mirror of
https://github.com/joomla/joomla-cms.git
synced 2024-06-20 19:15:27 +00:00
Merge branch '3.10-dev' into 4.0-dev
This commit is contained in:
commit
8cfeec1aef
|
@ -1,4 +1,4 @@
|
|||
# EditorConfig is awesome: http://EditorConfig.org
|
||||
# EditorConfig is awesome: https://EditorConfig.org
|
||||
|
||||
# top-most EditorConfig file
|
||||
root = true
|
||||
|
|
|
@ -151,6 +151,7 @@
|
|||
autocomplete="off"
|
||||
size="30"
|
||||
hint="***************"
|
||||
lock="true"
|
||||
/>
|
||||
|
||||
<field
|
||||
|
@ -193,6 +194,17 @@
|
|||
size="30"
|
||||
/>
|
||||
|
||||
<field
|
||||
name="password"
|
||||
type="password"
|
||||
label="COM_CONFIG_FIELD_DATABASE_PASSWORD_LABEL"
|
||||
description="COM_CONFIG_FIELD_DATABASE_PASSWORD_DESC"
|
||||
filter="raw"
|
||||
autocomplete="off"
|
||||
size="30"
|
||||
lock="true"
|
||||
/>
|
||||
|
||||
<field
|
||||
name="db"
|
||||
type="text"
|
||||
|
@ -408,7 +420,7 @@
|
|||
showon="ftp_enable:1"
|
||||
autocomplete="off"
|
||||
size="25"
|
||||
hint="***************"
|
||||
lock="true"
|
||||
/>
|
||||
|
||||
<field
|
||||
|
@ -477,7 +489,7 @@
|
|||
showon="proxy_enable:1"
|
||||
autocomplete="off"
|
||||
size="25"
|
||||
hint="***************"
|
||||
lock="true"
|
||||
/>
|
||||
|
||||
</fieldset>
|
||||
|
@ -656,7 +668,7 @@
|
|||
filter="raw"
|
||||
autocomplete="off"
|
||||
size="30"
|
||||
hint="***************"
|
||||
lock="true"
|
||||
/>
|
||||
|
||||
</fieldset>
|
||||
|
@ -942,7 +954,7 @@
|
|||
showon="session_handler:redis"
|
||||
autocomplete="off"
|
||||
size="30"
|
||||
hint="***************"
|
||||
lock="true"
|
||||
/>
|
||||
|
||||
<field
|
||||
|
|
|
@ -80,6 +80,8 @@ class ApplicationController extends BaseController
|
|||
return false;
|
||||
}
|
||||
|
||||
$this->app->setUserState('com_config.config.global.data', null);
|
||||
|
||||
// Set FTP credentials, if given.
|
||||
ClientHelper::setCredentialsFromRequest('ftp');
|
||||
|
||||
|
|
|
@ -286,15 +286,6 @@ class ApplicationModel extends FormModel
|
|||
}
|
||||
}
|
||||
|
||||
// Unset all protected config fields to empty
|
||||
foreach ($this->protectedConfigurationFields as $fieldKey)
|
||||
{
|
||||
if (isset($data[$fieldKey]))
|
||||
{
|
||||
$data[$fieldKey] = '';
|
||||
}
|
||||
}
|
||||
|
||||
return $data;
|
||||
}
|
||||
|
||||
|
@ -314,7 +305,7 @@ class ApplicationModel extends FormModel
|
|||
// Try to load the values from the configuration file
|
||||
foreach ($this->protectedConfigurationFields as $fieldKey)
|
||||
{
|
||||
if (isset($data[$fieldKey]) && empty($data[$fieldKey]))
|
||||
if (!isset($data[$fieldKey]))
|
||||
{
|
||||
$data[$fieldKey] = $app->get($fieldKey, '');
|
||||
}
|
||||
|
@ -325,7 +316,7 @@ class ApplicationModel extends FormModel
|
|||
'driver' => $data['dbtype'],
|
||||
'host' => $data['host'],
|
||||
'user' => $data['user'],
|
||||
'password' => $app->get('password'),
|
||||
'password' => $data['password'],
|
||||
'database' => $data['db'],
|
||||
'prefix' => $data['dbprefix'],
|
||||
);
|
||||
|
@ -1249,7 +1240,7 @@ class ApplicationModel extends FormModel
|
|||
$app = Factory::getApplication();
|
||||
$user = Factory::getUser();
|
||||
$input = $app->input->json;
|
||||
$smtppass = $input->get('smtppass', '', 'RAW');
|
||||
$smtppass = $input->get('smtppass', null, 'RAW');
|
||||
|
||||
$app->set('smtpauth', $input->get('smtpauth'));
|
||||
$app->set('smtpuser', $input->get('smtpuser', '', 'STRING'));
|
||||
|
@ -1262,7 +1253,7 @@ class ApplicationModel extends FormModel
|
|||
$app->set('mailonline', $input->get('mailonline'));
|
||||
|
||||
// Use smtppass only if it was submitted
|
||||
if ($smtppass)
|
||||
if ($smtppass !== null)
|
||||
{
|
||||
$app->set('smtppass', $smtppass);
|
||||
}
|
||||
|
|
|
@ -242,7 +242,7 @@ class Indexer
|
|||
* @return integer The ID of the record in the links table.
|
||||
*
|
||||
* @since 2.5
|
||||
* @throws Exception on database error.
|
||||
* @throws \Exception on database error.
|
||||
*/
|
||||
public function index($item, $format = 'html')
|
||||
{
|
||||
|
|
|
@ -52,6 +52,8 @@ COM_CONFIG_FIELD_DATABASE_ENCRYPTION_MODE_VALUE_TWO_WAY="Two-way authentication"
|
|||
COM_CONFIG_FIELD_DATABASE_ENCRYPTION_VERIFY_SERVER_CERT_LABEL="Verify Server Certificate"
|
||||
COM_CONFIG_FIELD_DATABASE_HOST_LABEL="Host"
|
||||
COM_CONFIG_FIELD_DATABASE_NAME_LABEL="Database Name"
|
||||
COM_CONFIG_FIELD_DATABASE_PASSWORD_DESC="Do not edit this field unless absolutely necessary (eg after the transfer of the database to a new hosting provider)."
|
||||
COM_CONFIG_FIELD_DATABASE_PASSWORD_LABEL="Database Password"
|
||||
COM_CONFIG_FIELD_DATABASE_PREFIX_LABEL="Database Tables Prefix"
|
||||
COM_CONFIG_FIELD_DATABASE_TYPE_LABEL="Database Type"
|
||||
COM_CONFIG_FIELD_DATABASE_USERNAME_LABEL="Database Username"
|
||||
|
|
|
@ -15,6 +15,7 @@ COM_CPANEL_MESSAGES_BODY_NOCLOSE="There are important post-installation messages
|
|||
COM_CPANEL_MESSAGES_BODYMORE_NOCLOSE="This information area won't appear when you have hidden all the messages."
|
||||
COM_CPANEL_MESSAGES_REVIEW="Read Messages"
|
||||
COM_CPANEL_MESSAGES_TITLE="You have post-installation messages"
|
||||
; Translators: Don't touch the code part in the following message, Starting with ## Mod_rewrite ...
|
||||
COM_CPANEL_MSG_ADDNOSNIFF_BODY="<p>Joomla is now shipped with additional security hardenings in the default htaccess.txt and web.config.txt files. These hardenings disable the so called MIME-type sniffing feature in web browsers. The sniffing leads to specific attack vectors, where scripts in normally harmless file formats (eg images) will be executed, leading to Cross-Site-Scripting vulnerabilities.</p><p>The security team recommends to manually apply the necessary changes to existing .htaccess or web.config files, as those files can not be updated automatically.</p><p><strong>Changes for .htaccess</strong><br>Add the following lines before \"## Mod_rewrite in use.\":</p><pre><IfModule mod_headers.c>\nHeader always set X-Content-Type-Options \"nosniff\"\n</IfModule></pre><p><strong>Changes for web.config</strong><br>Add the following lines right after \"</rewrite>\":</p><pre><httpProtocol>\n <customHeaders>\n <add name=\"X-Content-Type-Options\" value=\"nosniff\" />\n </customHeaders>\n</httpProtocol></pre>"
|
||||
COM_CPANEL_MSG_ADDNOSNIFF_TITLE=".htaccess & web.config Security Update"
|
||||
COM_CPANEL_MSG_HTACCESS_BODY="A change to the default .htaccess and web.config files was made in Joomla! 3.4 to disallow folder listings by default. Users are recommended to implement this change in their files. Please see <a href=\"https://docs.joomla.org/Special:MyLanguage/Preconfigured_htaccess\">this page</a> for more information."
|
||||
|
|
|
@ -26,7 +26,6 @@
|
|||
const emailData = {
|
||||
smtpauth: document.getElementById('jform_smtpauth1').checked ? 1 : 0,
|
||||
smtpuser: this.querySelector('[name="jform[smtpuser]"]').value,
|
||||
smtppass: this.querySelector('[name="jform[smtppass]"]').value,
|
||||
smtphost: this.querySelector('[name="jform[smtphost]"]').value,
|
||||
smtpsecure: this.querySelector('[name="jform[smtpsecure]"]').value,
|
||||
smtpport: this.querySelector('[name="jform[smtpport]"]').value,
|
||||
|
@ -36,6 +35,12 @@
|
|||
mailonline: document.getElementById('jform_mailonline1').checked ? 1 : 0,
|
||||
};
|
||||
|
||||
const smtppass = this.querySelector('[name="jform[smtpsecure]"]');
|
||||
|
||||
if (smtppass.disabled === false) {
|
||||
emailData.smtppass = smtppass.value;
|
||||
}
|
||||
|
||||
// Remove js messages, if they exist.
|
||||
Joomla.removeMessages();
|
||||
|
||||
|
|
|
@ -48,10 +48,13 @@ extract($displayData);
|
|||
* @var string $accept File types that are accepted.
|
||||
* @var string $dataAttribute Miscellaneous data attributes preprocessed for HTML output
|
||||
* @var array $dataAttributes Miscellaneous data attribute for eg, data-*.
|
||||
* @var boolean $lock Is this field locked.
|
||||
*/
|
||||
|
||||
$document = Factory::getApplication()->getDocument();
|
||||
|
||||
/** @var Joomla\CMS\WebAsset\WebAssetManager $wa */
|
||||
$wa = Factory::getApplication()->getDocument()->getWebAssetManager();
|
||||
$wa = $document->getWebAssetManager();
|
||||
|
||||
if ($meter)
|
||||
{
|
||||
|
@ -72,6 +75,39 @@ Text::script('JFIELD_PASSWORD_INDICATE_COMPLETE');
|
|||
Text::script('JSHOWPASSWORD');
|
||||
Text::script('JHIDEPASSWORD');
|
||||
|
||||
// TODO: Remove this jQuery dependency and move the lock functionality to the password view script
|
||||
\Joomla\CMS\HTML\HTMLHelper::_('jquery.framework');
|
||||
|
||||
if ($lock)
|
||||
{
|
||||
// Load script on document load.
|
||||
$document->addScriptDeclaration(
|
||||
"
|
||||
jQuery(document).ready(function() {
|
||||
jQuery('#" . $id ."_lock').on('click', function() {
|
||||
var lockButton = jQuery(this);
|
||||
var passwordInput = jQuery('#" . $id . "');
|
||||
var lock = lockButton.hasClass('active');
|
||||
|
||||
if (lock === true) {
|
||||
lockButton.html('" . Text::_('JMODIFY', true) . "');
|
||||
passwordInput.attr('disabled', true);
|
||||
passwordInput.val('');
|
||||
}
|
||||
else
|
||||
{
|
||||
lockButton.html('" . Text::_('JCANCEL', true) . "');
|
||||
passwordInput.attr('disabled', false);
|
||||
}
|
||||
});
|
||||
});"
|
||||
);
|
||||
|
||||
$disabled = true;
|
||||
$hint = str_repeat('*', strlen($value));
|
||||
$value = '';
|
||||
}
|
||||
|
||||
$attributes = array(
|
||||
strlen($hint) ? 'placeholder="' . htmlspecialchars($hint, ENT_COMPAT, 'UTF-8') . '"' : '',
|
||||
!empty($autocomplete) ? 'autocomplete="' . $autocomplete . '"' : '',
|
||||
|
@ -122,6 +158,7 @@ if ($rules && !empty($description))
|
|||
}
|
||||
}
|
||||
?>
|
||||
<<<<<<< HEAD
|
||||
<?php if (!empty($description)) : ?>
|
||||
<div id="<?php echo $name . '-desc'; ?>" class="small text-muted">
|
||||
<?php if ($rules) : ?>
|
||||
|
@ -148,3 +185,19 @@ if ($rules && !empty($description))
|
|||
</span>
|
||||
</div>
|
||||
</div>
|
||||
=======
|
||||
<?php if ($lock): ?>
|
||||
<span class="input-append">
|
||||
<?php endif; ?>
|
||||
<input
|
||||
type="password"
|
||||
name="<?php echo $name; ?>"
|
||||
id="<?php echo $id; ?>"
|
||||
value="<?php echo htmlspecialchars($value, ENT_COMPAT, 'UTF-8'); ?>"
|
||||
<?php echo implode(' ', $attributes); ?>
|
||||
/>
|
||||
<?php if ($lock): ?>
|
||||
<button type="button" id="<?php echo $id; ?>_lock" class="btn btn-info" data-toggle="button"><?php echo JText::_('JMODIFY'); ?></button>
|
||||
</span>
|
||||
<?php endif; ?>
|
||||
>>>>>>> 3.10-dev
|
||||
|
|
|
@ -52,7 +52,7 @@ class LimitboxField extends ListField
|
|||
protected function getOptions()
|
||||
{
|
||||
// Accepted modifiers
|
||||
$hash = md5($this->element);
|
||||
$hash = md5($this->element->asXML());
|
||||
|
||||
if (!isset(static::$options[$hash]))
|
||||
{
|
||||
|
|
|
@ -72,6 +72,15 @@ class PasswordField extends FormField
|
|||
*/
|
||||
protected $layout = 'joomla.form.field.password';
|
||||
|
||||
/**
|
||||
* Attach an unlock button and disable the input field,
|
||||
* also remove the value from the output.
|
||||
*
|
||||
* @var boolean
|
||||
* @since 3.9.24
|
||||
*/
|
||||
protected $lock = false;
|
||||
|
||||
/**
|
||||
* Method to get certain otherwise inaccessible properties from the form field object.
|
||||
*
|
||||
|
@ -85,6 +94,7 @@ class PasswordField extends FormField
|
|||
{
|
||||
switch ($name)
|
||||
{
|
||||
case 'lock':
|
||||
case 'threshold':
|
||||
case 'maxLength':
|
||||
case 'meter':
|
||||
|
@ -116,9 +126,10 @@ class PasswordField extends FormField
|
|||
$this->$name = $value;
|
||||
break;
|
||||
|
||||
case 'lock':
|
||||
case 'meter':
|
||||
case 'force':
|
||||
$this->meter = ($value === 'true' || $value === $name || $value === '1');
|
||||
$this->$name = ($value === 'true' || $value === $name || $value === '1');
|
||||
break;
|
||||
|
||||
default:
|
||||
|
@ -146,6 +157,9 @@ class PasswordField extends FormField
|
|||
|
||||
if ($return)
|
||||
{
|
||||
$lock = (string) $this->element['lock'];
|
||||
$this->lock = ($lock == 'true' || $lock == 'on' || $lock == '1');
|
||||
|
||||
$this->maxLength = $this->element['maxlength'] ? (int) $this->element['maxlength'] : 99;
|
||||
$this->threshold = $this->element['threshold'] ? (int) $this->element['threshold'] : 66;
|
||||
$meter = (string) $this->element['strengthmeter'];
|
||||
|
@ -201,6 +215,7 @@ class PasswordField extends FormField
|
|||
|
||||
// Initialize some field attributes.
|
||||
$extraData = array(
|
||||
'lock' => $this->lock,
|
||||
'maxLength' => $this->maxLength,
|
||||
'meter' => $this->meter,
|
||||
'threshold' => $this->threshold,
|
||||
|
|
|
@ -1135,6 +1135,18 @@ abstract class FormField
|
|||
{
|
||||
$subForm = $this->loadSubForm();
|
||||
|
||||
// Subform field may have a default value, that is a JSON string
|
||||
if ($value && is_string($value))
|
||||
{
|
||||
$value = json_decode($value, true);
|
||||
|
||||
// The string is invalid json
|
||||
if (!$value)
|
||||
{
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
if ($this->multiple)
|
||||
{
|
||||
$return = array();
|
||||
|
|
|
@ -44,7 +44,7 @@ class Backgroundfill extends ImageFilter
|
|||
$colorCode = $options['color'] ?? null;
|
||||
|
||||
// Get resource dimensions
|
||||
$width = imagesx($this->handle);
|
||||
$width = imagesx($this->handle);
|
||||
$height = imagesy($this->handle);
|
||||
|
||||
// Sanitize color
|
||||
|
@ -100,8 +100,8 @@ class Backgroundfill extends ImageFilter
|
|||
$colors = array_merge($colors, $input);
|
||||
}
|
||||
elseif (\is_string($input))
|
||||
// Convert RGBA 6-9 char string
|
||||
{
|
||||
// Convert RGBA 6-9 char string
|
||||
$hex = ltrim($input, '#');
|
||||
|
||||
$hexValues = [
|
||||
|
@ -120,8 +120,8 @@ class Backgroundfill extends ImageFilter
|
|||
}
|
||||
}
|
||||
else
|
||||
// Cannot sanitize such type
|
||||
{
|
||||
// Cannot sanitize such type
|
||||
return $colors;
|
||||
}
|
||||
|
||||
|
|
|
@ -707,7 +707,7 @@ class PlgActionlogJoomla extends ActionLogPlugin
|
|||
/**
|
||||
* On after save user group data logging method
|
||||
*
|
||||
* Method is called after user data is deleted from the database
|
||||
* Method is called after user group is stored into the database
|
||||
*
|
||||
* @param string $context The context
|
||||
* @param JTable $table DataBase Table object
|
||||
|
@ -719,6 +719,7 @@ class PlgActionlogJoomla extends ActionLogPlugin
|
|||
*/
|
||||
public function onUserAfterSaveGroup($context, $table, $isNew): void
|
||||
{
|
||||
// Override context (com_users.group) with the component context (com_users) to pass the checkLoggable
|
||||
$context = $this->app->input->get('option');
|
||||
|
||||
if (!$this->checkLoggable($context))
|
||||
|
@ -751,7 +752,7 @@ class PlgActionlogJoomla extends ActionLogPlugin
|
|||
/**
|
||||
* On deleting user group data logging method
|
||||
*
|
||||
* Method is called after user data is deleted from the database
|
||||
* Method is called after user group is deleted from the database
|
||||
*
|
||||
* @param array $group Holds the group data
|
||||
* @param boolean $success True if user was successfully stored in the database
|
||||
|
|
Loading…
Reference in New Issue
Block a user