Skip to content

Commit

Permalink
add postinstall message message
Browse files Browse the repository at this point in the history
  • Loading branch information
@zero-24
zero-24 committed Aug 2, 2020
1 parent cd4fcbb commit 4842af6
Show file tree
Hide file tree
Showing 5 changed files with 37 additions and 0 deletions.
27 changes: 27 additions & 0 deletions administrator/components/com_admin/postinstall/htaccesssvg.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
<?php
/**
* @package Joomla.Administrator
* @subpackage com_admin
*
* @copyright Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*
* This file contains post-installation message handling for notifying users of a change
* in the default .htaccess file regarding hardeneing against XSS in SVG's
*/

defined('_JEXEC') or die;

/**
* Notifies users of a change in the default .htaccess file regarding hardeneing against XSS in SVG's
*
* This check returns true regardless of condition.
*
* @return boolean
*
* @since __DEPLOY_VERSION__
*/
function admin_postinstall_htaccesssvg_condition()
{
return true;
}
3 changes: 3 additions & 0 deletions administrator/components/com_admin/sql/updates/mysql/3.9.21-2020-08-02.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
INSERT INTO `#__postinstall_messages` (`extension_id`, `title_key`, `description_key`, `action_key`, `language_extension`, `language_client_id`, `type`, `action_file`, `action`, `condition_file`, `condition_method`, `version_introduced`, `enabled`)
VALUES
(700, 'COM_CPANEL_MSG_HTACCESSSVG_TITLE', 'COM_CPANEL_MSG_HTACCESSSVG_BODY', '', 'com_cpanel', 1, 'message', '', '', 'admin://components/com_admin/postinstall/htaccesssvg.php', 'admin_postinstall_htaccesssvg_condition', '3.9.21', 1);
3 changes: 3 additions & 0 deletions administrator/components/com_admin/sql/updates/postgresql/3.9.21-2020-08-02.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
INSERT INTO "#__postinstall_messages" ("extension_id", "title_key", "description_key", "action_key", "language_extension", "language_client_id", "type", "action_file", "action", "condition_file", "condition_method", "version_introduced", "enabled")
VALUES
(700, 'COM_CPANEL_MSG_HTACCESSSVG_TITLE', 'COM_CPANEL_MSG_HTACCESSSVG_BODY', '', 'com_cpanel', 1, 'message', '', '', 'admin://components/com_admin/postinstall/htaccesssvg.php', 'admin_postinstall_htaccesssvg_condition', '3.9.21', 1);
2 changes: 2 additions & 0 deletions administrator/components/com_admin/sql/updates/sqlazure/3.9.21-2020-08-02.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
INSERT INTO [#__postinstall_messages] ([extension_id], [title_key], [description_key], [action_key], [language_extension], [language_client_id], [type], [action_file], [action], [condition_file], [condition_method], [version_introduced], [enabled])
SELECT 700, 'COM_CPANEL_MSG_HTACCESSSVG_TITLE', 'COM_CPANEL_MSG_HTACCESSSVG_BODY', '', 'com_cpanel', 1, 'message', '', '', 'admin://components/com_admin/postinstall/htaccesssvg.php', 'admin_postinstall_textfilter3919_condition', '3.9.19', 1;
2 changes: 2 additions & 0 deletions administrator/language/en-GB/en-GB.com_cpanel.ini
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ COM_CPANEL_MSG_EACCELERATOR_BUTTON="Change to File."
COM_CPANEL_MSG_EACCELERATOR_TITLE="eAccelerator is not compatible with Joomla!"
COM_CPANEL_MSG_HTACCESS_BODY="A change to the default .htaccess and web.config files was made in Joomla! 3.4 to disallow folder listings by default. Users are recommended to implement this change in their files. Please see <a href="_QQ_"https://docs.joomla.org/Special:MyLanguage/Preconfigured_htaccess"_QQ_">this page</a> for more information."
COM_CPANEL_MSG_HTACCESS_TITLE=".htaccess & web.config Update"
COM_CPANEL_MSG_HTACCESSSVG_TITLE="Additional XSS protection for the usage of SVG files"
COM_CPANEL_MSG_HTACCESSSVG_BODY="<p>Since 3.9.21 Joomla is shipped with an additional security rule in the default htaccess.txt. This rule will protect users of svg files from potential Cross-Site-Scripting (XSS) vulnerabilities.<br>The security team recommends to manually apply the necessary changes to existing .htaccess files, as those file can not be updated automatically.</p><p><strong>Changes for .htaccess</strong><br /></p><pre>&lt;FilesMatch \"\.svg$\"&gt;\nHeader always set Content-Security-Policy \"script-src 'none'\"\n&lt;/FilesMatch&gt;</pre><br>Right know we are not aware on how to conditional configure this on IIS setups please contact your hosting provider for future instructions.</p>"
COM_CPANEL_MSG_JOOMLA40_PRE_CHECKS_TITLE="Prepare for the next Major Release of Joomla"
COM_CPANEL_MSG_JOOMLA40_PRE_CHECKS_BODY="<p>Beginning with Joomla! 4.0 we are raising the minimum server requirements. If you are seeing this message then your current configuration does not meet these new minimum requirements.</p><p>The <a href="_QQ_"https://developer.joomla.org/news/788-joomla-4-on-the-move.html"_QQ_"><strong>minimum</strong> requirements</a> are the following:</p><ul><li>PHP 7.2.5</li><li>MySQL 5.6</li><li>MariaDB 10.1</li><li>PostgreSQL 11.0</li><li>MS SQL will <strong>not</strong> be supported</li><li>MySQL using the legacy `ext/mysql` PHP extension will <strong>not</strong> be supported, either the MySQLi or \"MySQL (PDO)\" driver must be used instead</li><li>PostgreSQL using the `ext/pgsql` PHP extension will <strong>not</strong> be supported, the \"PostgreSQL (PDO)\" driver must be used instead</li></ul><p>Please contact your hosting provider to ask how you can meet these raised server requirements - it is usually a very simple change. When you meet these new requirements then this message will no longer be displayed.</p>"
COM_CPANEL_MSG_LANGUAGEACCESS340_TITLE="You have possible issues with your multilingual settings"
Expand Down

0 comments on commit 4842af6

Please sign in to comment.