fixed backend options, moved js to a seperate file, added session tokens

joomla · Aug 10, 2016 · 3461949 · 3461949
1 parent cc283cd
commit 3461949
Show file tree

Hide file tree

Showing 9 changed files with 80 additions and 64 deletions.
diff --git a/administrator/components/com_users/config.xml b/administrator/components/com_users/config.xml
@@ -257,6 +257,7 @@
 			rows="4" 
 			cols="50"
 			filter="string"
+			showon="allowed_chars_username_preset:1,2,3"
 			>
 		</field>
 

diff --git a/administrator/language/en-GB/en-GB.com_users.ini b/administrator/language/en-GB/en-GB.com_users.ini
@@ -35,7 +35,7 @@ COM_USERS_CONFIG_FIELD_CAPTCHA_LABEL="Captcha"
 COM_USERS_CONFIG_FIELD_CHANGEUSERNAME_DESC="Allow users to change their Login name when editing their profile."
 COM_USERS_CONFIG_FIELD_CHANGEUSERNAME_LABEL="Change Login Name"
 COM_USERS_CONFIG_FIELD_EMAIL_REGEX_LABEL="Forbidden domains"
-COM_USERS_CONFIG_FIELD_EMAIL_REGEX_DESC="Expression for forbidden email adress endings. Example: Forbid all email addresses from example.com. Input:<br /> example.com<br />For many entries add a new line after every entry. <br />Input: <br />example.com<br />example2.com"
+COM_USERS_CONFIG_FIELD_EMAIL_REGEX_DESC="List of forbidden domain names. Place each domain name on a new line."
 COM_USERS_CONFIG_FIELD_FRONTEND_LANG_DESC="If 'Frontend User Parameters' is set to 'Show', users will be able to select their Frontend language preference when registering."
 COM_USERS_CONFIG_FIELD_FRONTEND_LANG_LABEL="Frontend Language"
 COM_USERS_CONFIG_FIELD_FRONTEND_RESET_COUNT_DESC="The maximum number of password resets allowed within the time period. Zero indicates no limit."

diff --git a/components/com_users/controllers/registration.json.php b/components/com_users/controllers/registration.json.php
@@ -13,7 +13,7 @@
 /**
  * Profile controller class for Users.
  *
- * @since  1.6
+ * @since  __DEPLOY_VERSION__
  */
 class UsersControllerRegistration extends UsersController
 {
@@ -22,10 +22,13 @@ class UsersControllerRegistration extends UsersController
 	 *
 	 * @return      JResponseJson Array with the information of the user/email
 	 *
-	 * @since
+	 * @since 		__DEPLOY_VERSION__
 	 */
 	public function validate()
 	{
+		// Check for request forgeries.
+		JSession::checkToken('get') or jexit(JText::_('JINVALID_TOKEN'));
+
 		// Read username from ajax
 		$username = $this->input->get('username', '', 'username');
 		$email = $this->input->get('email', '', 'email');

diff --git a/components/com_users/views/registration/tmpl/default.php b/components/com_users/views/registration/tmpl/default.php
@@ -11,6 +11,8 @@
 
 JHtml::_('behavior.keepalive');
 JHtml::_('behavior.formvalidator');
+
+$ajaxUri = JRoute::_('index.php?option=com_users&task=registration.validate&format=json&' . JSession::getFormToken() . '=1');
 ?>
 <div class="registration<?php echo $this->pageclass_sfx?>">
 	<?php if ($this->params->get('show_page_heading')) : ?>
@@ -56,6 +58,7 @@
 				<button type="submit" class="btn btn-primary validate"><?php echo JText::_('JREGISTER');?></button>
 				<a class="btn" href="<?php echo JRoute::_('');?>" title="<?php echo JText::_('JCANCEL');?>"><?php echo JText::_('JCANCEL');?></a>
 				<input type="hidden" name="option" value="com_users" />
+				<input type="hidden" data-url="<?php echo $ajaxUri ?>" id="ajax-validation"/>
 				<input type="hidden" name="task" value="registration.register" />
 			</div>
 		</div>

diff --git a/components/com_users/views/registration/view.html.php b/components/com_users/views/registration/view.html.php
@@ -42,6 +42,10 @@ public function display($tpl = null)
 		$this->state  = $this->get('State');
 		$this->params = $this->state->get('params');
 
+		JText::script('COM_USERS_PROFILE_EMAIL2_MESSAGE');
+		JText::script('COM_USERS_FIELD_RESET_PASSWORD1_MESSAGE');
+		JHtml::_('script', 'com_users/validate-user.js', false, true);
+
 		// Check for errors.
 		if (count($errors = $this->get('Errors')))
 		{

diff --git a/libraries/cms/html/behavior.php b/libraries/cms/html/behavior.php
@@ -183,8 +183,6 @@ public static function formvalidator()
 
 		// Add validate.js language strings
 		JText::script('JLIB_FORM_FIELD_INVALID');
-        JText::script('COM_USERS_PROFILE_EMAIL2_MESSAGE');
-        JText::script('COM_USERS_FIELD_RESET_PASSWORD1_MESSAGE');
 
 		JHtml::_('script', 'system/punycode.js', false, true);
 		JHtml::_('script', 'system/validate.js', false, true);

diff --git a/media/com_users/js/validate-user.js b/media/com_users/js/validate-user.js
@@ -0,0 +1,64 @@
+window.onload = function() {
+    var ajaxUrl = document.getElementById('ajax-validation').getAttribute('data-url');
+
+    // check if username is already in database
+    jQuery('#jform_username').change(function(){
+        var name = jQuery(this).val();
+        if(name.length){
+            jQuery.ajax({
+                type: 'POST',
+                url: ajaxUrl + '&username=' + name
+            }).done(function(data){
+                if(data.success){
+                    var message = {
+                        'error' : [data.message]
+                    };
+                    Joomla.renderMessages(message);
+                }
+            });
+        }
+    });
+    // check if email is already in database
+    jQuery('#jform_email1').change(function(){
+        var mail = jQuery(this).val();
+        if(mail.length) {
+            jQuery.ajax({
+                type: 'POST',
+                url:  ajaxUrl + '&email=' + mail
+            }).done(function (data) {
+                if (data.success) {
+                    var message = {
+                        'error': [data.message]
+                    };
+                    Joomla.renderMessages(message);
+                }
+            });
+        }
+    });
+    //check if emails are equal
+    jQuery('#jform_email2').change(function(){
+        var mail1 = jQuery('#jform_email1').val();
+        var mail2 = jQuery('#jform_email2').val();
+        if(mail1.length && mail2.length){
+            if(mail1 != mail2){
+                var message = {
+                    'error' : [ Joomla.JText._('COM_USERS_PROFILE_EMAIL2_MESSAGE') ]
+                };
+                Joomla.renderMessages(message);
+            }
+        }
+    });
+    //check if password are equal
+    jQuery('#jform_password2').change(function(){
+        var pass1 = jQuery('#jform_password1').val();
+        var pass2 = jQuery('#jform_password2').val();
+        if(pass1.length && pass2.length){
+            if(pass1 != pass2){
+                var message = {
+                    'error' : [ Joomla.JText._('COM_USERS_FIELD_RESET_PASSWORD1_MESSAGE')]
+                };
+                Joomla.renderMessages(message);
+            }
+        }
+    });
+}
diff --git a/media/system/js/validate-uncompressed.js b/media/system/js/validate-uncompressed.js
@@ -199,64 +199,7 @@ var JFormValidator = function() {
                 var regex = /^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/;
                 return regex.test(value);
             });
-            //check if username is already in database
-            jQuery('#jform_username').change(function(){
-                var name = jQuery(this).val();
-                if(name.length){
-                    jQuery.ajax({
-                        url: 'index.php?option=com_users&task=registration.validate&format=json&username=' + name,
-                    }).done(function(data){
-                        if(data.success){
-                            var message = {
-                                'error' : [data.message]
-                            };
-                            Joomla.renderMessages(message);
-                        }
-                    });
-                }
-            });
-            //check if email is already in database
-            jQuery('#jform_email1').change(function(){
-                var mail = jQuery(this).val();
-                if(mail.length) {
-                    jQuery.ajax({
-                        url: 'index.php?option=com_users&task=registration.validate&format=json&email=' + mail,
-                    }).done(function (data) {
-                        if (data.success) {
-                            var message = {
-                                'error': [data.message]
-                            };
-                            Joomla.renderMessages(message);
-                        }
-                    });
-                }
-            });
-            //check if emails are equal
-            jQuery('#jform_email2').change(function(){
-                var mail1 = jQuery('#jform_email1').val();
-                var mail2 = jQuery('#jform_email2').val();
-                if(mail1.length && mail2.length){
-                    if(mail1 != mail2){
-                        var message = {
-                            'error' : [ Joomla.JText._('COM_USERS_PROFILE_EMAIL2_MESSAGE') ]
-                        };
-                        Joomla.renderMessages(message);
-                    }
-                }
-            });
-            //check if password are equal
-            jQuery('#jform_password2').change(function(){
-                var pass1 = jQuery('#jform_password1').val();
-                var pass2 = jQuery('#jform_password2').val();
-                if(pass1.length && pass2.length){
-                    if(pass1 != pass2){
-                        var message = {
-                            'error' : [ Joomla.JText._('COM_USERS_FIELD_RESET_PASSWORD1_MESSAGE')]
-                        };
-                        Joomla.renderMessages(message);
-                    }
-                }
-            });
+
             // Attach to forms with class 'form-validate'
             var forms = jQuery('form.form-validate');
             for (var i = 0, l = forms.length; i < l; i++) {

diff --git a/media/system/js/validate.js b/media/system/js/validate.js