALIDATE_FIELD_INVALID="Invalid field: %s"
JLIB_FORM_VALIDATE_FIELD_REQUIRED="Field required: %s" JLIB_FORM_VALIDATE_FIELD_REQUIRED="Field required: %s"
JLIB_FORM_VALIDATE_FIELD_RULE_MISSING="Validation Rule missing: %s" JLIB_FORM_VALIDATE_FIELD_RULE_MISSING="Validation Rule missing: %s"
JLIB_FORM_VALIDATE_FIELD_URL_SCHEMA_MISSING="Invalid URL: URL schema is missing in %1$s. Please add one of the following at the beginning: %2$s." JLIB_FORM_VALIDATE_FIELD_URL_SCHEMA_MISSING="Invalid URL: URL schema is missing in %1$s. Please add one of the following at the beginning: %2$s."
JLIB_FORM_VALIDATE_FIELD_URL_INJECTION_DETECTED="Invalid URL: A code injection has been detected in %1$s."
JLIB_FORM_VALUE_CACHE_APCU="APC User Cache" JLIB_FORM_VALUE_CACHE_APCU="APC User Cache"
JLIB_FORM_VALUE_CACHE_FILE="File" JLIB_FORM_VALUE_CACHE_FILE="File"
JLIB_FORM_VALUE_CACHE_MEMCACHED="Memcached (Experimental)" JLIB_FORM_VALUE_CACHE_MEMCACHED="Memcached (Experimental)"

4
administrator/manifests/files/joomla.xml
View File

@ -6,8 +6,8 @@
<authorUrl>www.joomla.org</authorUrl> <authorUrl>www.joomla.org</authorUrl>
<copyright>(C) 2019 Open Source Matters, Inc.</copyright> <copyright>(C) 2019 Open Source Matters, Inc.</copyright>
<license>GNU General Public License version 2 or later; see LICENSE.txt</license> <license>GNU General Public License version 2 or later; see LICENSE.txt</license>
<version>4.4.3-dev</version> <version>4.4.3</version>
<creationDate>2024-01</creationDate> <creationDate>2024-02</creationDate>
<description>FILES_JOOMLA_XML_DESCRIPTION</description> <description>FILES_JOOMLA_XML_DESCRIPTION</description>
<scriptfile>administrator/components/com_admin/script.php</scriptfile> <scriptfile>administrator/components/com_admin/script.php</scriptfile>

2
administrator/manifests/packages/pkg_en-GB.xml
View File

@ -3,7 +3,7 @@
<name>English (en-GB) Language Pack</name> <name>English (en-GB) Language Pack</name>
<packagename>en-GB</packagename> <packagename>en-GB</packagename>
<version>4.4.3.1</version> <version>4.4.3.1</version>
<creationDate>2024-01</creationDate> <creationDate>2024-02</creationDate>
<author>Joomla! Project</author> <author>Joomla! Project</author>
<authorEmail>admin@joomla.org</authorEmail> <authorEmail>admin@joomla.org</authorEmail>
<authorUrl>www.joomla.org</authorUrl> <authorUrl>www.joomla.org</authorUrl>

9
administrator/templates/atum/templateDetails.xml
View File

@ -111,6 +111,9 @@
<field <field
name="loginLogo" name="loginLogo"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="TPL_ATUM_IMAGE_LABEL" label="TPL_ATUM_IMAGE_LABEL"
/> />
<field <field
@ -129,6 +132,9 @@
<field <field
name="logoBrandLarge" name="logoBrandLarge"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="TPL_ATUM_IMAGE_LABEL" label="TPL_ATUM_IMAGE_LABEL"
/> />
<field <field
@ -147,6 +153,9 @@
<field <field
name="logoBrandSmall" name="logoBrandSmall"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="TPL_ATUM_IMAGE_LABEL" label="TPL_ATUM_IMAGE_LABEL"
/> />
<field <field

2
api/language/en-GB/install.xml
View File

@ -3,7 +3,7 @@
<name>English (en-GB)</name> <name>English (en-GB)</name>
<tag>en-GB</tag> <tag>en-GB</tag>
<version>4.4.3</version> <version>4.4.3</version>
<creationDate>2024-01</creationDate> <creationDate>2024-02</creationDate>
<author>Joomla! Project</author> <author>Joomla! Project</author>
<authorEmail>admin@joomla.org</authorEmail> <authorEmail>admin@joomla.org</authorEmail>
<authorUrl>www.joomla.org</authorUrl> <authorUrl>www.joomla.org</authorUrl>

2
api/language/en-GB/langmetadata.xml
View File

@ -2,7 +2,7 @@
<metafile client="api"> <metafile client="api">
<name>English (en-GB)</name> <name>English (en-GB)</name>
<version>4.4.3</version> <version>4.4.3</version>
<creationDate>2024-01</creationDate> <creationDate>2024-02</creationDate>
<author>Joomla! Project</author> <author>Joomla! Project</author>
<authorEmail>admin@joomla.org</authorEmail> <authorEmail>admin@joomla.org</authorEmail>
<authorUrl>www.joomla.org</authorUrl> <authorUrl>www.joomla.org</authorUrl>

3
components/com_contact/forms/form.xml
View File

@ -111,6 +111,9 @@
<field <field
name="image" name="image"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_CONTACT_FIELD_PARAMS_IMAGE_LABEL" label="COM_CONTACT_FIELD_PARAMS_IMAGE_LABEL"
hide_none="1" hide_none="1"
/> />

2
components/com_contact/tmpl/contact/default_address.php
View File

@ -152,7 +152,7 @@ $icon = $this->params->get('contact_icons') == 0;
<dd> <dd>
<span class="contact-webpage"> <span class="contact-webpage">
<a href="<?php echo $this->item->webpage; ?>" target="_blank" rel="noopener noreferrer" itemprop="url"> <a href="<?php echo $this->item->webpage; ?>" target="_blank" rel="noopener noreferrer" itemprop="url">
<?php echo PunycodeHelper::urlToUTF8($this->item->webpage); ?></a> <?php echo $this->escape(PunycodeHelper::urlToUTF8($this->item->webpage)); ?></a>
</span> </span>
</dd> </dd>
<?php endif; ?> <?php endif; ?>

4
components/com_contact/tmpl/contact/default_profile.php
View File

@ -30,9 +30,9 @@ use Joomla\CMS\String\PunycodeHelper;
$v_http = substr($profile->value, 0, 4); $v_http = substr($profile->value, 0, 4);
if ($v_http === 'http') : if ($v_http === 'http') :
echo '<dd><a href="' . $profile->text . '">' . PunycodeHelper::urlToUTF8($profile->text) . '</a></dd>'; echo '<dd><a href="' . $profile->text . '">' . $this->escape(PunycodeHelper::urlToUTF8($profile->text)) . '</a></dd>';
else : else :
echo '<dd><a href="http://' . $profile->text . '">' . PunycodeHelper::urlToUTF8($profile->text) . '</a></dd>'; echo '<dd><a href="http://' . $profile->text . '">' . $this->escape(PunycodeHelper::urlToUTF8($profile->text)) . '</a></dd>';
endif; endif;
break; break;

6
components/com_content/forms/article.xml
View File

@ -217,6 +217,9 @@
<field <field
name="image_intro" name="image_intro"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_CONTENT_FIELD_INTRO_LABEL" label="COM_CONTENT_FIELD_INTRO_LABEL"
/> />
@ -254,6 +257,9 @@
<field <field
name="image_fulltext" name="image_fulltext"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_CONTENT_FIELD_FULL_LABEL" label="COM_CONTENT_FIELD_FULL_LABEL"
/> />

2
components/com_newsfeeds/tmpl/category/default_items.php
View File

@ -71,7 +71,7 @@ $listDirn = $this->escape($this->state->get('list.direction'));
<?php $link = PunycodeHelper::urlToUTF8($item->link); ?> <?php $link = PunycodeHelper::urlToUTF8($item->link); ?>
<span class="list float-start"> <span class="list float-start">
<a href="<?php echo $item->link; ?>"> <a href="<?php echo $item->link; ?>">
<?php echo $link; ?> <?php echo $this->escape($link); ?>
</a> </a>
</span> </span>
<br> <br>

3
components/com_tags/tmpl/tag/default.xml
View File

@ -88,6 +88,9 @@
<field <field
name="tag_list_image" name="tag_list_image"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_TAGS_TAG_LIST_MEDIA_LABEL" label="COM_TAGS_TAG_LIST_MEDIA_LABEL"
/> />

3
components/com_tags/tmpl/tag/list.xml
View File

@ -87,6 +87,9 @@
<field <field
name="tag_list_image" name="tag_list_image"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_TAGS_TAG_LIST_MEDIA_LABEL" label="COM_TAGS_TAG_LIST_MEDIA_LABEL"
/> />

3
components/com_tags/tmpl/tags/default.xml
View File

@ -71,6 +71,9 @@
<field <field
name="all_tags_description_image" name="all_tags_description_image"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="COM_TAGS_ALL_TAGS_MEDIA_LABEL" label="COM_TAGS_ALL_TAGS_MEDIA_LABEL"
/> />

6
components/com_users/tmpl/login/default.xml
View File

@ -78,6 +78,9 @@
<field <field
name="login_image" name="login_image"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="JFIELD_LOGIN_IMAGE_LABEL" label="JFIELD_LOGIN_IMAGE_LABEL"
/> />
@ -158,6 +161,9 @@
<field <field
name="logout_image" name="logout_image"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="JFIELD_LOGOUT_IMAGE_LABEL" label="JFIELD_LOGOUT_IMAGE_LABEL"
/> />

10
composer.json
View File

@ -30,6 +30,14 @@
"type": "vcs", "type": "vcs",
"url": "https://github.com/joomla-backports/json-api-php.git", "url": "https://github.com/joomla-backports/json-api-php.git",
"no-api": true "no-api": true
},
{
"type": "vcs",
"url": "https://github.com/joomla-framework/security-filter.git"
},
{
"type": "vcs",
"url": "https://github.com/joomla-framework/security-input.git"
} }
], ],
"autoload": { "autoload": {
@ -53,7 +61,7 @@
"joomla/database": "^2.1.1", "joomla/database": "^2.1.1",
"joomla/di": "^2.0.1", "joomla/di": "^2.0.1",
"joomla/event": "^2.0.2", "joomla/event": "^2.0.2",
"joomla/filter": "^2.0.3", "joomla/filter": "dev-2.x-mbstring-issue566 as 2.0.4",
"joomla/filesystem": "^2.0.2", "joomla/filesystem": "^2.0.2",
"joomla/http": "^2.0.2", "joomla/http": "^2.0.2",
"joomla/input": "^2.0.4", "joomla/input": "^2.0.4",

42
composer.lock generated
View File

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"content-hash": "186d1c75ba657af1ae5b59e4bfdafe01", "content-hash": "00e01144155a50c968a51bf9692b2b0c",
"packages": [ "packages": [
{ {
"name": "algo26-matthias/idna-convert", "name": "algo26-matthias/idna-convert",
@ -1702,16 +1702,16 @@
}, },
{ {
"name": "joomla/filter", "name": "joomla/filter",
"version": "2.0.3", "version": "dev-2.x-mbstring-issue566",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/joomla-framework/filter.git", "url": "git@github.com:joomla-framework/security-filter.git",
"reference": "9102630f9069351c1259b6f585a704fde7029d2a" "reference": "72881a29e90beed6d043af228b64df6850bbfeff"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/joomla-framework/filter/zipball/9102630f9069351c1259b6f585a704fde7029d2a", "url": "https://api.github.com/repos/joomla-framework/security-filter/zipball/72881a29e90beed6d043af228b64df6850bbfeff",
"reference": "9102630f9069351c1259b6f585a704fde7029d2a", "reference": "72881a29e90beed6d043af228b64df6850bbfeff",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -1729,6 +1729,7 @@
"suggest": { "suggest": {
"joomla/language": "Required only if you want to use `OutputFilter::stringURLSafe`." "joomla/language": "Required only if you want to use `OutputFilter::stringURLSafe`."
}, },
"default-branch": true,
"type": "joomla-package", "type": "joomla-package",
"extra": { "extra": {
"branch-alias": { "branch-alias": {
@ -1740,7 +1741,11 @@
"Joomla\\Filter\\": "src/" "Joomla\\Filter\\": "src/"
} }
}, },
"notification-url": "https://packagist.org/downloads/", "autoload-dev": {
"psr-4": {
"Joomla\\Filter\\Tests\\": "Tests/"
}
},
"license": [ "license": [
"GPL-2.0-or-later" "GPL-2.0-or-later"
], ],
@ -1752,20 +1757,20 @@
"joomla" "joomla"
], ],
"support": { "support": {
"issues": "https://github.com/joomla-framework/filter/issues", "source": "https://github.com/joomla-framework/security-filter/tree/2.x-mbstring-issue566",
"source": "https://github.com/joomla-framework/filter/tree/2.0.3" "issues": "https://github.com/joomla-framework/security-filter/issues"
}, },
"funding": [ "funding": [
{ {
"url": "https://community.joomla.org/sponsorship-campaigns.html", "type": "github",
"type": "custom" "url": "https://github.com/joomla"
}, },
{ {
"url": "https://github.com/joomla", "type": "custom",
"type": "github" "url": "https://community.joomla.org/sponsorship-campaigns.html"
} }
], ],
"time": "2023-08-26T07:57:54+00:00" "time": "2024-02-10T14:19:54+00:00"
}, },
{ {
"name": "joomla/http", "name": "joomla/http",
@ -9898,6 +9903,12 @@
} }
], ],
"aliases": [ "aliases": [
{
"package": "joomla/filter",
"version": "dev-2.x-mbstring-issue566",
"alias": "2.0.4",
"alias_normalized": "2.0.4.0"
},
{ {
"package": "voku/portable-utf8", "package": "voku/portable-utf8",
"version": "6.0.12.0", "version": "6.0.12.0",
@ -9907,6 +9918,7 @@
], ],
"minimum-stability": "stable", "minimum-stability": "stable",
"stability-flags": { "stability-flags": {
"joomla/filter": 20,
"tobscure/json-api": 20 "tobscure/json-api": 20
}, },
"prefer-stable": false, "prefer-stable": false,
@ -9921,5 +9933,5 @@
"platform-overrides": { "platform-overrides": {
"php": "7.2.5" "php": "7.2.5"
}, },
"plugin-api-version": "2.3.0" "plugin-api-version": "2.2.0"
} }

3
includes/framework.php
View File

@ -9,6 +9,7 @@
defined('_JEXEC') or die; defined('_JEXEC') or die;
use Joomla\CMS\Uri\Uri;
use Joomla\CMS\Version; use Joomla\CMS\Version;
use Joomla\Utilities\IpHelper; use Joomla\Utilities\IpHelper;
@ -22,7 +23,7 @@ if (
|| (file_exists(JPATH_INSTALLATION . '/index.php') && (false === (new Version())->isInDevelopmentState())) || (file_exists(JPATH_INSTALLATION . '/index.php') && (false === (new Version())->isInDevelopmentState()))
) { ) {
if (file_exists(JPATH_INSTALLATION . '/index.php')) { if (file_exists(JPATH_INSTALLATION . '/index.php')) {
header('Location: ' . substr($_SERVER['REQUEST_URI'], 0, strpos($_SERVER['REQUEST_URI'], 'index.php')) . 'installation/index.php'); header('Location: ' . Uri::base() . 'installation/index.php');
exit; exit;
} else { } else {

2
installation/language/en-GB/langmetadata.xml
View File

@ -2,7 +2,7 @@
<metafile client="installation"> <metafile client="installation">
<name>English (United Kingdom)</name> <name>English (United Kingdom)</name>
<version>4.4.3</version> <version>4.4.3</version>
<creationDate>2024-01</creationDate> <creationDate>2024-02</creationDate>
<author>Joomla! Project</author> <author>Joomla! Project</author>
<copyright>(C) 2005 Open Source Matters, Inc.</copyright> <copyright>(C) 2005 Open Source Matters, Inc.</copyright>
<license>GNU General Public License version 2 or later; see LICENSE.txt</license> <license>GNU General Public License version 2 or later; see LICENSE.txt</license>

2
language/en-GB/install.xml
View File

@ -3,7 +3,7 @@
<name>English (en-GB)</name> <name>English (en-GB)</name>
<tag>en-GB</tag> <tag>en-GB</tag>
<version>4.4.3</version> <version>4.4.3</version>
<creationDate>2024-01</creationDate> <creationDate>2024-02</creationDate>
<author>Joomla! Project</author> <author>Joomla! Project</author>
<authorEmail>admin@joomla.org</authorEmail> <authorEmail>admin@joomla.org</authorEmail>
<authorUrl>www.joomla.org</authorUrl> <authorUrl>www.joomla.org</authorUrl>

2
language/en-GB/langmetadata.xml
View File

@ -2,7 +2,7 @@
<metafile client="site"> <metafile client="site">
<name>English (en-GB)</name> <name>English (en-GB)</name>
<version>4.4.3</version> <version>4.4.3</version>
<creationDate>2024-01</creationDate> <creationDate>2024-02</creationDate>
<author>Joomla! Project</author> <author>Joomla! Project</author>
<authorEmail>admin@joomla.org</authorEmail> <authorEmail>admin@joomla.org</authorEmail>
<authorUrl>www.joomla.org</authorUrl> <authorUrl>www.joomla.org</authorUrl>

1
language/en-GB/lib_joomla.ini
View File

@ -344,6 +344,7 @@ JLIB_FORM_VALIDATE_FIELD_INVALID="Invalid field: %s"
JLIB_FORM_VALIDATE_FIELD_REQUIRED="Field required: %s" JLIB_FORM_VALIDATE_FIELD_REQUIRED="Field required: %s"
JLIB_FORM_VALIDATE_FIELD_RULE_MISSING="Validation Rule missing: %s" JLIB_FORM_VALIDATE_FIELD_RULE_MISSING="Validation Rule missing: %s"
JLIB_FORM_VALIDATE_FIELD_URL_SCHEMA_MISSING="Invalid URL: URL schema is missing in %1$s. Please add one of the following at the beginning: %2$s." JLIB_FORM_VALIDATE_FIELD_URL_SCHEMA_MISSING="Invalid URL: URL schema is missing in %1$s. Please add one of the following at the beginning: %2$s."
JLIB_FORM_VALIDATE_FIELD_URL_INJECTION_DETECTED="Invalid URL: A code injection has been detected in %1$s."
JLIB_FORM_VALUE_CACHE_APCU="APC User Cache" JLIB_FORM_VALUE_CACHE_APCU="APC User Cache"
JLIB_FORM_VALUE_CACHE_FILE="File" JLIB_FORM_VALUE_CACHE_FILE="File"
JLIB_FORM_VALUE_CACHE_MEMCACHED="Memcached (Experimental)" JLIB_FORM_VALUE_CACHE_MEMCACHED="Memcached (Experimental)"

7
libraries/src/Form/Rule/UrlRule.php
View File

@ -9,6 +9,7 @@
namespace Joomla\CMS\Form\Rule; namespace Joomla\CMS\Form\Rule;
use Joomla\CMS\Filter\InputFilter;
use Joomla\CMS\Form\Form; use Joomla\CMS\Form\Form;
use Joomla\CMS\Form\FormRule; use Joomla\CMS\Form\FormRule;
use Joomla\CMS\Language\Text; use Joomla\CMS\Language\Text;
@ -53,6 +54,12 @@ class UrlRule extends FormRule
return true; return true;
} }
// Check the value for XSS payloads
if ((string) $element['disableXssCheck'] !== 'true' && InputFilter::checkAttribute(['href', $value])) {
$element->addAttribute('message', Text::sprintf('JLIB_FORM_VALIDATE_FIELD_URL_INJECTION_DETECTED', $element['name']));
return false;
}
$urlParts = UriHelper::parse_url($value); $urlParts = UriHelper::parse_url($value);
// See https://www.w3.org/Addressing/URL/url-spec.txt // See https://www.w3.org/Addressing/URL/url-spec.txt

8
libraries/src/Version.php
View File

@ -66,7 +66,7 @@ final class Version
* @var string * @var string
* @since 3.8.0 * @since 3.8.0
*/ */
public const EXTRA_VERSION = 'dev'; public const EXTRA_VERSION = '';
/** /**
* Development status. * Development status.
@ -74,7 +74,7 @@ final class Version
* @var string * @var string
* @since 3.5 * @since 3.5
*/ */
public const DEV_STATUS = 'Development'; public const DEV_STATUS = 'Stable';
/** /**
* Code name. * Code name.
@ -90,7 +90,7 @@ final class Version
* @var string * @var string
* @since 3.5 * @since 3.5
*/ */
public const RELDATE = '9-January-2024'; public const RELDATE = '20-February-2024';
/** /**
* Release time. * Release time.
@ -98,7 +98,7 @@ final class Version
* @var string * @var string
* @since 3.5 * @since 3.5
*/ */
public const RELTIME = '16:01'; public const RELTIME = '16:00';
/** /**
* Release timezone. * Release timezone.

3
modules/mod_custom/mod_custom.xml
View File

@ -40,6 +40,9 @@
<field <field
name="backgroundimage" name="backgroundimage"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
label="MOD_CUSTOM_FIELD_BACKGROUNDIMAGE_LABEL" label="MOD_CUSTOM_FIELD_BACKGROUNDIMAGE_LABEL"
/> />
</fieldset> </fieldset>

2
plugins/user/profile/src/Extension/Profile.php
View File

@ -138,7 +138,7 @@ final class Profile extends CMSPlugin
return HTMLHelper::_('users.value', $value); return HTMLHelper::_('users.value', $value);
} else { } else {
// Convert website URL to utf8 for display // Convert website URL to utf8 for display
$value = PunycodeHelper::urlToUTF8(htmlspecialchars($value)); $value = htmlspecialchars(PunycodeHelper::urlToUTF8($value), ENT_QUOTES, 'UTF-8');
if (strpos($value, 'http') === 0) { if (strpos($value, 'http') === 0) {
return '<a href="' . $value . '">' . $value . '</a>'; return '<a href="' . $value . '">' . $value . '</a>';

3
templates/cassiopeia/templateDetails.xml
View File

@ -63,6 +63,9 @@
<field <field
name="logoFile" name="logoFile"
type="media" type="media"
schemes="http,https,ftp,ftps,data,file"
validate="url"
relative="true"
default="" default=""
label="TPL_CASSIOPEIA_LOGO_LABEL" label="TPL_CASSIOPEIA_LOGO_LABEL"
showon="brand:1" showon="brand:1"