33
0
mirror of https://github.com/joomla-extensions/patchtester.git synced 2024-12-22 02:49:01 +00:00

Merge pull request #364 from dgrammatiko/patch-1

Drop jQuery, fix a number of XSS
This commit is contained in:
Roland Dalmulder 2023-09-06 22:38:00 +02:00 committed by GitHub
commit 6501996b6d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 139 additions and 117 deletions

View File

@ -70,7 +70,7 @@ class StartfetchController extends BaseController
$testsModel = Factory::getApplication()->bootComponent('com_patchtester')->getMVCFactory()->createModel('Tests', 'Administrator', ['ignore_request' => true]);
try {
// Sanity check, ensure there aren't any applied patches
// Sanity check, ensure there aren't any applied patches
if (count($testsModel->getAppliedPatches()) >= 1) {
$response = new JsonResponse(new \Exception(Text::_('COM_PATCHTESTER_ERROR_APPLIED_PATCHES'), 500));
$this->app->sendHeaders();

View File

@ -10,14 +10,18 @@
use Joomla\CMS\Factory;
use Joomla\CMS\HTML\HTMLHelper;
use Joomla\CMS\Language\Text;
use Joomla\CMS\WebAsset\WebAssetManager;
// phpcs:disable PSR1.Files.SideEffects
\defined('_JEXEC') or die;
// phpcs:enable PSR1.Files.SideEffects
HTMLHelper::_('jquery.framework');
/** @var WebAssetManager $wa */
$wa = $this->document->getWebAssetManager();
$wa->useScript('com_patchtester.admin-fetcher-modal');
HTMLHelper::_('behavior.core');
HTMLHelper::_('script', 'com_patchtester/fetcher.js', ['version' => 'auto', 'relative' => true]);
//HTMLHelper::_('script', 'com_patchtester/fetcher.js', ['version' => 'auto', 'relative' => true]);
Text::script('COM_PATCHTESTER_FETCH_AN_ERROR_HAS_OCCURRED');
?>

View File

@ -11,15 +11,17 @@ use Joomla\CMS\HTML\HTMLHelper;
use Joomla\CMS\Language\Text;
use Joomla\CMS\Layout\LayoutHelper;
use Joomla\CMS\Router\Route;
use Joomla\CMS\WebAsset\WebAssetManager;
// phpcs:disable PSR1.Files.SideEffects
\defined('_JEXEC') or die;
// phpcs:enable PSR1.Files.SideEffects
/** @var \Joomla\Component\Patchtester\Administrator\View\Pulls\PullsHtmlView $this */
/** @var \Joomla\Component\Patchtester\Administrator\View\Pulls\HtmlView $this */
HTMLHelper::_('stylesheet', 'com_patchtester/octicons.css', ['version' => '3.5.0', 'relative' => true]);
HTMLHelper::_('script', 'com_patchtester/patchtester.js', ['version' => 'auto', 'relative' => true]);
/** @var WebAssetManager $wa */
$wa = $this->document->getWebAssetManager();
$wa->usePreset('com_patchtester.patchtester');
$listOrder = $this->escape($this->state->get('list.ordering'));
$listDirn = $this->escape($this->state->get('list.direction'));

View File

@ -0,0 +1,40 @@
{
"$schema": "https://developer.joomla.org/schemas/json-schema/web_assets.json",
"name": "com_patchtester",
"version": "4.3.2",
"description": "Joomla CMS",
"license": "GPL-2.0-or-later",
"assets": [
{
"name": "com_patchtester.admin-fetcher-modal",
"type": "script",
"uri": "com_patchtester/fetcher.js",
"attributes": {
"type": "module",
"defer": true
}
},
{
"name": "com_patchtester.patchtester",
"type": "script",
"uri": "com_patchtester/patchtester.js",
"attributes": {
"type": "module",
"defer": true
}
},
{
"name": "com_patchtester.octicons",
"type": "style",
"uri": "com_patchtester/octicons.css"
},
{
"name": "com_patchtester.patchtester",
"type": "preset",
"dependencies": [
"com_patchtester.patchtester#script",
"com_patchtester.octicons#style"
]
}
]
}

View File

@ -1,134 +1,110 @@
/**
* Patch testing component for the Joomla! CMS
*
* @copyright Copyright (C) 2011 - 2012 Ian MacLennan, Copyright (C) 2013 - 2018 Open Source Matters, Inc. All rights reserved.
* @copyright Copyright (C) 2023 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later
*/
if (typeof jQuery === 'undefined') {
throw new Error('PatchFetcher JavaScript requires jQuery')
}
if (typeof Joomla === 'undefined') {
throw new Error('PatchFetcher JavaScript requires the Joomla core JavaScript API')
}
!function (jQuery, Joomla, window) {
'use strict';
const defaultSettings = {
progress: null,
lastPage: null,
baseURL: `${Joomla.getOptions('system.paths').baseFull}index.php?option=com_patchtester&tmpl=component&format=json`,
};
/**
* Initialize the PatchFetcher object
*
* @constructor
*/
var PatchFetcher = function () {
var offset = null,
progress = null,
path = 'index.php?option=com_patchtester&tmpl=component&format=json',
lastPage = null,
progressBar = jQuery('#progress-bar');
class PatchFetcher {
constructor(settings = defaultSettings) {
this.url = new URL(settings.baseURL);
this.progress = settings.progress;
this.lastPage = settings.lastPage;
var initialize = function () {
offset = 0;
progress = 0;
path = path + '&' + jQuery('#patchtester-token').attr('name') + '=1';
this.progressBar = document.getElementById('progress-bar');
this.url.searchParams.append(document.getElementById('patchtester-token').getAttribute('name'), 1);
getRequest('startfetch');
};
this.request('startfetch');
}
var getRequest = function (task) {
jQuery.ajax({
type: 'GET',
url: path,
data: `task=${task}.${task}`,
dataType: 'json',
success: function (response, textStatus, xhr) {
try {
if (response === null) {
throw textStatus;
}
request(task) {
this.url.searchParams.append('task', `${task}.${task}`);
if (response.error) {
throw response;
}
Joomla.request({
url: this.url.toString(),
method: 'GET',
headers: { 'Content-Type': 'application/json' },
perform: true,
onSuccess: (response) => {
response = JSON.parse(response)
try {
if (response === null || response.error || response.success === false) {
throw response;
}
// {"success":true,"message":"Processing page 1 of GitHub data","messages":null,"data":{"complete":false,"header":"Processing data from GitHub"}}
// Store the last page if it is part of this request and not a boolean false
if (typeof response.data.lastPage !== 'undefined' && response.data.lastPage !== false) {
this.lastPage = response.data.lastPage;
}
if (response.success === false) {
throw response;
}
// Update the progress bar if we have the data to do so
if (typeof response.data.page !== 'undefined') {
this.progress = (response.data.page / this.lastPage) * 100;
// Store the last page if it is part of this request and not a boolean false
if (typeof response.data.lastPage !== 'undefined' && response.data.lastPage !== false) {
lastPage = response.data.lastPage;
}
if (this.progress < 100) {
this.progressBar.style.width = `${this.progress}%`;
this.progressBar.setAttribute('aria-valuenow', this.progress);
} else {
// Both BS2 and BS4 classes are targeted to keep this script simple
this.progressBar.classList.remove(['bar-success', 'bg-success']);
this.progressBar.classList.remove(['bar-warning', 'bg-warning']);
this.progressBar.style.width = `${this.progress}%`;
this.progressBar.setAttribute('aria-valuemin', 100);
this.progressBar.setAttribute('aria-valuemax', 200);
this.progressBar.setAttribute('aria-valuenow', this.progress);
}
}
// Update the progress bar if we have the data to do so
if (typeof response.data.page !== 'undefined') {
progress = (response.data.page / lastPage) * 100;
document.getElementById('patchtester-progress-message').innerHTML = Joomla.sanitizeHtml(response.message);
if (progress < 100) {
progressBar.css('width', progress + '%').attr('aria-valuenow', progress);
} else {
// Both BS2 and BS4 classes are targeted to keep this script simple
progressBar
.removeClass('bar-success bg-success')
.addClass('bar-warning bg-warning')
.css('width', progress + '%')
.attr('aria-valuemin', 100)
.attr('aria-valuemax', 200)
.attr('aria-valuenow', progress);
}
}
if (response.data.header) {
document.getElementById('patchtester-progress-header').innerHTML = Joomla.sanitizeHtml(response.data.header);
}
jQuery('#patchtester-progress-message').html(response.message);
if (!response.data.complete) {
this.url.searchParams.append(document.querySelector('#patchtester-token').getAttribute('name'), 1);
this.url.searchParams.append('task', `${task}.${task}`);
this.request('fetch');
} else {
document.getElementById('progress').remove();
window.parent.document.querySelector('#modal-sync button.btn-close').click();
}
} catch (error) {
try {
if (response.error || response.success === false) {
document.getElementById('patchtester-progress-header').innerText(Joomla.JText._('COM_PATCHTESTER_FETCH_AN_ERROR_HAS_OCCURRED'));
document.getElementById('patchtester-progress-message').innerHTML = Joomla.sanitizeHtml(response.message);
}
} catch (ignore) {
if (error === '') {
error = Joomla.JText._('COM_PATCHTESTER_NO_ERROR_RETURNED');
}
if (response.data.header) {
jQuery('#patchtester-progress-header').html(response.data.header);
}
if (!response.data.complete) {
// Send another request
getRequest('fetch');
} else {
jQuery('#progress').remove();
jQuery('#modal-sync button.btn-close', window.parent.document).trigger('click');
}
} catch (error) {
try {
if (response.error || response.success === false) {
jQuery('#patchtester-progress-header').text(Joomla.JText._('COM_PATCHTESTER_FETCH_AN_ERROR_HAS_OCCURRED'));
jQuery('#patchtester-progress-message').html(response.message);
}
} catch (ignore) {
if (error === '') {
error = Joomla.JText._('COM_PATCHTESTER_NO_ERROR_RETURNED');
}
jQuery('#patchtester-progress-header').text(Joomla.JText._('COM_PATCHTESTER_FETCH_AN_ERROR_HAS_OCCURRED'));
jQuery('#patchtester-progress-message').html(error);
jQuery('#progress').remove();
}
}
return true;
},
error: function (jqXHR, textStatus, errorThrown) {
var json = (typeof jqXHR === 'object' && jqXHR.responseText) ? jqXHR.responseText : null;
jQuery('#patchtester-progress-header').text(Joomla.JText._('COM_PATCHTESTER_FETCH_AN_ERROR_HAS_OCCURRED'));
jQuery('#patchtester-progress-message').html(json);
jQuery('#progress').remove();
}
});
};
initialize();
};
jQuery(function () {
new PatchFetcher();
if (typeof window.parent.SqueezeBox === 'object') {
jQuery(window.parent.SqueezeBox).on('close', function () {
window.parent.location.reload(true);
});
document.getElementById('patchtester-progress-header').innerText(Joomla.JText._('COM_PATCHTESTER_FETCH_AN_ERROR_HAS_OCCURRED'));
document.getElementById('patchtester-progress-message').innerHTML = Joomla.sanitizeHtml(error);
document.getElementById('progress').remove();
}
}
return true;
},
onError: (jqXHR) => {
const json = (typeof jqXHR === 'object' && jqXHR.responseText) ? jqXHR.responseText : null;
document.getElementById('patchtester-progress-header').innerText(Joomla.JText._('COM_PATCHTESTER_FETCH_AN_ERROR_HAS_OCCURRED'));
document.getElementById('patchtester-progress-message').innerHTML = Joomla.sanitizeHtml(json);
document.getElementById('progress').remove();
}
});
}(jQuery, Joomla, window);
}
}
new PatchFetcher();