Merge pull request #364 from dgrammatiko/patch-1
Drop jQuery, fix a number of XSS
This commit is contained in:
Roland Dalmulder
GitHub
commit
6501996b6d
|
|
@ -70,7 +70,7 @@ class StartfetchController extends BaseController
|
|||
|
||||
$testsModel = Factory::getApplication()->bootComponent('com_patchtester')->getMVCFactory()->createModel('Tests', 'Administrator', ['ignore_request' => true]);
|
||||
try {
|
||||
// Sanity check, ensure there aren't any applied patches
|
||||
// Sanity check, ensure there aren't any applied patches
|
||||
if (count($testsModel->getAppliedPatches()) >= 1) {
|
||||
$response = new JsonResponse(new \Exception(Text::_('COM_PATCHTESTER_ERROR_APPLIED_PATCHES'), 500));
|
||||
$this->app->sendHeaders();
|
||||
|
|
|
|||
|
|
@ -10,14 +10,18 @@
|
|||
use Joomla\CMS\Factory;
|
||||
use Joomla\CMS\HTML\HTMLHelper;
|
||||
use Joomla\CMS\Language\Text;
|
||||
use Joomla\CMS\WebAsset\WebAssetManager;
|
||||
|
||||
// phpcs:disable PSR1.Files.SideEffects
|
||||
\defined('_JEXEC') or die;
|
||||
// phpcs:enable PSR1.Files.SideEffects
|
||||
|
||||
HTMLHelper::_('jquery.framework');
|
||||
/** @var WebAssetManager $wa */
|
||||
$wa = $this->document->getWebAssetManager();
|
||||
$wa->useScript('com_patchtester.admin-fetcher-modal');
|
||||
|
||||
HTMLHelper::_('behavior.core');
|
||||
HTMLHelper::_('script', 'com_patchtester/fetcher.js', ['version' => 'auto', 'relative' => true]);
|
||||
//HTMLHelper::_('script', 'com_patchtester/fetcher.js', ['version' => 'auto', 'relative' => true]);
|
||||
Text::script('COM_PATCHTESTER_FETCH_AN_ERROR_HAS_OCCURRED');
|
||||
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -11,15 +11,17 @@ use Joomla\CMS\HTML\HTMLHelper;
|
|||
use Joomla\CMS\Language\Text;
|
||||
use Joomla\CMS\Layout\LayoutHelper;
|
||||
use Joomla\CMS\Router\Route;
|
||||
use Joomla\CMS\WebAsset\WebAssetManager;
|
||||
|
||||
// phpcs:disable PSR1.Files.SideEffects
|
||||
\defined('_JEXEC') or die;
|
||||
// phpcs:enable PSR1.Files.SideEffects
|
||||
|
||||
/** @var \Joomla\Component\Patchtester\Administrator\View\Pulls\PullsHtmlView $this */
|
||||
/** @var \Joomla\Component\Patchtester\Administrator\View\Pulls\HtmlView $this */
|
||||
|
||||
HTMLHelper::_('stylesheet', 'com_patchtester/octicons.css', ['version' => '3.5.0', 'relative' => true]);
|
||||
HTMLHelper::_('script', 'com_patchtester/patchtester.js', ['version' => 'auto', 'relative' => true]);
|
||||
/** @var WebAssetManager $wa */
|
||||
$wa = $this->document->getWebAssetManager();
|
||||
$wa->usePreset('com_patchtester.patchtester');
|
||||
|
||||
$listOrder = $this->escape($this->state->get('list.ordering'));
|
||||
$listDirn = $this->escape($this->state->get('list.direction'));
|
||||
|
|
|
|||
|
|
@ -0,0 +1,40 @@
|
|||
{
|
||||
"$schema": "https://developer.joomla.org/schemas/json-schema/web_assets.json",
|
||||
"name": "com_patchtester",
|
||||
"version": "4.3.2",
|
||||
"description": "Joomla CMS",
|
||||
"license": "GPL-2.0-or-later",
|
||||
"assets": [
|
||||
{
|
||||
"name": "com_patchtester.admin-fetcher-modal",
|
||||
"type": "script",
|
||||
"uri": "com_patchtester/fetcher.js",
|
||||
"attributes": {
|
||||
"type": "module",
|
||||
"defer": true
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "com_patchtester.patchtester",
|
||||
"type": "script",
|
||||
"uri": "com_patchtester/patchtester.js",
|
||||
"attributes": {
|
||||
"type": "module",
|
||||
"defer": true
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "com_patchtester.octicons",
|
||||
"type": "style",
|
||||
"uri": "com_patchtester/octicons.css"
|
||||
},
|
||||
{
|
||||
"name": "com_patchtester.patchtester",
|
||||
"type": "preset",
|
||||
"dependencies": [
|
||||
"com_patchtester.patchtester#script",
|
||||
"com_patchtester.octicons#style"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -1,134 +1,110 @@
|
|||
/**
|
||||
* Patch testing component for the Joomla! CMS
|
||||
*
|
||||
* @copyright Copyright (C) 2011 - 2012 Ian MacLennan, Copyright (C) 2013 - 2018 Open Source Matters, Inc. All rights reserved.
|
||||
* @copyright Copyright (C) 2023 Open Source Matters, Inc. All rights reserved.
|
||||
* @license GNU General Public License version 2 or later
|
||||
*/
|
||||
|
||||
if (typeof jQuery === 'undefined') {
|
||||
throw new Error('PatchFetcher JavaScript requires jQuery')
|
||||
}
|
||||
|
||||
if (typeof Joomla === 'undefined') {
|
||||
throw new Error('PatchFetcher JavaScript requires the Joomla core JavaScript API')
|
||||
}
|
||||
|
||||
!function (jQuery, Joomla, window) {
|
||||
'use strict';
|
||||
const defaultSettings = {
|
||||
progress: null,
|
||||
lastPage: null,
|
||||
baseURL: `${Joomla.getOptions('system.paths').baseFull}index.php?option=com_patchtester&tmpl=component&format=json`,
|
||||
};
|
||||
|
||||
/**
|
||||
* Initialize the PatchFetcher object
|
||||
*
|
||||
* @constructor
|
||||
*/
|
||||
var PatchFetcher = function () {
|
||||
var offset = null,
|
||||
progress = null,
|
||||
path = 'index.php?option=com_patchtester&tmpl=component&format=json',
|
||||
lastPage = null,
|
||||
progressBar = jQuery('#progress-bar');
|
||||
class PatchFetcher {
|
||||
constructor(settings = defaultSettings) {
|
||||
this.url = new URL(settings.baseURL);
|
||||
this.progress = settings.progress;
|
||||
this.lastPage = settings.lastPage;
|
||||
|
||||
var initialize = function () {
|
||||
offset = 0;
|
||||
progress = 0;
|
||||
path = path + '&' + jQuery('#patchtester-token').attr('name') + '=1';
|
||||
this.progressBar = document.getElementById('progress-bar');
|
||||
this.url.searchParams.append(document.getElementById('patchtester-token').getAttribute('name'), 1);
|
||||
|
||||
getRequest('startfetch');
|
||||
};
|
||||
this.request('startfetch');
|
||||
}
|
||||
|
||||
var getRequest = function (task) {
|
||||
jQuery.ajax({
|
||||
type: 'GET',
|
||||
url: path,
|
||||
data: `task=${task}.${task}`,
|
||||
dataType: 'json',
|
||||
success: function (response, textStatus, xhr) {
|
||||
try {
|
||||
if (response === null) {
|
||||
throw textStatus;
|
||||
}
|
||||
request(task) {
|
||||
this.url.searchParams.append('task', `${task}.${task}`);
|
||||
|
||||
if (response.error) {
|
||||
throw response;
|
||||
}
|
||||
Joomla.request({
|
||||
url: this.url.toString(),
|
||||
method: 'GET',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
perform: true,
|
||||
onSuccess: (response) => {
|
||||
response = JSON.parse(response)
|
||||
try {
|
||||
if (response === null || response.error || response.success === false) {
|
||||
throw response;
|
||||
}
|
||||
// {"success":true,"message":"Processing page 1 of GitHub data","messages":null,"data":{"complete":false,"header":"Processing data from GitHub"}}
|
||||
// Store the last page if it is part of this request and not a boolean false
|
||||
if (typeof response.data.lastPage !== 'undefined' && response.data.lastPage !== false) {
|
||||
this.lastPage = response.data.lastPage;
|
||||
}
|
||||
|
||||
if (response.success === false) {
|
||||
throw response;
|
||||
}
|
||||
// Update the progress bar if we have the data to do so
|
||||
if (typeof response.data.page !== 'undefined') {
|
||||
this.progress = (response.data.page / this.lastPage) * 100;
|
||||
|
||||
// Store the last page if it is part of this request and not a boolean false
|
||||
if (typeof response.data.lastPage !== 'undefined' && response.data.lastPage !== false) {
|
||||
lastPage = response.data.lastPage;
|
||||
}
|
||||
if (this.progress < 100) {
|
||||
this.progressBar.style.width = `${this.progress}%`;
|
||||
this.progressBar.setAttribute('aria-valuenow', this.progress);
|
||||
} else {
|
||||
// Both BS2 and BS4 classes are targeted to keep this script simple
|
||||
this.progressBar.classList.remove(['bar-success', 'bg-success']);
|
||||
this.progressBar.classList.remove(['bar-warning', 'bg-warning']);
|
||||
this.progressBar.style.width = `${this.progress}%`;
|
||||
this.progressBar.setAttribute('aria-valuemin', 100);
|
||||
this.progressBar.setAttribute('aria-valuemax', 200);
|
||||
this.progressBar.setAttribute('aria-valuenow', this.progress);
|
||||
}
|
||||
}
|
||||
|
||||
// Update the progress bar if we have the data to do so
|
||||
if (typeof response.data.page !== 'undefined') {
|
||||
progress = (response.data.page / lastPage) * 100;
|
||||
document.getElementById('patchtester-progress-message').innerHTML = Joomla.sanitizeHtml(response.message);
|
||||
|
||||
if (progress < 100) {
|
||||
progressBar.css('width', progress + '%').attr('aria-valuenow', progress);
|
||||
} else {
|
||||
// Both BS2 and BS4 classes are targeted to keep this script simple
|
||||
progressBar
|
||||
.removeClass('bar-success bg-success')
|
||||
.addClass('bar-warning bg-warning')
|
||||
.css('width', progress + '%')
|
||||
.attr('aria-valuemin', 100)
|
||||
.attr('aria-valuemax', 200)
|
||||
.attr('aria-valuenow', progress);
|
||||
}
|
||||
}
|
||||
if (response.data.header) {
|
||||
document.getElementById('patchtester-progress-header').innerHTML = Joomla.sanitizeHtml(response.data.header);
|
||||
}
|
||||
|
||||
jQuery('#patchtester-progress-message').html(response.message);
|
||||
if (!response.data.complete) {
|
||||
this.url.searchParams.append(document.querySelector('#patchtester-token').getAttribute('name'), 1);
|
||||
this.url.searchParams.append('task', `${task}.${task}`);
|
||||
this.request('fetch');
|
||||
} else {
|
||||
document.getElementById('progress').remove();
|
||||
window.parent.document.querySelector('#modal-sync button.btn-close').click();
|
||||
}
|
||||
} catch (error) {
|
||||
try {
|
||||
if (response.error || response.success === false) {
|
||||
document.getElementById('patchtester-progress-header').innerText(Joomla.JText._('COM_PATCHTESTER_FETCH_AN_ERROR_HAS_OCCURRED'));
|
||||
document.getElementById('patchtester-progress-message').innerHTML = Joomla.sanitizeHtml(response.message);
|
||||
}
|
||||
} catch (ignore) {
|
||||
if (error === '') {
|
||||
error = Joomla.JText._('COM_PATCHTESTER_NO_ERROR_RETURNED');
|
||||
}
|
||||
|
||||
if (response.data.header) {
|
||||
jQuery('#patchtester-progress-header').html(response.data.header);
|
||||
}
|
||||
|
||||
if (!response.data.complete) {
|
||||
// Send another request
|
||||
getRequest('fetch');
|
||||
} else {
|
||||
jQuery('#progress').remove();
|
||||
jQuery('#modal-sync button.btn-close', window.parent.document).trigger('click');
|
||||
}
|
||||
} catch (error) {
|
||||
try {
|
||||
if (response.error || response.success === false) {
|
||||
jQuery('#patchtester-progress-header').text(Joomla.JText._('COM_PATCHTESTER_FETCH_AN_ERROR_HAS_OCCURRED'));
|
||||
jQuery('#patchtester-progress-message').html(response.message);
|
||||
}
|
||||
} catch (ignore) {
|
||||
if (error === '') {
|
||||
error = Joomla.JText._('COM_PATCHTESTER_NO_ERROR_RETURNED');
|
||||
}
|
||||
|
||||
jQuery('#patchtester-progress-header').text(Joomla.JText._('COM_PATCHTESTER_FETCH_AN_ERROR_HAS_OCCURRED'));
|
||||
jQuery('#patchtester-progress-message').html(error);
|
||||
jQuery('#progress').remove();
|
||||
}
|
||||
}
|
||||
return true;
|
||||
},
|
||||
error: function (jqXHR, textStatus, errorThrown) {
|
||||
var json = (typeof jqXHR === 'object' && jqXHR.responseText) ? jqXHR.responseText : null;
|
||||
jQuery('#patchtester-progress-header').text(Joomla.JText._('COM_PATCHTESTER_FETCH_AN_ERROR_HAS_OCCURRED'));
|
||||
jQuery('#patchtester-progress-message').html(json);
|
||||
jQuery('#progress').remove();
|
||||
}
|
||||
});
|
||||
};
|
||||
|
||||
initialize();
|
||||
};
|
||||
|
||||
jQuery(function () {
|
||||
new PatchFetcher();
|
||||
|
||||
if (typeof window.parent.SqueezeBox === 'object') {
|
||||
jQuery(window.parent.SqueezeBox).on('close', function () {
|
||||
window.parent.location.reload(true);
|
||||
});
|
||||
document.getElementById('patchtester-progress-header').innerText(Joomla.JText._('COM_PATCHTESTER_FETCH_AN_ERROR_HAS_OCCURRED'));
|
||||
document.getElementById('patchtester-progress-message').innerHTML = Joomla.sanitizeHtml(error);
|
||||
document.getElementById('progress').remove();
|
||||
}
|
||||
}
|
||||
return true;
|
||||
},
|
||||
onError: (jqXHR) => {
|
||||
const json = (typeof jqXHR === 'object' && jqXHR.responseText) ? jqXHR.responseText : null;
|
||||
document.getElementById('patchtester-progress-header').innerText(Joomla.JText._('COM_PATCHTESTER_FETCH_AN_ERROR_HAS_OCCURRED'));
|
||||
document.getElementById('patchtester-progress-message').innerHTML = Joomla.sanitizeHtml(json);
|
||||
document.getElementById('progress').remove();
|
||||
}
|
||||
});
|
||||
}(jQuery, Joomla, window);
|
||||
}
|
||||
}
|
||||
|
||||
new PatchFetcher();
|
||||
|
|
|
|||
Loading…
Reference in New Issue