joomla/cms
29
0
Fork 0
mirror of https://github.com/joomla/joomla-cms.git synced 2024-06-16 09:02:52 +00:00
Code Packages Releases Activity

Merge branch '4.2-dev' into j4/db/inject

Browse Source
This commit is contained in:
Allon Moritz 2022-03-31 14:13:05 +02:00 committed by GitHub
commit d489b2428a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
103 changed files with 1370 additions and 323 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
administrator/components/com_admin/script.php
View File

@ -105,6 +105,7 @@ class JoomlaInstallerScript
$this->updateAssets($installer);
$this->clearStatsCache();
$this->convertTablesToUtf8mb4(true);
$this->addUserAuthProviderColumn();
$this->cleanJoomlaCache();
}
@ -706,6 +707,7 @@ class JoomlaInstallerScript
'/administrator/components/com_admin/sql/updates/mysql/3.10.0-2020-08-10.sql',
'/administrator/components/com_admin/sql/updates/mysql/3.10.0-2021-05-28.sql',
'/administrator/components/com_admin/sql/updates/mysql/3.10.7-2022-02-20.sql',
'/administrator/components/com_admin/sql/updates/mysql/3.10.7-2022-03-18.sql',
'/administrator/components/com_admin/sql/updates/mysql/3.2.0.sql',
'/administrator/components/com_admin/sql/updates/mysql/3.2.1.sql',
'/administrator/components/com_admin/sql/updates/mysql/3.2.2-2013-12-22.sql',
@ -828,7 +830,9 @@ class JoomlaInstallerScript
'/administrator/components/com_admin/sql/updates/postgresql/3.1.5.sql',
'/administrator/components/com_admin/sql/updates/postgresql/3.10.0-2020-08-10.sql',
'/administrator/components/com_admin/sql/updates/postgresql/3.10.0-2021-05-28.sql',
'/administrator/components/com_admin/sql/updates/postgresql/3.10.7-2022-02-20.sql',
'/administrator/components/com_admin/sql/updates/postgresql/3.10.7-2022-02-20.sql.sql',
'/administrator/components/com_admin/sql/updates/postgresql/3.10.7-2022-03-18.sql',
'/administrator/components/com_admin/sql/updates/postgresql/3.2.0.sql',
'/administrator/components/com_admin/sql/updates/postgresql/3.2.1.sql',
'/administrator/components/com_admin/sql/updates/postgresql/3.2.2-2013-12-22.sql',
@ -953,7 +957,9 @@ class JoomlaInstallerScript
'/administrator/components/com_admin/sql/updates/sqlazure/3.1.5.sql',
'/administrator/components/com_admin/sql/updates/sqlazure/3.10.0-2021-05-28.sql',
'/administrator/components/com_admin/sql/updates/sqlazure/3.10.1-2021-08-17.sql',
'/administrator/components/com_admin/sql/updates/sqlazure/3.10.7-2022-02-20.sql',
'/administrator/components/com_admin/sql/updates/sqlazure/3.10.7-2022-02-20.sql.sql',
'/administrator/components/com_admin/sql/updates/sqlazure/3.10.7-2022-03-18.sql',
'/administrator/components/com_admin/sql/updates/sqlazure/3.2.0.sql',
'/administrator/components/com_admin/sql/updates/sqlazure/3.2.1.sql',
'/administrator/components/com_admin/sql/updates/sqlazure/3.2.2-2013-12-22.sql',
@ -7710,6 +7716,8 @@ class JoomlaInstallerScript
'/libraries/vendor/tobscure/json-api/.git/hooks',
'/libraries/vendor/tobscure/json-api/.git/branches',
'/libraries/vendor/tobscure/json-api/.git',
// From 4.1.1 to 4.2.0
'/libraries/src/Service/Provider/ApiRouter.php'
);
$status['files_checked'] = $files;
@ -8643,4 +8651,40 @@ class JoomlaInstallerScript
['atum', 'cassiopeia']
);
}
/**
* Add the user Auth Provider Column as it could be preset from 3.10 already
*
* @return void
*
* @since 4.1.1
*/
protected function addUserAuthProviderColumn(): void
{
$db = Factory::getContainer()->get('DatabaseDriver');
// Check if the column already exists
$fields = $db->getTableColumns('#__users');
// Column exists, skip
if (isset($fields['authProvider']))
{
return;
}
$query = 'ALTER TABLE ' . $db->quoteName('#__users')
. ' ADD COLUMN ' . $db->quoteName('authProvider') . ' varchar(100) DEFAULT ' . $db->quote('') . ' NOT NULL';
// Add column
try
{
$db->setQuery($query)->execute();
}
catch (Exception $e)
{
echo Text::sprintf('JLIB_DATABASE_ERROR_FUNCTION_FAILED', $e->getCode(), $e->getMessage()) . '<br>';
return;
}
}
}

8
administrator/components/com_associations/src/Controller/AssociationsController.php
View File

@ -107,7 +107,7 @@ class AssociationsController extends AdminController
return;
}
$cid = $this->input->get('cid', array(), 'array');
$cid = (array) $this->input->get('cid', array(), 'int');
if (empty($cid))
{
@ -118,6 +118,12 @@ class AssociationsController extends AdminController
// We know the first element is the one we need because we don't allow multi selection of rows
$id = $cid[0];
if ($id === 0)
{
// Seems we don't have an id to work with.
return;
}
if (AssociationsHelper::canCheckinItem($extensionName, $typeName, $id) === true)
{
$item = AssociationsHelper::getItem($extensionName, $typeName, $id);

5
administrator/components/com_banners/src/Controller/BannersController.php
View File

@ -78,11 +78,14 @@ class BannersController extends AdminController
// Check for request forgeries.
$this->checkToken();
$ids = $this->input->get('cid', array(), 'array');
$ids = (array) $this->input->get('cid', array(), 'int');
$values = array('sticky_publish' => 1, 'sticky_unpublish' => 0);
$task = $this->getTask();
$value = ArrayHelper::getValue($values, $task, 0, 'int');
// Remove zero values resulting from input filter
$ids = array_filter($ids);
if (empty($ids))
{
$this->app->enqueueMessage(Text::_('COM_BANNERS_NO_BANNERS_SELECTED'), 'warning');

2
administrator/components/com_cache/src/Controller/DisplayController.php
View File

@ -79,7 +79,7 @@ class DisplayController extends BaseController
// Check for request forgeries
$this->checkToken();
$cid = $this->input->post->get('cid', array(), 'array');
$cid = (array) $this->input->post->get('cid', array(), 'string');
if (empty($cid))
{

2
administrator/components/com_checkin/src/Controller/DisplayController.php
View File

@ -53,7 +53,7 @@ class DisplayController extends BaseController
// Check for request forgeries
$this->checkToken();
$ids = $this->input->get('cid', array(), 'array');
$ids = (array) $this->input->get('cid', array(), 'string');
if (empty($ids))
{

12
administrator/components/com_contact/src/Controller/ContactsController.php
View File

@ -56,7 +56,7 @@ class ContactsController extends AdminController
// Check for request forgeries
$this->checkToken();
$ids = $this->input->get('cid', array(), 'array');
$ids = (array) $this->input->get('cid', array(), 'int');
$values = array('featured' => 1, 'unfeatured' => 0);
$task = $this->getTask();
$value = ArrayHelper::getValue($values, $task, 0, 'int');
@ -68,6 +68,14 @@ class ContactsController extends AdminController
// Access checks.
foreach ($ids as $i => $id)
{
// Remove zero value resulting from input filter
if ($id === 0)
{
unset($ids[$i]);
continue;
}
$item = $model->getItem($id);
if (!$this->app->getIdentity()->authorise('core.edit.state', 'com_contact.category.' . (int) $item->catid))
@ -80,6 +88,8 @@ class ContactsController extends AdminController
if (empty($ids))
{
$message = null;
$this->app->enqueueMessage(Text::_('COM_CONTACT_NO_ITEM_SELECTED'), 'warning');
}
else

10
administrator/components/com_content/src/Controller/ArticlesController.php
View File

@ -66,7 +66,7 @@ class ArticlesController extends AdminController
$this->checkToken();
$user = $this->app->getIdentity();
$ids = $this->input->get('cid', array(), 'array');
$ids = (array) $this->input->get('cid', array(), 'int');
$values = array('featured' => 1, 'unfeatured' => 0);
$task = $this->getTask();
$value = ArrayHelper::getValue($values, $task, 0, 'int');
@ -75,6 +75,14 @@ class ArticlesController extends AdminController
// Access checks.
foreach ($ids as $i => $id)
{
// Remove zero value resulting from input filter
if ($id === 0)
{
unset($ids[$i]);
continue;
}
if (!$user->authorise('core.edit.state', 'com_content.article.' . (int) $id))
{
// Prune items that you can't change.

10
administrator/components/com_content/src/Controller/FeaturedController.php
View File

@ -33,11 +33,19 @@ class FeaturedController extends ArticlesController
$this->checkToken();
$user = $this->app->getIdentity();
$ids = $this->input->get('cid', array(), 'array');
$ids = (array) $this->input->get('cid', array(), 'int');
// Access checks.
foreach ($ids as $i => $id)
{
// Remove zero value resulting from input filter
if ($id === 0)
{
unset($ids[$i]);
continue;
}
if (!$user->authorise('core.delete', 'com_content.article.' . (int) $id))
{
// Prune items that you can't delete.

4
administrator/components/com_content/tmpl/articles/default.php
View File

@ -59,10 +59,6 @@ if ($saveOrder && !empty($this->items))
HTMLHelper::_('draggablelist.draggable');
}
/** @var \Joomla\CMS\WebAsset\WebAssetManager $wa */
$wa = $this->document->getWebAssetManager();
$wa->useScript('multiselect');
$workflow_enabled = ComponentHelper::getParams('com_content')->get('workflow_enabled');
$workflow_state = false;
$workflow_featured = false;

4
administrator/components/com_content/tmpl/featured/default.php
View File

@ -60,10 +60,6 @@ if ($saveOrder && !empty($this->items))
HTMLHelper::_('draggablelist.draggable');
}
/** @var \Joomla\CMS\WebAsset\WebAssetManager $wa */
$wa = $this->document->getWebAssetManager();
$wa->useScript('multiselect');
$workflow_enabled = ComponentHelper::getParams('com_content')->get('workflow_enabled');
$workflow_state = false;
$workflow_featured = false;

11
administrator/components/com_contenthistory/src/Controller/HistoryController.php
View File

@ -15,7 +15,6 @@ use Joomla\CMS\Language\Text;
use Joomla\CMS\MVC\Controller\AdminController;
use Joomla\CMS\Router\Route;
use Joomla\CMS\Session\Session;
use Joomla\Utilities\ArrayHelper;
/**
* Contenthistory list controller class.
@ -52,9 +51,12 @@ class HistoryController extends AdminController
$this->checkToken();
// Get items to toggle keep forever from the request.
$cid = $this->input->get('cid', array(), 'array');
$cid = (array) $this->input->get('cid', array(), 'int');
if (!is_array($cid) || count($cid) < 1)
// Remove zero values resulting from input filter
$cid = array_filter($cid);
if (empty($cid))
{
$this->app->enqueueMessage(Text::_('COM_CONTENTHISTORY_NO_ITEM_SELECTED'), 'warning');
}
@ -63,9 +65,6 @@ class HistoryController extends AdminController
// Get the model.
$model = $this->getModel();
// Make sure the item ids are integers
$cid = ArrayHelper::toInteger($cid);
// Toggle keep forever status of the selected items.
if ($model->keep($cid))
{

7
administrator/components/com_installer/src/Controller/DatabaseController.php
View File

@ -40,9 +40,12 @@ class DatabaseController extends BaseController
$this->checkToken();
// Get items to fix the database.
$cid = $this->input->get('cid', array(), 'array');
$cid = (array) $this->input->get('cid', array(), 'int');
if (!is_array($cid) || count($cid) < 1)
// Remove zero values resulting from input filter
$cid = array_filter($cid);
if (empty($cid))
{
$this->app->getLogger()->warning(
Text::_(

39
administrator/components/com_installer/src/Controller/ManageController.php
View File

@ -60,11 +60,14 @@ class ManageController extends BaseController
// Check for request forgeries.
$this->checkToken();
$ids = $this->input->get('cid', array(), 'array');
$ids = (array) $this->input->get('cid', array(), 'int');
$values = array('publish' => 1, 'unpublish' => 0);
$task = $this->getTask();
$value = ArrayHelper::getValue($values, $task, 0, 'int');
// Remove zero values resulting from input filter
$ids = array_filter($ids);
if (empty($ids))
{
$this->setMessage(Text::_('COM_INSTALLER_ERROR_NO_EXTENSIONS_SELECTED'), 'warning');
@ -111,12 +114,19 @@ class ManageController extends BaseController
// Check for request forgeries.
$this->checkToken();
/** @var ManageModel $model */
$model = $this->getModel('manage');
$eid = (array) $this->input->get('cid', array(), 'int');
// Remove zero values resulting from input filter
$eid = array_filter($eid);
if (!empty($eid))
{
/** @var ManageModel $model */
$model = $this->getModel('manage');
$model->remove($eid);
}
$eid = $this->input->get('cid', array(), 'array');
$eid = ArrayHelper::toInteger($eid, array());
$model->remove($eid);
$this->setRedirect(Route::_('index.php?option=com_installer&view=manage', false));
}
@ -134,12 +144,19 @@ class ManageController extends BaseController
// Check for request forgeries.
$this->checkToken();
/** @var ManageModel $model */
$model = $this->getModel('manage');
$uid = (array) $this->input->get('cid', array(), 'int');
// Remove zero values resulting from input filter
$uid = array_filter($uid);
if (!empty($uid))
{
/** @var ManageModel $model */
$model = $this->getModel('manage');
$model->refresh($uid);
}
$uid = $this->input->get('cid', array(), 'array');
$uid = ArrayHelper::toInteger($uid, array());
$model->refresh($uid);
$this->setRedirect(Route::_('index.php?option=com_installer&view=manage', false));
}

7
administrator/components/com_installer/src/Controller/UpdateController.php
View File

@ -20,7 +20,6 @@ use Joomla\CMS\Session\Session;
use Joomla\CMS\Updater\Updater;
use Joomla\CMS\Uri\Uri;
use Joomla\Component\Installer\Administrator\Model\UpdateModel;
use Joomla\Utilities\ArrayHelper;
/**
* Installer Update Controller
@ -44,8 +43,10 @@ class UpdateController extends BaseController
/** @var UpdateModel $model */
$model = $this->getModel('update');
$uid = $this->input->get('cid', array(), 'array');
$uid = ArrayHelper::toInteger($uid, array());
$uid = (array) $this->input->get('cid', array(), 'int');
// Remove zero values resulting from input filter
$uid = array_filter($uid);
// Get the minimum stability.
$params = ComponentHelper::getComponent('com_installer')->getParams();

10
administrator/components/com_installer/src/Controller/UpdatesitesController.php
View File

@ -86,11 +86,14 @@ class UpdatesitesController extends AdminController
// Check for request forgeries.
$this->checkToken();
$ids = $this->input->get('cid', array(), 'array');
$ids = (array) $this->input->get('cid', array(), 'int');
$values = array('publish' => 1, 'unpublish' => 0);
$task = $this->getTask();
$value = ArrayHelper::getValue($values, $task, 0, 'int');
// Remove zero values resulting from input filter
$ids = array_filter($ids);
if (empty($ids))
{
throw new \Exception(Text::_('COM_INSTALLER_ERROR_NO_UPDATESITES_SELECTED'), 500);
@ -127,7 +130,10 @@ class UpdatesitesController extends AdminController
// Check for request forgeries.
$this->checkToken();
$ids = $this->input->get('cid', array(), 'array');
$ids = (array) $this->input->get('cid', array(), 'int');
// Remove zero values resulting from input filter
$ids = array_filter($ids);
if (empty($ids))
{

8
administrator/components/com_languages/src/Controller/InstalledController.php
View File

@ -35,7 +35,7 @@ class InstalledController extends BaseController
// Check for request forgeries.
$this->checkToken();
$cid = $this->input->get('cid', '');
$cid = (string) $this->input->get('cid', '', 'string');
$model = $this->getModel('installed');
if ($model->publish($cid))
@ -81,7 +81,7 @@ class InstalledController extends BaseController
// Check for request forgeries.
$this->checkToken();
$cid = $this->input->get('cid', '');
$cid = (string) $this->input->get('cid', '', 'string');
$model = $this->getModel('installed');
// Fetching the language name from the langmetadata.xml or xx-XX.xml respectively.
@ -92,12 +92,12 @@ class InstalledController extends BaseController
$file = JPATH_ADMINISTRATOR . '/language/' . $cid . '/' . $cid . '.xml';
}
$info = LanguageHelper::parseXMLLanguageFile($file);
$languageName = $info['nativeName'];
$info = LanguageHelper::parseXMLLanguageFile($file);
if ($model->switchAdminLanguage($cid))
{
// Switching to the new language for the message
$languageName = $info['nativeName'];
$language = Factory::getLanguage();
$newLang = Language::getInstance($cid);
Factory::$language = $newLang;

2
administrator/components/com_languages/src/Controller/OverrideController.php
View File

@ -37,7 +37,7 @@ class OverrideController extends FormController
// Do not cache the response to this, its a redirect
$this->app->allowCache(false);
$cid = $this->input->post->get('cid', array(), 'array');
$cid = (array) $this->input->post->get('cid', array(), 'string');
$context = "$this->option.edit.$this->context";
// Get the constant name.

7
administrator/components/com_languages/src/Controller/OverridesController.php
View File

@ -43,9 +43,12 @@ class OverridesController extends AdminController
$this->checkToken();
// Get items to delete from the request.
$cid = $this->input->get('cid', array(), 'array');
$cid = (array) $this->input->get('cid', array(), 'string');
if (!is_array($cid) || count($cid) < 1)
// Remove zero values resulting from input filter
$cid = array_filter($cid);
if (empty($cid))
{
$this->setMessage(Text::_($this->text_prefix . '_NO_ITEM_SELECTED'), 'warning');
}

16
administrator/components/com_menus/src/Controller/ItemsController.php
View File

@ -132,11 +132,14 @@ class ItemsController extends AdminController
$app = $this->app;
// Get items to publish from the request.
$cid = $this->input->get('cid', array(), 'array');
$cid = (array) $this->input->get('cid', array(), 'int');
$data = array('setDefault' => 1, 'unsetDefault' => 0);
$task = $this->getTask();
$value = ArrayHelper::getValue($data, $task, 0, 'int');
// Remove zero values resulting from input filter
$cid = array_filter($cid);
if (empty($cid))
{
$this->setMessage(Text::_($this->text_prefix . '_NO_ITEM_SELECTED'), 'warning');
@ -146,9 +149,6 @@ class ItemsController extends AdminController
// Get the model.
$model = $this->getModel();
// Make sure the item ids are integers
$cid = ArrayHelper::toInteger($cid);
// Publish the items.
if (!$model->setHome($cid, $value))
{
@ -190,11 +190,14 @@ class ItemsController extends AdminController
$this->checkToken();
// Get items to publish from the request.
$cid = $this->input->get('cid', array(), 'array');
$cid = (array) $this->input->get('cid', array(), 'int');
$data = array('publish' => 1, 'unpublish' => 0, 'trash' => -2, 'report' => -3);
$task = $this->getTask();
$value = ArrayHelper::getValue($data, $task, 0, 'int');
// Remove zero values resulting from input filter
$cid = array_filter($cid);
if (empty($cid))
{
try
@ -211,9 +214,6 @@ class ItemsController extends AdminController
// Get the model.
$model = $this->getModel();
// Make sure the item ids are integers
$cid = ArrayHelper::toInteger($cid);
// Publish the items.
try
{

17
administrator/components/com_menus/src/Controller/MenuController.php
View File

@ -205,9 +205,22 @@ class MenuController extends FormController
// Check for request forgeries.
$this->checkToken();
$cid = $this->input->get('cid', array(), 'array');
$cid = (array) $this->input->get('cid', array(), 'int');
// We know the first element is the one we need because we don't allow multi selection of rows
$id = empty($cid) ? 0 : reset($cid);
if ($id === 0)
{
$this->setMessage(Text::_('COM_MENUS_SELECT_MENU_FIRST_EXPORT'), 'warning');
$this->setRedirect(Route::_('index.php?option=com_menus&view=menus', false));
return false;
}
$model = $this->getModel('Menu');
$item = $model->getItem(reset($cid));
$item = $model->getItem($id);
if (!$item->menutype)
{

11
administrator/components/com_menus/src/Controller/MenusController.php
View File

@ -15,7 +15,6 @@ use Joomla\CMS\Factory;
use Joomla\CMS\Language\Text;
use Joomla\CMS\MVC\Controller\BaseController;
use Joomla\Database\ParameterType;
use Joomla\Utilities\ArrayHelper;
/**
* The Menu List Controller
@ -67,9 +66,12 @@ class MenusController extends BaseController
$this->checkToken();
$user = $this->app->getIdentity();
$cids = (array) $this->input->get('cid', array(), 'array');
$cids = (array) $this->input->get('cid', array(), 'int');
if (count($cids) < 1)
// Remove zero values resulting from input filter
$cids = array_filter($cids);
if (empty($cids))
{
$this->setMessage(Text::_('COM_MENUS_NO_MENUS_SELECTED'), 'warning');
}
@ -92,9 +94,6 @@ class MenusController extends BaseController
/** @var \Joomla\Component\Menus\Administrator\Model\MenuModel $model */
$model = $this->getModel();
// Make sure the item ids are integers
$cids = ArrayHelper::toInteger($cids);
// Remove the items.
if (!$model->delete($cids))
{

16
administrator/components/com_menus/src/Field/MenutypeField.php
View File

@ -75,15 +75,19 @@ class MenutypeField extends ListField
default:
$link = $this->form->getValue('link');
$value = '';
$model = Factory::getApplication()->bootComponent('com_menus')
->getMVCFactory()->createModel('Menutypes', 'Administrator', array('ignore_request' => true));
$model->setState('client_id', $clientId);
if ($link !== null)
{
$model = Factory::getApplication()->bootComponent('com_menus')
->getMVCFactory()->createModel('Menutypes', 'Administrator', array('ignore_request' => true));
$model->setState('client_id', $clientId);
$rlu = $model->getReverseLookup();
$rlu = $model->getReverseLookup();
// Clean the link back to the option, view and layout
$value = Text::_(ArrayHelper::getValue($rlu, MenusHelper::getLinkKey($link)));
// Clean the link back to the option, view and layout
$value = Text::_(ArrayHelper::getValue($rlu, MenusHelper::getLinkKey($link)));
}
break;
}

18
administrator/components/com_menus/src/Model/ItemModel.php
View File

@ -732,8 +732,12 @@ class ItemModel extends AdminModel
$table->type = 'component';
// Ensure the integrity of the component_id field is maintained, particularly when changing the menu item type.
$args = array();
parse_str(parse_url($table->link, PHP_URL_QUERY), $args);
$args = [];
if ($table->link)
{
parse_str(parse_url($table->link, PHP_URL_QUERY), $args);
}
if (isset($args['option']))
{
@ -1138,11 +1142,15 @@ class ItemModel extends AdminModel
// Initialise form with component view params if available.
if ($type == 'component')
{
$link = htmlspecialchars_decode($link);
$link = $link ? htmlspecialchars_decode($link) : '';
// Parse the link arguments.
$args = array();
parse_str(parse_url(htmlspecialchars_decode($link), PHP_URL_QUERY), $args);
$args = [];
if ($link)
{
parse_str(parse_url(htmlspecialchars_decode($link), PHP_URL_QUERY), $args);
}
// Confirm that the option is defined.
$option = '';

9
administrator/components/com_menus/tmpl/menus/default.php
View File

@ -18,7 +18,8 @@ use Joomla\CMS\Uri\Uri;
/** @var \Joomla\CMS\WebAsset\WebAssetManager $wa */
$wa = $this->document->getWebAssetManager();
$wa->useScript('table.columns')
->useScript('multiselect');
->useScript('multiselect')
->useScript('com_menus.admin-menus');
$uri = Uri::getInstance();
$return = base64_encode($uri);
@ -37,12 +38,6 @@ foreach ($this->items as $item)
}
$this->document->addScriptOptions('menus-default', ['items' => $itemIds]);
/** @var Joomla\CMS\WebAsset\WebAssetManager $wa */
$wa = $this->document->getWebAssetManager();
$wa->useScript('multiselect')
->useScript('com_menus.admin-menus');
?>
<form action="<?php echo Route::_('index.php?option=com_menus&view=menus'); ?>" method="post" name="adminForm" id="adminForm">
<div class="row">

7
administrator/components/com_modules/src/Controller/ModulesController.php
View File

@ -14,7 +14,6 @@ namespace Joomla\Component\Modules\Administrator\Controller;
use Joomla\CMS\Language\Text;
use Joomla\CMS\MVC\Controller\AdminController;
use Joomla\CMS\Response\JsonResponse;
use Joomla\Utilities\ArrayHelper;
/**
* Modules list controller class.
@ -35,8 +34,10 @@ class ModulesController extends AdminController
// Check for request forgeries
$this->checkToken();
$pks = $this->input->post->get('cid', array(), 'array');
$pks = ArrayHelper::toInteger($pks);
$pks = (array) $this->input->post->get('cid', array(), 'int');
// Remove zero values resulting from input filter
$pks = array_filter($pks);
try
{

2
administrator/components/com_plugins/src/View/Plugin/HtmlView.php
View File

@ -101,7 +101,7 @@ class HtmlView extends BaseHtmlView
$help = $this->get('Help');
if ($lang->hasKey($help->url))
if ($help->url && $lang->hasKey($help->url))
{
$debug = $lang->setDebug(false);
$url = Text::_($help->url);

2
administrator/components/com_postinstall/src/Controller/MessageController.php
View File

@ -83,7 +83,7 @@ class MessageController extends BaseController
*/
public function action()
{
$this->checkToken();
$this->checkToken('get');
$model = $this->getModel('Messages', '', array('ignore_request' => true));

5
administrator/components/com_privacy/src/Controller/ConsentsController.php
View File

@ -36,7 +36,10 @@ class ConsentsController extends FormController
// Check for request forgeries
$this->checkToken();
$ids = $this->input->get('cid', [], 'array');
$ids = (array) $this->input->get('cid', [], 'int');
// Remove zero values resulting from input filter
$ids = array_filter($ids);
if (empty($ids))
{

25
administrator/components/com_redirect/src/Controller/LinksController.php
View File

@ -14,7 +14,6 @@ namespace Joomla\Component\Redirect\Administrator\Controller;
use Joomla\CMS\Component\ComponentHelper;
use Joomla\CMS\Language\Text;
use Joomla\CMS\MVC\Controller\AdminController;
use Joomla\Utilities\ArrayHelper;
/**
* Redirect link list controller class.
@ -35,9 +34,10 @@ class LinksController extends AdminController
// Check for request forgeries.
$this->checkToken();
$ids = $this->input->get('cid', array(), 'array');
$newUrl = $this->input->getString('new_url');
$comment = $this->input->getString('comment');
$ids = (array) $this->input->get('cid', array(), 'int');
// Remove zero values resulting from input filter
$ids = array_filter($ids);
if (empty($ids))
{
@ -45,11 +45,12 @@ class LinksController extends AdminController
}
else
{
$newUrl = $this->input->getString('new_url');
$comment = $this->input->getString('comment');
// Get the model.
$model = $this->getModel();
$ids = ArrayHelper::toInteger($ids);
// Remove the items.
if (!$model->activate($ids, $newUrl, $comment))
{
@ -76,9 +77,10 @@ class LinksController extends AdminController
// Check for request forgeries.
$this->checkToken();
$ids = $this->input->get('cid', array(), 'array');
$newUrl = $this->input->getString('new_url');
$comment = $this->input->getString('comment');
$ids = (array) $this->input->get('cid', array(), 'int');
// Remove zero values resulting from input filter
$ids = array_filter($ids);
if (empty($ids))
{
@ -86,11 +88,12 @@ class LinksController extends AdminController
}
else
{
$newUrl = $this->input->getString('new_url');
$comment = $this->input->getString('comment');
// Get the model.
$model = $this->getModel();
$ids = ArrayHelper::toInteger($ids);
// Remove the items.
if (!$model->duplicateUrls($ids, $newUrl, $comment))
{

5
administrator/components/com_scheduler/src/Controller/TasksController.php
View File

@ -57,7 +57,10 @@ class TasksController extends AdminController
$this->checkToken();
/** @var integer[] $cid Items to publish (from request parameters). */
$cid = $this->input->get('cid', [], 'array');
$cid = (array) $this->input->get('cid', [], 'int');
// Remove zero values resulting from input filter
$cid = array_filter($cid);
if (empty($cid))
{

10
administrator/components/com_scheduler/tmpl/tasks/default.php
View File

@ -25,7 +25,9 @@ use Joomla\Component\Scheduler\Administrator\View\Tasks\HtmlView;
/** @var \Joomla\CMS\WebAsset\WebAssetManager $wa */
$wa = $this->document->getWebAssetManager();
$wa->useScript('table.columns')
->useScript('multiselect');
->useScript('multiselect')
->useScript('com_scheduler.test-task')
->useStyle('com_scheduler.admin-view-tasks-css');
Text::script('COM_SCHEDULER_TEST_RUN_TITLE');
Text::script('COM_SCHEDULER_TEST_RUN_TASK');
@ -65,12 +67,6 @@ if ($saveOrder && !empty($this->items))
}
$this->document->addScriptOptions('com_scheduler.test-task.token', Session::getFormToken());
/** @var Joomla\CMS\WebAsset\WebAssetManager $wa */
$wa = $this->document->getWebAssetManager();
$wa->useScript('multiselect')
->useScript('com_scheduler.test-task')
->useStyle('com_scheduler.admin-view-tasks-css');
?>
<form action="<?php echo Route::_('index.php?option=com_scheduler&view=tasks'); ?>" method="post" name="adminForm"

21
administrator/components/com_templates/src/Controller/StylesController.php
View File

@ -14,7 +14,6 @@ namespace Joomla\Component\Templates\Administrator\Controller;
use Joomla\CMS\Language\Text;
use Joomla\CMS\MVC\Controller\AdminController;
use Joomla\CMS\MVC\Model\BaseDatabaseModel;
use Joomla\Utilities\ArrayHelper;
/**
* Template styles list controller class.
@ -33,7 +32,10 @@ class StylesController extends AdminController
// Check for request forgeries
$this->checkToken();
$pks = $this->input->post->get('cid', array(), 'array');
$pks = (array) $this->input->post->get('cid', array(), 'int');
// Remove zero values resulting from input filter
$pks = array_filter($pks);
try
{
@ -42,8 +44,6 @@ class StylesController extends AdminController
throw new \Exception(Text::_('COM_TEMPLATES_NO_TEMPLATE_SELECTED'));
}
$pks = ArrayHelper::toInteger($pks);
$model = $this->getModel();
$model->duplicate($pks);
$this->setMessage(Text::_('COM_TEMPLATES_SUCCESS_DUPLICATED'));
@ -84,7 +84,10 @@ class StylesController extends AdminController
// Check for request forgeries
$this->checkToken();
$pks = $this->input->post->get('cid', array(), 'array');
$pks = (array) $this->input->post->get('cid', array(), 'int');
// Remove zero values resulting from input filter
$pks = array_filter($pks);
try
{
@ -93,8 +96,6 @@ class StylesController extends AdminController
throw new \Exception(Text::_('COM_TEMPLATES_NO_TEMPLATE_SELECTED'));
}
$pks = ArrayHelper::toInteger($pks);
// Pop off the first element.
$id = array_shift($pks);
@ -123,8 +124,10 @@ class StylesController extends AdminController
// Check for request forgeries
$this->checkToken('request');
$pks = $this->input->get->get('cid', array(), 'array');
$pks = ArrayHelper::toInteger($pks);
$pks = (array) $this->input->get->get('cid', array(), 'int');
// Remove zero values resulting from input filter
$pks = array_filter($pks);
try
{

2
administrator/components/com_templates/src/Controller/TemplateController.php
View File

@ -94,7 +94,7 @@ class TemplateController extends BaseController
$file = $this->input->get('file');
$id = $this->input->get('id');
$ids = $this->input->get('cid', array(), 'array');
$ids = (array) $this->input->get('cid', array(), 'string');
$values = array('publish' => 1, 'unpublish' => 0, 'deleteOverrideHistory' => -3);
$task = $this->getTask();
$value = ArrayHelper::getValue($values, $task, 0, 'int');

11
administrator/components/com_users/forms/user.xml
View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<form>
<form addfieldprefix="Joomla\Component\Users\Administrator\Field">
<fieldset name="user_details" label="COM_USERS_USER_ACCOUNT_DETAILS">
<field
name="name"
@ -124,6 +124,15 @@
<option value="1">JYES</option>
</field>
<field
name="authProvider"
type="primaryauthproviders"
label="COM_USERS_USER_FIELD_AUTHPROVIDER_LABEL"
description="COM_USERS_USER_FIELD_AUTHPROVIDER_DESC"
>
<option value="">JNONE</option>
</field>
<field
name="id"
type="text"

8
administrator/components/com_users/src/Controller/LevelController.php
View File

@ -18,7 +18,6 @@ use Joomla\CMS\Language\Text;
use Joomla\CMS\MVC\Controller\FormController;
use Joomla\CMS\Router\Route;
use Joomla\Database\ParameterType;
use Joomla\Utilities\ArrayHelper;
/**
* User view level controller class.
@ -111,7 +110,10 @@ class LevelController extends FormController
// Check for request forgeries.
$this->checkToken();
$ids = $this->input->get('cid', array(), 'array');
$ids = (array) $this->input->get('cid', array(), 'int');
// Remove zero values resulting from input filter
$ids = array_filter($ids);
if (!$this->app->getIdentity()->authorise('core.admin', $this->option))
{
@ -126,8 +128,6 @@ class LevelController extends FormController
// Get the model.
$model = $this->getModel();
$ids = ArrayHelper::toInteger($ids);
// Remove the items.
if ($model->delete($ids))
{

10
administrator/components/com_users/src/Controller/UsersController.php
View File

@ -81,11 +81,14 @@ class UsersController extends AdminController
// Check for request forgeries.
$this->checkToken();
$ids = $this->input->get('cid', array(), 'array');
$ids = (array) $this->input->get('cid', array(), 'int');
$values = array('block' => 1, 'unblock' => 0);
$task = $this->getTask();
$value = ArrayHelper::getValue($values, $task, 0, 'int');
// Remove zero values resulting from input filter
$ids = array_filter($ids);
if (empty($ids))
{
$this->setMessage(Text::_('COM_USERS_USERS_NO_ITEM_SELECTED'), 'warning');
@ -128,7 +131,10 @@ class UsersController extends AdminController
// Check for request forgeries.
$this->checkToken();
$ids = $this->input->get('cid', array(), 'array');
$ids = (array) $this->input->get('cid', array(), 'int');
// Remove zero values resulting from input filter
$ids = array_filter($ids);
if (empty($ids))
{

71
administrator/components/com_users/src/Field/PrimaryauthprovidersField.php Normal file
View File

@ -0,0 +1,71 @@
<?php
/**
* @package Joomla.Administrator
* @subpackage com_users
*
* @copyright Copyright (C) 2022 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
namespace Joomla\Component\Users\Administrator\Field;
use Joomla\CMS\Form\Field\ListField;
use Joomla\CMS\Plugin\PluginHelper;
defined('_JEXEC') or die;
/**
* Auth provider field.
*
* @since 3.10.7
*/
class PrimaryauthprovidersField extends ListField
{
/**
* The form field type.
*
* @var string
* @since 3.10.7
*/
protected $type = 'Primaryauthproviders';
/**
* Method to get the field options.
*
* @return array The field option objects
*
* @since 3.10.7
*/
protected function getOptions()
{
// Build the filter options.
$options = array();
PluginHelper::importPlugin('authentication');
$plugins = PluginHelper::getPlugin('authentication');
foreach ($plugins as $plugin)
{
$className = 'plg' . $plugin->type . $plugin->name;
if (!class_exists($className))
{
continue;
}
if (!is_subclass_of(
$className,
"Joomla\CMS\Authentication\ProviderAwareAuthenticationPluginInterface"
)
|| !$className::isPrimaryProvider())
{
continue;
}
$options[] = (object) ['value' => $className::getProviderName(), 'text' => $className::getProviderName()];
}
// Merge any additional options in the XML definition.
return array_merge(parent::getOptions(), $options);
}
}

7
administrator/components/com_users/src/Model/UserModel.php
View File

@ -1215,6 +1215,13 @@ class UserModel extends AdminModel
public function getTwofactorform($userId = null)
{
$userId = (!empty($userId)) ? $userId : (int) $this->getState('user.id');
$user = $this->getItem($userId);
// Check if core is the auth provider
if ($user->authProvider !== 'Joomla')
{
return [];
}
$otpConfig = $this->getOtpConfig($userId);

9
administrator/components/com_workflow/src/Controller/StagesController.php
View File

@ -135,7 +135,7 @@ class StagesController extends AdminController
$this->checkToken();
// Get items to publish from the request.
$cid = $this->input->get('cid', array(), 'array');
$cid = (array) $this->input->get('cid', array(), 'int');
$data = array('setDefault' => 1, 'unsetDefault' => 0);
$task = $this->getTask();
$value = ArrayHelper::getValue($data, $task, 0, 'int');
@ -153,7 +153,10 @@ class StagesController extends AdminController
return;
}
if (empty($cid) || !is_array($cid))
// Remove zero values resulting from input filter
$cid = array_filter($cid);
if (empty($cid))
{
$this->setMessage(Text::_('COM_WORKFLOW_NO_ITEM_SELECTED'), 'warning');
}
@ -167,7 +170,7 @@ class StagesController extends AdminController
$model = $this->getModel();
// Make sure the item ids are integers
$id = (int) reset($cid);
$id = reset($cid);
// Publish the items.
if (!$model->setDefault($id, $value))

9
administrator/components/com_workflow/src/Controller/WorkflowsController.php
View File

@ -108,7 +108,7 @@ class WorkflowsController extends AdminController
$this->checkToken();
// Get items to publish from the request.
$cid = $this->input->get('cid', array(), 'array');
$cid = (array) $this->input->get('cid', array(), 'int');
$data = array('setDefault' => 1, 'unsetDefault' => 0);
$task = $this->getTask();
$value = ArrayHelper::getValue($data, $task, 0, 'int');
@ -126,7 +126,10 @@ class WorkflowsController extends AdminController
return;
}
if (empty($cid) || !is_array($cid))
// Remove zero values resulting from input filter
$cid = array_filter($cid);
if (empty($cid))
{
$this->setMessage(Text::_('COM_WORKFLOW_NO_ITEM_SELECTED'), 'warning');
}
@ -140,7 +143,7 @@ class WorkflowsController extends AdminController
$model = $this->getModel();
// Make sure the item ids are integers
$id = (int) reset($cid);
$id = reset($cid);
// Publish the items.
if (!$model->setDefault($id, $value))

2
administrator/language/en-GB/com_users.ini
View File

@ -350,6 +350,8 @@ COM_USERS_USER_FIELD_PASSWORD1_MESSAGE="The passwords you entered do not match.
COM_USERS_USER_FIELD_PASSWORD2_LABEL="Confirm Password"
COM_USERS_USER_FIELD_REGISTERDATE_LABEL="Registration Date"
COM_USERS_USER_FIELD_REQUIRERESET_LABEL="Require Password Reset"
COM_USERS_USER_FIELD_AUTHPROVIDER_DESC="Which authentication method you want to set on the user account"
COM_USERS_USER_FIELD_AUTHPROVIDER_LABEL="Authentication Method"
COM_USERS_USER_FIELD_RESETCOUNT_LABEL="Password Reset Count"
COM_USERS_USER_FIELD_SENDEMAIL_LABEL="Receive System Emails"
COM_USERS_USER_FIELD_TIMEZONE_LABEL="Time Zone"

2
administrator/language/en-GB/com_workflow.ini
View File

@ -74,8 +74,8 @@ COM_WORKFLOW_SET_DEFAULT="Workflow set as default."
COM_WORKFLOW_STAGE="Existing Stages"
COM_WORKFLOW_STAGE_ADD="Add Stage"
COM_WORKFLOW_STAGE_EDIT="Edit Stage"
COM_WORKFLOW_STAGE_FORM_ADD="Add Stage"
COM_WORKFLOW_STAGE_FORM_EDIT="Edit Stage"
COM_WORKFLOW_STAGE_FORM_NEW="Add Stage"
COM_WORKFLOW_STAGE_NOTE="Note"
COM_WORKFLOW_STAGE_SET_DEFAULT="Stage set as default."
COM_WORKFLOW_STAGES="Stages"

2
administrator/language/en-GB/install.xml
View File

@ -3,7 +3,7 @@
<name>English (en-GB)</name>
<tag>en-GB</tag>
<version>4.2.0</version>
<creationDate>January 2022</creationDate>
<creationDate>March 2022</creationDate>
<author>Joomla! Project</author>
<authorEmail>admin@joomla.org</authorEmail>
<authorUrl>www.joomla.org</authorUrl>

2
administrator/language/en-GB/langmetadata.xml
View File

@ -2,7 +2,7 @@
<metafile client="administrator">
<name>English (en-GB)</name>
<version>4.2.0</version>
<creationDate>January 2022</creationDate>
<creationDate>March 2022</creationDate>
<author>Joomla! Project</author>
<authorEmail>admin@joomla.org</authorEmail>
<authorUrl>www.joomla.org</authorUrl>

4
administrator/manifests/files/joomla.xml
View File

@ -6,8 +6,8 @@
<authorUrl>www.joomla.org</authorUrl>
<copyright>(C) 2019 Open Source Matters, Inc.</copyright>
<license>GNU General Public License version 2 or later; see LICENSE.txt</license>
<version>4.2.0-dev</version>
<creationDate>January 2022</creationDate>
<version>4.2.0-alpha2-dev</version>
<creationDate>March 2022</creationDate>
<description>FILES_JOOMLA_XML_DESCRIPTION</description>
<scriptfile>administrator/components/com_admin/script.php</scriptfile>

2
administrator/manifests/packages/pkg_en-GB.xml
View File

@ -3,7 +3,7 @@
<name>English (en-GB) Language Pack</name>
<packagename>en-GB</packagename>
<version>4.2.0.1</version>
<creationDate>January 2022</creationDate>
<creationDate>March 2022</creationDate>
<author>Joomla! Project</author>
<authorEmail>admin@joomla.org</authorEmail>
<authorUrl>www.joomla.org</authorUrl>

2
api/language/en-GB/install.xml
View File

@ -3,7 +3,7 @@
<name>English (en-GB)</name>
<tag>en-GB</tag>
<version>4.2.0</version>
<creationDate>January 2022</creationDate>
<creationDate>March 2022</creationDate>
<author>Joomla! Project</author>
<authorEmail>admin@joomla.org</authorEmail>
<authorUrl>www.joomla.org</authorUrl>

2
api/language/en-GB/langmetadata.xml
View File

@ -2,7 +2,7 @@
<metafile client="api">
<name>English (en-GB)</name>
<version>4.2.0</version>
<creationDate>January 2022</creationDate>
<creationDate>March 2022</creationDate>
<author>Joomla! Project</author>
<authorEmail>admin@joomla.org</authorEmail>
<authorUrl>www.joomla.org</authorUrl>

4
components/com_contact/src/Model/FormModel.php
View File

@ -138,7 +138,7 @@ class FormModel extends \Joomla\Component\Contact\Administrator\Model\ContactMod
*/
public function getReturnPage()
{
return base64_encode($this->getState('return_page'));
return base64_encode($this->getState('return_page', ''));
}
/**
@ -190,7 +190,7 @@ class FormModel extends \Joomla\Component\Contact\Administrator\Model\ContactMod
$this->setState('contact.catid', $app->input->getInt('catid'));
$return = $app->input->get('return', null, 'base64');
$return = $app->input->get('return', '', 'base64');
$this->setState('return_page', base64_decode($return));
// Load the parameters.

2
components/com_contact/tmpl/category/default_items.php
View File

@ -119,7 +119,7 @@ $listDirn = $this->escape($this->state->get('list.direction'));
</span>
</div>
<?php endif; ?>
<?php if (strtotime($item->publish_up) > strtotime(Factory::getDate())) : ?>
<?php if ($item->publish_up && strtotime($item->publish_up) > strtotime(Factory::getDate())) : ?>
<div>
<span class="list-published badge bg-warning text-light">
<?php echo Text::_('JNOTPUBLISHEDYET'); ?>

6
components/com_content/src/Controller/ArticleController.php
View File

@ -367,6 +367,12 @@ class ArticleController extends FormController
public function save($key = null, $urlVar = 'a_id')
{
$result = parent::save($key, $urlVar);
if (\in_array($this->getTask(), ['save2copy', 'apply'], true))
{
return $result;
}
$app = Factory::getApplication();
$articleId = $app->input->getInt('a_id');

4
components/com_content/src/Model/FormModel.php
View File

@ -68,7 +68,7 @@ class FormModel extends \Joomla\Component\Content\Administrator\Model\ArticleMod
$this->setState('article.catid', $app->input->getInt('catid', $catId));
$return = $app->input->get('return', null, 'base64');
$return = $app->input->get('return', '', 'base64');
$this->setState('return_page', base64_decode($return));
$this->setState('layout', $app->input->getString('layout'));
@ -178,7 +178,7 @@ class FormModel extends \Joomla\Component\Content\Administrator\Model\ArticleMod
*/
public function getReturnPage()
{
return base64_encode($this->getState('return_page'));
return base64_encode($this->getState('return_page', ''));
}
/**

6
components/com_content/tmpl/form/edit.php
View File

@ -157,10 +157,14 @@ if (!$editoroptions)
<?php echo HTMLHelper::_('form.token'); ?>
</fieldset>
<div class="mb-2">
<button type="button" class="btn btn-primary" data-submit-task="article.save">
<button type="button" class="btn btn-primary" data-submit-task="article.apply">
<span class="icon-check" aria-hidden="true"></span>
<?php echo Text::_('JSAVE'); ?>
</button>
<button type="button" class="btn btn-primary" data-submit-task="article.save">
<span class="icon-check" aria-hidden="true"></span>
<?php echo Text::_('JSAVEANDCLOSE'); ?>
</button>
<?php if ($this->showSaveAsCopy) : ?>
<button type="button" class="btn btn-primary" data-submit-task="article.save2copy">
<span class="icon-copy" aria-hidden="true"></span>

5
components/com_tags/src/Model/TagModel.php
View File

@ -186,7 +186,7 @@ class TagModel extends ListModel
$this->setState('params', $params);
// Load state from the request.
$ids = $app->input->get('id', array(), 'array');
$ids = (array) $app->input->get('id', array());
if (count($ids) == 1)
{
@ -195,6 +195,9 @@ class TagModel extends ListModel
$ids = ArrayHelper::toInteger($ids);
// Remove zero values resulting from bad input
$ids = array_filter($ids);
$pkString = implode(',', $ids);
$this->setState('tag.id', $pkString);

8
components/com_tags/src/View/Tag/FeedView.php
View File

@ -34,10 +34,12 @@ class FeedView extends BaseHtmlView
public function display($tpl = null)
{
$app = Factory::getApplication();
$ids = $app->input->get('id', array(), 'array');
$ids = (array) $app->input->get('id', array(), 'int');
$i = 0;
$tagIds = '';
$filter = new InputFilter;
// Remove zero values resulting from input filter
$ids = array_filter($ids);
foreach ($ids as $id)
{
@ -46,7 +48,7 @@ class FeedView extends BaseHtmlView
$tagIds .= '&';
}
$tagIds .= 'id[' . $i . ']=' . $filter->clean($id, 'INT');
$tagIds .= 'id[' . $i . ']=' . $id;
$i++;
}

8
components/com_users/src/Model/ProfileModel.php
View File

@ -366,6 +366,14 @@ class ProfileModel extends FormModel
$model = $this->bootComponent('com_users')->getMVCFactory()
->createModel('User', 'Administrator');
$user = $model->getItem($userId);
// Check if core is the auth provider
if ($user->authProvider !== 'Joomla')
{
return array();
}
$otpConfig = $model->getOtpConfig($userId);
PluginHelper::importPlugin('twofactorauth');

2
components/com_users/tmpl/login/default_login.php
View File

@ -108,7 +108,7 @@ $usersConfig = ComponentHelper::getParams('com_users');
</div>
</div>
<?php $return = $this->form->getValue('return', '', $this->params->get('login_redirect_url', $this->params->get('login_redirect_menuitem'))); ?>
<?php $return = $this->form->getValue('return', '', $this->params->get('login_redirect_url', $this->params->get('login_redirect_menuitem', ''))); ?>
<input type="hidden" name="return" value="<?php echo base64_encode($return); ?>">
<?php echo HTMLHelper::_('form.token'); ?>
</fieldset>

4
components/com_users/tmpl/login/default_logout.php
View File

@ -50,9 +50,9 @@ use Joomla\CMS\Router\Route;
</div>
</div>
<?php if ($this->params->get('logout_redirect_url')) : ?>
<input type="hidden" name="return" value="<?php echo base64_encode($this->params->get('logout_redirect_url', $this->form->getValue('return'))); ?>">
<input type="hidden" name="return" value="<?php echo base64_encode($this->params->get('logout_redirect_url', $this->form->getValue('return', null, ''))); ?>">
<?php else : ?>
<input type="hidden" name="return" value="<?php echo base64_encode($this->params->get('logout_redirect_menuitem', $this->form->getValue('return'))); ?>">
<input type="hidden" name="return" value="<?php echo base64_encode($this->params->get('logout_redirect_menuitem', $this->form->getValue('return', null, ''))); ?>">
<?php endif; ?>
<?php echo HTMLHelper::_('form.token'); ?>
</form>

2
components/com_users/tmpl/profile/edit.php
View File

@ -61,7 +61,7 @@ $wa->useScript('keepalive')
<?php endif; ?>
<?php endforeach; ?>
<?php if (count($this->twofactormethods) > 1) : ?>
<?php if (count($this->twofactormethods) > 1 && !empty($this->twofactorform)) : ?>
<fieldset class="com-users-profile__twofactor">
<legend><?php echo Text::_('COM_USERS_PROFILE_TWO_FACTOR_AUTH'); ?></legend>

3
composer.json
View File

@ -93,7 +93,8 @@
"ext-gd": "*",
"web-auth/webauthn-lib": "2.1.*",
"composer/ca-bundle": "^1.2",
"dragonmantank/cron-expression": "^3.1"
"dragonmantank/cron-expression": "^3.1",
"enshrined/svg-sanitize": "^0.15.4"
},
"require-dev": {
"phpunit/phpunit": "^8.5",

101
composer.lock generated
View File

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "5d3606db6081658d68430d7ea9aa7a5c",
"content-hash": "d7441f6c81395c6d749ed02654f49a37",
"packages": [
{
"name": "algo26-matthias/idna-convert",
@ -484,6 +484,51 @@
],
"time": "2020-11-24T19:55:57+00:00"
},
{
"name": "enshrined/svg-sanitize",
"version": "0.15.4",
"source": {
"type": "git",
"url": "https://github.com/darylldoyle/svg-sanitizer.git",
"reference": "e50b83a2f1f296ca61394fe88fbfe3e896a84cf4"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/e50b83a2f1f296ca61394fe88fbfe3e896a84cf4",
"reference": "e50b83a2f1f296ca61394fe88fbfe3e896a84cf4",
"shasum": ""
},
"require": {
"ext-dom": "*",
"ext-libxml": "*",
"php": "^7.0 || ^8.0"
},
"require-dev": {
"phpunit/phpunit": "^6.5 || ^8.5"
},
"type": "library",
"autoload": {
"psr-4": {
"enshrined\\svgSanitize\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"GPL-2.0-or-later"
],
"authors": [
{
"name": "Daryll Doyle",
"email": "daryll@enshrined.co.uk"
}
],
"description": "An SVG sanitizer for PHP",
"support": {
"issues": "https://github.com/darylldoyle/svg-sanitizer/issues",
"source": "https://github.com/darylldoyle/svg-sanitizer/tree/0.15.4"
},
"time": "2022-02-21T09:13:59+00:00"
},
{
"name": "fgrosse/phpasn1",
"version": "v2.4.0",
@ -799,21 +844,21 @@
},
{
"name": "joomla/archive",
"version": "2.0.0",
"version": "2.0.1",
"source": {
"type": "git",
"url": "https://github.com/joomla-framework/archive.git",
"reference": "dd1c76d6ff37789297e275ce822e1b24deb33274"
"reference": "cedda2cf21c388c590b8a110df25db6197765b8c"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/joomla-framework/archive/zipball/dd1c76d6ff37789297e275ce822e1b24deb33274",
"reference": "dd1c76d6ff37789297e275ce822e1b24deb33274",
"url": "https://api.github.com/repos/joomla-framework/archive/zipball/cedda2cf21c388c590b8a110df25db6197765b8c",
"reference": "cedda2cf21c388c590b8a110df25db6197765b8c",
"shasum": ""
},
"require": {
"joomla/filesystem": "^2.0@rc",
"php": "^7.2.5"
"joomla/filesystem": "^2.0",
"php": "^7.2.5|^8.0"
},
"require-dev": {
"joomla/coding-standards": "^3.0@dev",
@ -849,7 +894,7 @@
],
"support": {
"issues": "https://github.com/joomla-framework/archive/issues",
"source": "https://github.com/joomla-framework/archive/tree/2.0.0"
"source": "https://github.com/joomla-framework/archive/tree/2.0.1"
},
"funding": [
{
@ -861,7 +906,7 @@
"type": "github"
}
],
"time": "2021-08-10T19:12:57+00:00"
"time": "2022-03-29T13:03:06+00:00"
},
{
"name": "joomla/authentication",
@ -1349,16 +1394,16 @@
},
{
"name": "joomla/filesystem",
"version": "2.0.0",
"version": "2.0.1",
"source": {
"type": "git",
"url": "https://github.com/joomla-framework/filesystem.git",
"reference": "c8490f062a3764920d5cd784484e6495d975debe"
"reference": "d991e618da69e557a84ea97e6a601afec28ae8cf"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/joomla-framework/filesystem/zipball/c8490f062a3764920d5cd784484e6495d975debe",
"reference": "c8490f062a3764920d5cd784484e6495d975debe",
"url": "https://api.github.com/repos/joomla-framework/filesystem/zipball/d991e618da69e557a84ea97e6a601afec28ae8cf",
"reference": "d991e618da69e557a84ea97e6a601afec28ae8cf",
"shasum": ""
},
"require": {
@ -1394,7 +1439,7 @@
],
"support": {
"issues": "https://github.com/joomla-framework/filesystem/issues",
"source": "https://github.com/joomla-framework/filesystem/tree/2.0.0"
"source": "https://github.com/joomla-framework/filesystem/tree/2.0.1"
},
"funding": [
{
@ -1406,20 +1451,20 @@
"type": "github"
}
],
"time": "2021-08-10T18:51:15+00:00"
"time": "2022-03-29T12:43:57+00:00"
},
{
"name": "joomla/filter",
"version": "2.0.0",
"version": "2.0.1",
"source": {
"type": "git",
"url": "https://github.com/joomla-framework/filter.git",
"reference": "8e75093af3e1614ba774cd94fd39517c19ed0444"
"reference": "137ca3f8925c4529a113735404b873fad0a1305f"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/joomla-framework/filter/zipball/8e75093af3e1614ba774cd94fd39517c19ed0444",
"reference": "8e75093af3e1614ba774cd94fd39517c19ed0444",
"url": "https://api.github.com/repos/joomla-framework/filter/zipball/137ca3f8925c4529a113735404b873fad0a1305f",
"reference": "137ca3f8925c4529a113735404b873fad0a1305f",
"shasum": ""
},
"require": {
@ -1461,7 +1506,7 @@
],
"support": {
"issues": "https://github.com/joomla-framework/filter/issues",
"source": "https://github.com/joomla-framework/filter/tree/2.0.0"
"source": "https://github.com/joomla-framework/filter/tree/2.0.1"
},
"funding": [
{
@ -1473,7 +1518,7 @@
"type": "github"
}
],
"time": "2021-08-10T18:51:02+00:00"
"time": "2022-02-15T21:33:06+00:00"
},
{
"name": "joomla/http",
@ -1545,16 +1590,16 @@
},
{
"name": "joomla/input",
"version": "2.0.1",
"version": "2.0.2",
"source": {
"type": "git",
"url": "https://github.com/joomla-framework/input.git",
"reference": "f68ee0bb888f4cce554e8d656cf1fb930b24a366"
"reference": "954ed4680299426a896401b6c9e148d1f539dd2a"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/joomla-framework/input/zipball/f68ee0bb888f4cce554e8d656cf1fb930b24a366",
"reference": "f68ee0bb888f4cce554e8d656cf1fb930b24a366",
"url": "https://api.github.com/repos/joomla-framework/input/zipball/954ed4680299426a896401b6c9e148d1f539dd2a",
"reference": "954ed4680299426a896401b6c9e148d1f539dd2a",
"shasum": ""
},
"require": {
@ -1591,7 +1636,7 @@
],
"support": {
"issues": "https://github.com/joomla-framework/input/issues",
"source": "https://github.com/joomla-framework/input/tree/2.0.1"
"source": "https://github.com/joomla-framework/input/tree/2.0.2"
},
"funding": [
{
@ -1603,7 +1648,7 @@
"type": "github"
}
],
"time": "2021-12-10T11:51:35+00:00"
"time": "2022-03-03T15:45:18+00:00"
},
{
"name": "joomla/ldap",
@ -10609,5 +10654,5 @@
"platform-overrides": {
"php": "7.2.5"
},
"plugin-api-version": "2.1.0"
"plugin-api-version": "2.2.0"
}

2
installation/language/en-GB/langmetadata.xml
View File

@ -2,7 +2,7 @@
<metafile client="installation">
<name>English (United Kingdom)</name>
<version>4.2.0</version>
<creationDate>January 2022</creationDate>
<creationDate>March 2022</creationDate>
<author>Joomla! Project</author>
<copyright>(C) 2005 Open Source Matters, Inc.</copyright>
<license>GNU General Public License version 2 or later; see LICENSE.txt</license>

2
installation/language/pl-PL/joomla.ini
View File

@ -130,7 +130,7 @@ INSTL_DEFAULTLANGUAGE_ADMIN_SET_DEFAULT="Joomla ustawił język %s jako domyśln
INSTL_DEFAULTLANGUAGE_COLUMN_HEADER_SELECT="Wybierz"
INSTL_DEFAULTLANGUAGE_COLUMN_HEADER_LANGUAGE="Język"
INSTL_DEFAULTLANGUAGE_COLUMN_HEADER_TAG="Tag"
INSTL_DEFAULTLANGUAGE_COULD_NOT_DOWNLOAD_PACKAGE="Nie udało się pobrać lub rozpakować pakietu językowego z: %s"
INSTL_DEFAULTLANGUAGE_COULD_NOT_DOWNLOAD_PACKAGE="Joomla nie udało się pobrać lub rozpakować pakietu językowego z: %s"
INSTL_DEFAULTLANGUAGE_COULD_NOT_INSTALL_LANGUAGE="Nie udało się zainstalować języka %s."
INSTL_DEFAULTLANGUAGE_DESC="W Joomla zainstalowano następujące języki. Wybierz pożądany język domyślny <strong>zaplecza administracyjnego</strong>."
INSTL_DEFAULTLANGUAGE_DESC_FRONTEND="W Joomla zainstalowano następujące języki. Wybierz pożądany język domyślny <strong>witryny</strong>."

1
installation/sql/mysql/base.sql
View File

@ -946,6 +946,7 @@ CREATE TABLE IF NOT EXISTS `#__users` (
`otpKey` varchar(1000) NOT NULL DEFAULT '' COMMENT 'Two factor authentication encrypted keys',
`otep` varchar(1000) NOT NULL DEFAULT '' COMMENT 'One time emergency passwords',
`requireReset` tinyint NOT NULL DEFAULT 0 COMMENT 'Require user to reset password on next login',
`authProvider` varchar(100) NOT NULL DEFAULT '' COMMENT 'Name of used authentication plugin',
PRIMARY KEY (`id`),
KEY `idx_name` (`name`(100)),
KEY `idx_block` (`block`),

1
installation/sql/postgresql/base.sql
View File

@ -968,6 +968,7 @@ CREATE TABLE IF NOT EXISTS "#__users" (
"otpKey" varchar(1000) DEFAULT '' NOT NULL,
"otep" varchar(1000) DEFAULT '' NOT NULL,
"requireReset" smallint DEFAULT 0,
"authProvider" varchar(100) DEFAULT '' NOT NULL,
PRIMARY KEY ("id"),
CONSTRAINT "#__users_idx_username" UNIQUE ("username")
);

9
installation/src/Controller/InstallationController.php
View File

@ -16,7 +16,6 @@ use Joomla\CMS\Factory;
use Joomla\CMS\Language\Text;
use Joomla\CMS\MVC\Factory\MVCFactoryInterface;
use Joomla\CMS\Session\Session;
use Joomla\Utilities\ArrayHelper;
/**
* Default controller class for the Joomla Installer.
@ -217,10 +216,12 @@ class InstallationController extends JSONController
$this->checkValidToken();
// Get array of selected languages
$lids = $this->input->get('cid', [], 'array');
$lids = ArrayHelper::toInteger($lids, []);
$lids = (array) $this->input->get('cid', [], 'int');
if (!$lids)
// Remove zero values resulting from input filter
$lids = array_filter($lids);
if (empty($lids))
{
// No languages have been selected
$this->app->enqueueMessage(Text::_('INSTL_LANGUAGES_NO_LANGUAGE_SELECTED'), 'warning');

2
language/en-GB/install.xml
View File

@ -3,7 +3,7 @@
<name>English (en-GB)</name>
<tag>en-GB</tag>
<version>4.2.0</version>
<creationDate>January 2022</creationDate>
<creationDate>March 2022</creationDate>
<author>Joomla! Project</author>
<authorEmail>admin@joomla.org</authorEmail>
<authorUrl>www.joomla.org</authorUrl>

1
language/en-GB/joomla.ini
View File

@ -110,6 +110,7 @@ JREGISTER="Register"
JREQUIRED="Required"
JRESET="Reset"
JSAVE="Save"
JSAVEANDCLOSE="Save & Close"
JSAVEASCOPY="Save As Copy"
JSELECT="Select"
JSHOW="Show"

2
language/en-GB/langmetadata.xml
View File

@ -2,7 +2,7 @@
<metafile client="site">
<name>English (en-GB)</name>
<version>4.2.0</version>
<creationDate>January 2022</creationDate>
<creationDate>March 2022</creationDate>
<author>Joomla! Project</author>
<authorEmail>admin@joomla.org</authorEmail>
<authorUrl>www.joomla.org</authorUrl>

19
layouts/joomla/form/field/media.php
View File

@ -171,8 +171,23 @@ if (count($doc->getScriptOptions('media-picker')) === 0) {
}
?>
<joomla-field-media class="field-media-wrapper" type="image" <?php // @TODO add this attribute to the field in order to use it for all media types
?> base-path="<?php echo Uri::root(); ?>" root-folder="<?php echo ComponentHelper::getParams('com_media')->get('file_path', 'images'); ?>" url="<?php echo $url; ?>" modal-container=".modal" modal-width="100%" modal-height="400px" input=".field-media-input" button-select=".button-select" button-clear=".button-clear" button-save-selected=".button-save-selected" preview="static" preview-container=".field-media-preview" preview-width="<?php echo $previewWidth; ?>" preview-height="<?php echo $previewHeight; ?>" supported-extensions="<?php echo str_replace('"', '&quot;', json_encode(['images' => $imagesAllowedExt, 'audios' => $audiosAllowedExt, 'videos' => $videosAllowedExt, 'documents' => $documentsAllowedExt])); ?>">
<joomla-field-media class="field-media-wrapper" type="image" <?php // @TODO add this attribute to the field in order to use it for all media types ?>
base-path="<?php echo Uri::root(); ?>"
root-folder="<?php echo ComponentHelper::getParams('com_media')->get('file_path', 'images'); ?>"
url="<?php echo $url; ?>"
modal-container=".modal"
modal-width="100%"
modal-height="400px"
input=".field-media-input"
button-select=".button-select"
button-clear=".button-clear"
button-save-selected=".button-save-selected"
preview="static"
preview-container=".field-media-preview"
preview-width="<?php echo $previewWidth; ?>"
preview-height="<?php echo $previewHeight; ?>"
supported-extensions="<?php echo str_replace('"', '&quot;', json_encode(['images' => $imagesAllowedExt, 'audios' => $audiosAllowedExt, 'videos' => $videosAllowedExt, 'documents' => $documentsAllowedExt])); ?>
">
<?php echo $modalHTML; ?>
<?php if ($showPreview) : ?>
<div class="field-media-preview">

20
libraries/src/Authentication/Authentication.php
View File

@ -16,6 +16,7 @@ use Joomla\CMS\Log\Log;
use Joomla\CMS\Plugin\PluginHelper;
use Joomla\Event\DispatcherAwareTrait;
use Joomla\Event\DispatcherInterface;
use Joomla\CMS\Authentication\ProviderAwareAuthenticationPluginInterface;
/**
* Authentication class, provides an interface for the Joomla authentication system
@ -155,6 +156,16 @@ class Authentication
// Create authentication response
$response = new AuthenticationResponse;
// Query existing authProvider constraint
$db = Factory::getContainer()->get('DatabaseDriver');
$pluginConstraint = $db->setQuery(
$db->getQuery(true)
->select($db->quoteName('authProvider'))
->from($db->quoteName('#__users'))
->where($db->quoteName('username') . ' = ' . $db->quote($credentials['username']))
)->loadResult();
/*
* Loop through the plugins and check if the credentials can be used to authenticate
* the user
@ -173,6 +184,15 @@ class Authentication
continue;
}
// Check auth provider constraint
if ($pluginConstraint
&& $plugin instanceof ProviderAwareAuthenticationPluginInterface
&& $plugin::isPrimaryProvider()
&& $plugin::getProviderName() !== $pluginConstraint)
{
continue;
}
// Try to authenticate
$plugin->onUserAuthenticate($credentials, $options, $response);

37
libraries/src/Authentication/ProviderAwareAuthenticationPluginInterface.php Normal file
View File

@ -0,0 +1,37 @@
<?php
/**
* Joomla! Content Management System
*
* @copyright Copyright (C) 2022 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
namespace Joomla\CMS\Authentication;
defined('JPATH_PLATFORM') or die;
/**
* Interface class defining the necessary methods for an authentication plugin to be provider aware
*
* @since 3.10.7
*/
interface ProviderAwareAuthenticationPluginInterface
{
/**
* Return if plugin acts as primary provider
*
* @return true
*
* @since 3.10.7
*/
public static function isPrimaryProvider();
/**
* Return provider name
*
* @return string
*
* @since 3.10.7
*/
public static function getProviderName();
}

8
libraries/src/Filesystem/Folder.php
View File

@ -146,7 +146,13 @@ abstract class Folder
if (!$stream->copy($sfid, $dfid))
{
throw new \RuntimeException('Cannot copy file: ' . $stream->getError(), -1);
throw new \RuntimeException(
sprintf(
"Cannot copy file: %s",
Path::removeRoot($stream->getError())
),
-1
);
}
}
else

15
libraries/src/Filesystem/Patcher.php
View File

@ -447,7 +447,12 @@ class Patcher
if (!isset($src_lines))
{
throw new \RuntimeException(Text::sprintf('JLIB_FILESYSTEM_PATCHER_UNEXISTING_SOURCE', $src));
throw new \RuntimeException(
Text::sprintf(
'JLIB_FILESYSTEM_PATCHER_UNEXISTING_SOURCE',
Path::removeRoot($src)
)
);
}
}
@ -462,7 +467,13 @@ class Patcher
{
if ($src_lines[$l] != $source[$l - $srcLine])
{
throw new \RuntimeException(Text::sprintf('JLIB_FILESYSTEM_PATCHER_FAILED_VERIFY', $src, $l));
throw new \RuntimeException(
Text::sprintf(
'JLIB_FILESYSTEM_PATCHER_FAILED_VERIFY',
Path::removeRoot($src),
$l
)
);
}
}

41
libraries/src/Filesystem/Path.php
View File

@ -161,8 +161,8 @@ class Path
*
* @return string A cleaned version of the path or exit on error.
*
* @since 1.7.0
* @throws \Exception
* @since 1.7.0
*/
public static function check($path)
{
@ -185,7 +185,7 @@ class Path
sprintf(
'%1$s() - Snooping out of bounds @ %2$s',
__METHOD__,
$path
self::removeRoot($path)
)
);
}
@ -201,8 +201,8 @@ class Path
*
* @return string The cleaned path.
*
* @since 1.7.0
* @throws \UnexpectedValueException
* @since 1.7.0
*/
public static function clean($path, $ds = DIRECTORY_SEPARATOR)
{
@ -254,7 +254,7 @@ class Path
// Try to find a writable directory
$dir = false;
foreach (array($jtp, $ssp, '/tmp') as $currentDir)
foreach ([$jtp, $ssp, '/tmp'] as $currentDir)
{
if (is_writable($currentDir))
{
@ -315,7 +315,7 @@ class Path
// traversal attempts on the local file system.
// Needed for substr() later
$path = realpath($path);
$path = realpath($path);
$fullname = realpath($fullname);
}
@ -352,7 +352,7 @@ class Path
// Save start character for absolute path
$startCharacter = ($path[0] === DIRECTORY_SEPARATOR) ? DIRECTORY_SEPARATOR : '';
$parts = array();
$parts = [];
foreach (explode(DIRECTORY_SEPARATOR, $path) as $part)
{
@ -379,4 +379,33 @@ class Path
return $startCharacter . implode(DIRECTORY_SEPARATOR, $parts);
}
/**
* Remove all references to root directory path and the system tmp path from a message
*
* @param string $message The message to be cleaned
* @param string $rootDirectory Optional root directory, defaults to JPATH_ROOT
*
* @return string
*
* @since 3.10.7
*/
public static function removeRoot($message, $rootDirectory = null)
{
if (empty($rootDirectory))
{
$rootDirectory = JPATH_ROOT;
}
$makePattern = static function ($dir) {
return '~' . str_replace('~', '\\~', preg_replace('~[/\\\\]+~', '[/\\\\\\\\]+', $dir)) . '~';
};
$replacements = [
$makePattern(static::clean($rootDirectory)) => '[ROOT]',
$makePattern(sys_get_temp_dir()) => '[TMP]',
];
return preg_replace(array_keys($replacements), array_values($replacements), $message);
}
}

2
libraries/src/HTML/Helpers/Select.php
View File

@ -326,7 +326,7 @@ abstract class Select
public static function integerlist($start, $end, $inc, $name, $attribs = null, $selected = null, $format = '')
{
// Set default options
$options = array_merge(HTMLHelper::$formatOptions, array('format.depth' => 0, 'option.format' => '', 'id' => null));
$options = array_merge(HTMLHelper::$formatOptions, array('format.depth' => 0, 'option.format' => '', 'id' => false));
if (is_array($attribs) && func_num_args() === 5)
{

23
libraries/src/Helper/MediaHelper.php
View File

@ -10,6 +10,7 @@ namespace Joomla\CMS\Helper;
\defined('JPATH_PLATFORM') or die;
use enshrined\svgSanitize\Sanitizer;
use Joomla\CMS\Component\ComponentHelper;
use Joomla\CMS\Factory;
use Joomla\CMS\Filesystem\File;
@ -197,7 +198,6 @@ class MediaHelper
return true;
}
/**
* Checks if the file can be uploaded
*
@ -354,23 +354,12 @@ class MediaHelper
}
}
$xss_check = file_get_contents($file['tmp_name'], false, null, -1, 256);
$html_tags = array(
'abbr', 'acronym', 'address', 'applet', 'area', 'audioscope', 'base', 'basefont', 'bdo', 'bgsound', 'big', 'blackface', 'blink',
'blockquote', 'body', 'bq', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'comment', 'custom', 'dd', 'del',
'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'fn', 'font', 'form', 'frame', 'frameset', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
'head', 'hr', 'html', 'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'keygen', 'kbd', 'label', 'layer', 'legend', 'li', 'limittext',
'link', 'listing', 'map', 'marquee', 'menu', 'meta', 'multicol', 'nobr', 'noembed', 'noframes', 'noscript', 'nosmartquotes', 'object',
'ol', 'optgroup', 'option', 'param', 'plaintext', 'pre', 'rt', 'ruby', 's', 'samp', 'script', 'select', 'server', 'shadow', 'sidebar',
'small', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'title',
'tr', 'tt', 'ul', 'var', 'wbr', 'xml', 'xmp', '!DOCTYPE', '!--',
);
foreach ($html_tags as $tag)
if ($filetype === 'svg')
{
// A tag is '<tagname ', so we need to add < and a space or '<tagname>'
if (stripos($xss_check, '<' . $tag . ' ') !== false || stripos($xss_check, '<' . $tag . '>') !== false)
$sanitizer = new Sanitizer;
$sanitizer->sanitize(file_get_contents($file['tmp_name']));
if ($sanitizer->getXmlIssues())
{
$app->enqueueMessage(Text::_('JLIB_MEDIA_ERROR_WARNIEXSS'), 'error');

8
libraries/src/Installer/Installer.php
View File

@ -142,14 +142,14 @@ class Installer extends Adapter
/**
* A comment marker to indicate that an update SQL query may fail without triggering an update error.
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
protected const CAN_FAIL_MARKER = '/** CAN FAIL **/';
/**
* The length of the CAN_FAIL_MARKER string
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
protected const CAN_FAIL_MARKER_LENGTH = 16;
@ -201,7 +201,7 @@ class Installer extends Adapter
*
* @return array
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
public static function splitSql(?string $sql): array
{
@ -1447,7 +1447,7 @@ class Installer extends Adapter
*
* @return void
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
protected function updateSchemaTable(int $eid, string $version, bool $update = false): void
{

16
libraries/src/Installer/InstallerAdapter.php
View File

@ -1037,8 +1037,20 @@ abstract class InstallerAdapter implements ContainerAwareInterface
// The real location of the file
$manifestScriptFile = $this->parent->getPath('source') . '/' . $manifestScript;
// Load the file
$installer = require_once $manifestScriptFile;
$installer = null;
// Load the installer from the file
if (!file_exists($manifestScriptFile))
{
@trigger_error(
'Installer file must exist when defined. In version 5.0 this will crash.',
E_USER_DEPRECATED
);
return;
}
require_once $manifestScriptFile;
// When the instance is a service provider, then register the container with it
if ($installer instanceof ServiceProviderInterface)

12
libraries/src/Installer/InstallerScriptInterface.php
View File

@ -13,7 +13,7 @@ namespace Joomla\CMS\Installer;
/**
* Base install script interface for use by extensions providing helper methods for common behaviours.
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
interface InstallerScriptInterface
{
@ -24,7 +24,7 @@ interface InstallerScriptInterface
*
* @return boolean True on success
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
public function install(InstallerAdapter $adapter): bool;
@ -35,7 +35,7 @@ interface InstallerScriptInterface
*
* @return boolean True on success
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
public function update(InstallerAdapter $adapter): bool;
@ -46,7 +46,7 @@ interface InstallerScriptInterface
*
* @return boolean True on success
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
public function uninstall(InstallerAdapter $adapter): bool;
@ -58,7 +58,7 @@ interface InstallerScriptInterface
*
* @return boolean True on success
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
public function preflight(string $type, InstallerAdapter $adapter): bool;
@ -70,7 +70,7 @@ interface InstallerScriptInterface
*
* @return boolean True on success
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
public function postflight(string $type, InstallerAdapter $adapter): bool;
}

91
libraries/src/Installer/LegacyInstallerScript.php
View File

@ -13,13 +13,13 @@ namespace Joomla\CMS\Installer;
/**
* Legacy installer script which delegates the methods to the internal instance when possible.
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
class LegacyInstallerScript implements InstallerScriptInterface
{
/**
* @var \stdClass
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
private $installerScript;
@ -38,16 +38,11 @@ class LegacyInstallerScript implements InstallerScriptInterface
*
* @return boolean True on success
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
public function install(InstallerAdapter $adapter): bool
{
if (!method_exists($this->installerScript, 'install'))
{
return true;
}
return (bool) $this->installerScript->install($adapter);
return $this->callOnScript('install', [$adapter]);
}
/**
@ -57,16 +52,11 @@ class LegacyInstallerScript implements InstallerScriptInterface
*
* @return boolean True on success
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
public function update(InstallerAdapter $adapter): bool
{
if (!method_exists($this->installerScript, 'update'))
{
return true;
}
return (bool) $this->installerScript->update($adapter);
return $this->callOnScript('update', [$adapter]);
}
/**
@ -76,16 +66,11 @@ class LegacyInstallerScript implements InstallerScriptInterface
*
* @return boolean True on success
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
public function uninstall(InstallerAdapter $adapter): bool
{
if (!method_exists($this->installerScript, 'uninstall'))
{
return true;
}
return (bool) $this->installerScript->uninstall($adapter);
return $this->callOnScript('uninstall', [$adapter]);
}
/**
@ -96,16 +81,11 @@ class LegacyInstallerScript implements InstallerScriptInterface
*
* @return boolean True on success
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
public function preflight(string $type, InstallerAdapter $adapter): bool
{
if (!method_exists($this->installerScript, 'preflight'))
{
return true;
}
return (bool) $this->installerScript->preflight($type, $adapter);
return $this->callOnScript('preflight', [$type, $adapter]);
}
/**
@ -116,16 +96,11 @@ class LegacyInstallerScript implements InstallerScriptInterface
*
* @return boolean True on success
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
public function postflight(string $type, InstallerAdapter $adapter): bool
{
if (!method_exists($this->installerScript, 'postflight'))
{
return true;
}
return (bool) $this->installerScript->postflight($type, $adapter);
return $this->callOnScript('postflight', [$type, $adapter]);
}
/**
@ -136,7 +111,7 @@ class LegacyInstallerScript implements InstallerScriptInterface
*
* @return void
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
public function __set(string $name, $value)
{
@ -150,7 +125,7 @@ class LegacyInstallerScript implements InstallerScriptInterface
*
* @return mixed
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
public function __get(string $name)
{
@ -158,17 +133,47 @@ class LegacyInstallerScript implements InstallerScriptInterface
}
/**
* Calls the function with the given name on the internal script.
* Calls the function with the given name on the internal script with
* the given name and arguments.
*
* @param string $name The name of the function
* @param array $arguments The arguments
*
* @return void
* @return mixed
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
public function __call(string $name, array $arguments)
{
return call_user_func([$this->installerScript, $name], $arguments);
return call_user_func_array([$this->installerScript, $name], $arguments);
}
/**
* Calls the function with the given name on the internal script with
* some condition checking.
*
* @param string $name The name of the function
* @param array $arguments The arguments
*
* @return bool
*
* @since 4.2.0
*/
private function callOnScript(string $name, array $arguments): bool
{
if (!method_exists($this->installerScript, $name))
{
return true;
}
$return = $this->__call($name, $arguments);
// When function doesn't have a return value, assume it succeeded
if ($return === null)
{
return true;
}
return (bool) $return;
}
}

7
libraries/src/Language/Language.php
View File

@ -1178,9 +1178,12 @@ class Language
*/
public function hasKey($string)
{
$key = strtoupper($string);
if ($string === null)
{
return false;
}
return isset($this->strings[$key]);
return isset($this->strings[strtoupper($string)]);
}
/**

5
libraries/src/Log/LogEntry.php
View File

@ -11,6 +11,7 @@ namespace Joomla\CMS\Log;
\defined('JPATH_PLATFORM') or die;
use Joomla\CMS\Date\Date;
use Joomla\CMS\Filesystem\Path;
/**
* Joomla! Log Entry class
@ -97,10 +98,12 @@ class LogEntry
* @param array $context An optional array with additional message context.
*
* @since 1.7.0
* @change 3.10.7 If the message containes a full path, the root path (JPATH_ROOT) is removed from it
* to avoid any full path disclosure. Before 3.10.7, the path was propagated as provided.
*/
public function __construct($message, $priority = Log::INFO, $category = '', $date = null, array $context = array())
{
$this->message = (string) $message;
$this->message = Path::removeRoot((string) $message);
// Sanitize the priority.
if (!\in_array($priority, $this->priorities, true))

70
libraries/src/MVC/Controller/AdminController.php
View File

@ -131,9 +131,12 @@ class AdminController extends BaseController
$this->checkToken();
// Get items to remove from the request.
$cid = $this->input->get('cid', array(), 'array');
$cid = (array) $this->input->get('cid', array(), 'int');
if (!\is_array($cid) || \count($cid) < 1)
// Remove zero values resulting from input filter
$cid = array_filter($cid);
if (empty($cid))
{
$this->app->getLogger()->warning(Text::_($this->text_prefix . '_NO_ITEM_SELECTED'), array('category' => 'jerror'));
}
@ -142,9 +145,6 @@ class AdminController extends BaseController
// Get the model.
$model = $this->getModel();
// Make sure the item ids are integers
$cid = ArrayHelper::toInteger($cid);
// Remove the items.
if ($model->delete($cid))
{
@ -195,11 +195,14 @@ class AdminController extends BaseController
$this->checkToken();
// Get items to publish from the request.
$cid = $this->input->get('cid', array(), 'array');
$cid = (array) $this->input->get('cid', array(), 'int');
$data = array('publish' => 1, 'unpublish' => 0, 'archive' => 2, 'trash' => -2, 'report' => -3);
$task = $this->getTask();
$value = ArrayHelper::getValue($data, $task, 0, 'int');
// Remove zero values resulting from input filter
$cid = array_filter($cid);
if (empty($cid))
{
$this->app->getLogger()->warning(Text::_($this->text_prefix . '_NO_ITEM_SELECTED'), array('category' => 'jerror'));
@ -209,9 +212,6 @@ class AdminController extends BaseController
// Get the model.
$model = $this->getModel();
// Make sure the item ids are integers
$cid = ArrayHelper::toInteger($cid);
// Publish the items.
try
{
@ -274,9 +274,12 @@ class AdminController extends BaseController
// Check for request forgeries.
$this->checkToken();
$ids = $this->input->post->get('cid', array(), 'array');
$ids = (array) $this->input->post->get('cid', array(), 'int');
$inc = $this->getTask() === 'orderup' ? -1 : 1;
// Remove zero values resulting from input filter
$ids = array_filter($ids);
$model = $this->getModel();
$return = $model->reorder($ids, $inc);
@ -313,12 +316,18 @@ class AdminController extends BaseController
$this->checkToken();
// Get the input
$pks = $this->input->post->get('cid', array(), 'array');
$order = $this->input->post->get('order', array(), 'array');
$pks = (array) $this->input->post->get('cid', array(), 'int');
$order = (array) $this->input->post->get('order', array(), 'int');
// Sanitize the input
$pks = ArrayHelper::toInteger($pks);
$order = ArrayHelper::toInteger($order);
// Remove zero PK's and corresponding order values resulting from input filter for PK
foreach ($pks as $i => $pk)
{
if ($pk === 0)
{
unset($pks[$i]);
unset($order[$i]);
}
}
// Get the model
$model = $this->getModel();
@ -358,11 +367,13 @@ class AdminController extends BaseController
// Check for request forgeries.
$this->checkToken();
$ids = $this->input->post->get('cid', array(), 'array');
$cid = ArrayHelper::toInteger($ids);
$ids = (array) $this->input->post->get('cid', array(), 'int');
// Remove zero values resulting from input filter
$ids = array_filter($ids);
$model = $this->getModel();
$return = $model->checkin($cid);
$return = $model->checkin($ids);
if ($return === false)
{
@ -379,7 +390,7 @@ class AdminController extends BaseController
else
{
// Checkin succeeded.
$message = Text::plural($this->text_prefix . '_N_ITEMS_CHECKED_IN', \count($cid));
$message = Text::plural($this->text_prefix . '_N_ITEMS_CHECKED_IN', \count($ids));
$this->setRedirect(
Route::_(
'index.php?option=' . $this->option . '&view=' . $this->view_list . $this->getRedirectToListAppend(), false
@ -403,12 +414,18 @@ class AdminController extends BaseController
$this->checkToken();
// Get the input
$pks = $this->input->post->get('cid', array(), 'array');
$order = $this->input->post->get('order', array(), 'array');
$pks = (array) $this->input->post->get('cid', array(), 'int');
$order = (array) $this->input->post->get('order', array(), 'int');
// Sanitize the input
$pks = ArrayHelper::toInteger($pks);
$order = ArrayHelper::toInteger($order);
// Remove zero PK's and corresponding order values resulting from input filter for PK
foreach ($pks as $i => $pk)
{
if ($pk === 0)
{
unset($pks[$i]);
unset($order[$i]);
}
}
// Get the model
$model = $this->getModel();
@ -438,7 +455,10 @@ class AdminController extends BaseController
$this->checkToken();
// Get the input
$pks = $this->input->post->get('cid', array(), 'array');
$pks = (array) $this->input->post->get('cid', array(), 'int');
// Remove zero values resulting from input filter
$pks = array_filter($pks);
if (!\count($pks))
{

7
libraries/src/MVC/Controller/FormController.php
View File

@ -262,7 +262,10 @@ class FormController extends BaseController implements FormFactoryAwareInterface
public function batch($model)
{
$vars = $this->input->post->get('batch', array(), 'array');
$cid = $this->input->post->get('cid', array(), 'array');
$cid = (array) $this->input->post->get('cid', array(), 'int');
// Remove zero values resulting from input filter
$cid = array_filter($cid);
// Build an array of item contexts to check
$contexts = array();
@ -369,7 +372,7 @@ class FormController extends BaseController implements FormFactoryAwareInterface
$model = $this->getModel();
$table = $model->getTable();
$cid = $this->input->post->get('cid', array(), 'array');
$cid = (array) $this->input->post->get('cid', array(), 'int');
$context = "$this->option.edit.$this->context";
// Determine the name of the primary key for the data.

4
libraries/src/MVC/Factory/MVCFactory.php
View File

@ -309,7 +309,7 @@ class MVCFactory implements MVCFactoryInterface, FormFactoryAwareInterface, Site
*
* @return void
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
private function setDispatcherOnObject($object)
{
@ -335,7 +335,7 @@ class MVCFactory implements MVCFactoryInterface, FormFactoryAwareInterface, Site
*
* @return void
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
private function setRouterOnObject($object): void
{

2
libraries/src/MVC/Model/ListModel.php
View File

@ -631,7 +631,7 @@ class ListModel extends BaseDatabaseModel implements FormFactoryAwareInterface,
// Check if the ordering direction is valid, otherwise use the incoming value.
$value = $app->getUserStateFromRequest($this->context . '.orderdirn', 'filter_order_Dir', $direction);
if (!\in_array(strtoupper($value), array('ASC', 'DESC', '')))
if (!$value || !\in_array(strtoupper($value), array('ASC', 'DESC', '')))
{
$value = $direction;
$app->setUserState($this->context . '.orderdirn', $value);

2
libraries/src/MVC/View/CategoryView.php
View File

@ -185,7 +185,7 @@ class CategoryView extends HtmlView
$itemElement->event = new \stdClass;
// For some plugins.
!empty($itemElement->description) ? $itemElement->text = $itemElement->description : $itemElement->text = null;
!empty($itemElement->description) ? $itemElement->text = $itemElement->description : $itemElement->text = '';
Factory::getApplication()->triggerEvent('onContentPrepare', [$this->extension . '.category', &$itemElement, &$itemElement->params, 0]);

5
libraries/src/MVC/View/HtmlView.php
View File

@ -253,6 +253,11 @@ class HtmlView extends AbstractView
*/
public function escape($var)
{
if ($var === null)
{
return '';
}
return htmlspecialchars($var, ENT_QUOTES, $this->_charset);
}

4
libraries/src/Router/SiteRouterAwareInterface.php
View File

@ -13,7 +13,7 @@ namespace Joomla\CMS\Router;
/**
* Interface for site router aware classes.
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
interface SiteRouterAwareInterface
{
@ -24,7 +24,7 @@ interface SiteRouterAwareInterface
*
* @return void
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
public function setSiteRouter(SiteRouter $router): void;
}

8
libraries/src/Router/SiteRouterAwareTrait.php
View File

@ -13,13 +13,13 @@ namespace Joomla\CMS\Router;
/**
* Defines the trait for a Site Router Aware Class.
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
trait SiteRouterAwareTrait
{
/**
* @var SiteRouter
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
private $router;
@ -28,7 +28,7 @@ trait SiteRouterAwareTrait
*
* @return SiteRouter
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*
* @throws \UnexpectedValueException May be thrown if the router has not been set.
*/
@ -49,7 +49,7 @@ trait SiteRouterAwareTrait
*
* @return void
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
public function setSiteRouter(SiteRouter $router): void
{

2
libraries/src/Service/Provider/Router.php
View File

@ -37,6 +37,7 @@ class Router implements ServiceProviderInterface
public function register(Container $container)
{
$container->alias('SiteRouter', SiteRouter::class)
->alias('JRouterSite', SiteRouter::class)
->share(
SiteRouter::class,
function (Container $container)
@ -47,6 +48,7 @@ class Router implements ServiceProviderInterface
);
$container->alias('AdministratorRouter', AdministratorRouter::class)
->alias('JRouterAdministrator', AdministratorRouter::class)
->share(
AdministratorRouter::class,
function (Container $container)

37
libraries/src/Table/User.php
View File

@ -565,4 +565,41 @@ class User extends Table
return true;
}
/**
* Updates auth provider of a user
*
* @param string $authProvider The auth provider name
* @param integer $userId The user id (optional).
*
* @return boolean False if an error occurs
*
* @since 3.10.7
*/
public function setAuthProvider($authProvider, $userId = null)
{
// Check for User ID
if (is_null($userId))
{
if (isset($this))
{
$userId = $this->id;
}
else
{
jexit('No userid in setAuthProvider');
}
}
// Update the database row for the user.
$db = $this->_db;
$query = $db->getQuery(true)
->update($db->quoteName($this->_tbl))
->set($db->quoteName('authProvider') . '=' . $db->quote($authProvider))
->where($db->quoteName('id') . '=' . (int) $userId);
$db->setQuery($query);
$db->execute();
return true;
}
}

2
libraries/src/Uri/Uri.php
View File

@ -260,6 +260,8 @@ class Uri extends \Joomla\Uri\Uri
*/
public static function isInternal($url)
{
$url = str_replace('\\', '/', $url);
$uri = static::getInstance($url);
$base = $uri->toString(array('scheme', 'host', 'port', 'path'));
$host = $uri->toString(array('scheme', 'host', 'port'));

19
libraries/src/User/User.php
View File

@ -524,6 +524,25 @@ class User extends CMSObject
return new \DateTimeZone($timezone);
}
/**
* Pass through method to the table for setting the auth provider in login contexts.
* Works around issues with hardcoded permission checks in save() associated to super admins
*
* @param string $authProvider The auth plugin name
*
* @return boolean True on success.
*
* @since 3.10.7
*/
public function setAuthProvider($authProvider)
{
// Create the user table object
$table = $this->getTable();
$table->load($this->id);
return $table->setAuthProvider($authProvider);
}
/**
* Method to get the user parameters
*

6
libraries/src/Version.php
View File

@ -61,7 +61,7 @@ final class Version
* @var string
* @since 3.8.0
*/
const EXTRA_VERSION = 'dev';
const EXTRA_VERSION = 'alpha2-dev';
/**
* Development status.
@ -85,7 +85,7 @@ final class Version
* @var string
* @since 3.5
*/
const RELDATE = '23-January-2022';
const RELDATE = '29-March-2022';
/**
* Release time.
@ -93,7 +93,7 @@ final class Version
* @var string
* @since 3.5
*/
const RELTIME = '11:04';
const RELTIME = '18:41';
/**
* Release timezone.

4
libraries/src/WebAsset/AssetItem/TableColumnsAssetItem.php
View File

@ -18,7 +18,7 @@ use Joomla\CMS\WebAsset\WebAssetItem;
/**
* Web Asset Item class for tables.column asset
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
class TableColumnsAssetItem extends WebAssetItem implements WebAssetAttachBehaviorInterface
{
@ -30,7 +30,7 @@ class TableColumnsAssetItem extends WebAssetItem implements WebAssetAttachBehavi
*
* @return void
*
* @since __DEPLOY_VERSION__
* @since 4.2.0
*/
public function onAttachCallback(Document $doc)
{

30
plugins/authentication/cookie/cookie.php
View File

@ -17,6 +17,8 @@ use Joomla\CMS\Plugin\CMSPlugin;
use Joomla\CMS\User\User;
use Joomla\CMS\User\UserHelper;
use Joomla\CMS\Authentication\ProviderAwareAuthenticationPluginInterface;
/**
* Joomla Authentication plugin
*
@ -24,7 +26,7 @@ use Joomla\CMS\User\UserHelper;
* @note Code based on http://jaspan.com/improved_persistent_login_cookie_best_practice
* and http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice/
*/
class PlgAuthenticationCookie extends CMSPlugin
class PlgAuthenticationCookie extends CMSPlugin implements ProviderAwareAuthenticationPluginInterface
{
/**
* Application object
@ -107,7 +109,7 @@ class PlgAuthenticationCookie extends CMSPlugin
return false;
}
$response->type = 'Cookie';
$response->type = self::getProviderName();
// Filter series since we're going to use it in the query
$filter = new InputFilter;
@ -446,4 +448,28 @@ class PlgAuthenticationCookie extends CMSPlugin
return true;
}
/**
* Remember Me shall work with any other auth plugin
*
* @return false
*
* @since 3.10.7
*/
public static function isPrimaryProvider()
{
return false;
}
/**
* Return provider name
*
* @return string
*
* @since 3.10.7
*/
public static function getProviderName()
{
return 'Cookie';
}
}

30
plugins/authentication/joomla/joomla.php
View File

@ -17,12 +17,14 @@ use Joomla\CMS\Plugin\PluginHelper;
use Joomla\CMS\User\User;
use Joomla\CMS\User\UserHelper;
use Joomla\CMS\Authentication\ProviderAwareAuthenticationPluginInterface;
/**
* Joomla Authentication plugin
*
* @since 1.5
*/
class PlgAuthenticationJoomla extends CMSPlugin
class PlgAuthenticationJoomla extends CMSPlugin implements ProviderAwareAuthenticationPluginInterface
{
/**
* Application object
@ -53,7 +55,7 @@ class PlgAuthenticationJoomla extends CMSPlugin
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
$response->type = 'Joomla';
$response->type = self::getProviderName();
// Joomla does not like blank passwords
if (empty($credentials['password']))
@ -237,4 +239,28 @@ class PlgAuthenticationJoomla extends CMSPlugin
}
}
}
/**
* Acts as primary auth provider
*
* @return true
*
* @since 3.10.7
*/
public static function isPrimaryProvider()
{
return true;
}
/**
* Return provider name
*
* @return string
*
* @since 3.10.7
*/
public static function getProviderName()
{
return 'Joomla';
}
}

29
plugins/authentication/ldap/ldap.php
View File

@ -10,6 +10,7 @@
defined('_JEXEC') or die;
use Joomla\CMS\Authentication\Authentication;
use Joomla\CMS\Authentication\ProviderAwareAuthenticationPluginInterface;
use Joomla\CMS\Language\Text;
use Joomla\CMS\Plugin\CMSPlugin;
use Symfony\Component\Ldap\Entry;
@ -22,7 +23,7 @@ use Symfony\Component\Ldap\Ldap;
*
* @since 1.5
*/
class PlgAuthenticationLdap extends CMSPlugin
class PlgAuthenticationLdap extends CMSPlugin implements ProviderAwareAuthenticationPluginInterface
{
/**
* This method should handle any authentication and report back to the subject
@ -44,7 +45,7 @@ class PlgAuthenticationLdap extends CMSPlugin
}
// For JLog
$response->type = 'LDAP';
$response->type = self::getProviderName();
// Strip null bytes from the password
$credentials['password'] = str_replace(chr(0), '', $credentials['password']);
@ -223,4 +224,28 @@ class PlgAuthenticationLdap extends CMSPlugin
}
}
}
/**
* Acts as primary auth provider
*
* @return true
*
* @since 3.10.7
*/
public static function isPrimaryProvider()
{
return true;
}
/**
* Return provider name
*
* @return string
*
* @since 3.10.7
*/
public static function getProviderName()
{
return 'LDAP';
}
}

Some files were not shown because too many files have changed in this diff Show More