Merge branch 'master' of https://github.com/joomla/joomla-cms

.gitignore

@@ -118,6 +118,8 @@ Desktop.ini
 /libraries/vendor/psr/log/.gitignore
 /libraries/vendor/psr/log/composer.json
 /libraries/vendor/psr/log/README.md
+/libraries/vendor/symfony/polyfill-php55/composer.json
+/libraries/vendor/symfony/polyfill-php55/README.md
 /libraries/vendor/symfony/polyfill-php56/composer.json
 /libraries/vendor/symfony/polyfill-php56/README.md
 /libraries/vendor/symfony/polyfill-util/composer.json

administrator/components/com_categories/tables/category.php

@@ -24,7 +24,6 @@ class CategoriesTableCategory extends JTableCategory
 	 *
 	 * @return  boolean  True on success.
 	 *
-	 * @see     https://docs.joomla.org/JTableNested/delete
 	 * @since   2.5
 	 */
 	public function delete($pk = null, $children = false)

administrator/components/com_config/model/application.php

@@ -403,6 +403,11 @@ public function storePermissions($permission = null)
 			return false;
 		}
 
+		$permission['component'] = empty($permission['component']) ? 'root.1' : $permission['component'];
+
+		// Current view is global config?
+		$isGlobalConfig = $permission['component'] === 'root.1';
+
 		// Check if changed group has Super User permissions.
 		$isSuperUserGroupBefore = JAccess::checkGroup($permission['rule'], 'core.admin');
 
@@ -493,6 +498,15 @@ public function storePermissions($permission = null)
 				$parentAssetId = $parentAsset->getRootId();
 			}
 
+			/**
+			 * @to do: incorrect ACL stored
+			 * When changing a permission of an item that doesn't have a row in the asset table the row a new row is created.
+			 * This works fine for item <-> component <-> global config scenario and component <-> global config scenario.
+			 * But doesn't work properly for item <-> section(s) <-> component <-> global config scenario,
+			 * because a wrong parent asset id (the component) is stored.
+			 * Happens when there is no row in the asset table (ex: deleted or not created on update).
+			 */
+
 			$asset->setLocation($parentAssetId, 'last-child');
 
 			if (!$asset->check() || !$asset->store())
@@ -541,7 +555,7 @@ public function storePermissions($permission = null)
 			// Store the new permissions.
 			try
 			{
-				$query = $this->db->getQuery(true)
+				$query->clear()
 					->update($this->db->quoteName('#__assets'))
 					->set($this->db->quoteName('rules') . ' = ' . $this->db->quote(json_encode($temp)))
 					->where($this->db->quoteName('name') . ' = ' . $this->db->quote($permission['component']));
@@ -568,30 +582,54 @@ public function storePermissions($permission = null)
 		try
 		{
 			// Get the asset id by the name of the component.
-			$query = $this->db->getQuery(true)
-					->select($this->db->quoteName('id'))
-					->from($this->db->quoteName('#__assets'))
-					->where($this->db->quoteName('name') . ' = ' . $this->db->quote($permission['component']));
+			$query->clear()
+				->select($this->db->quoteName('id'))
+				->from($this->db->quoteName('#__assets'))
+				->where($this->db->quoteName('name') . ' = ' . $this->db->quote($permission['component']));
 
 			$this->db->setQuery($query);
 
 			$assetId = (int) $this->db->loadResult();
 
-			// Get the group parent id of the current group.
-			$query = $this->db->getQuery(true)
+			// Fetch the parent asset id.
+			$parentAssetId = null;
+
+			/**
+			 * @to do: incorrect info
+			 * When creating a new item (not saving) it uses the calculated permissions from the component (item <-> component <-> global config).
+			 * But if we have a section too (item <-> section(s) <-> component <-> global config) this is not correct.
+			 * Also, currently it uses the component permission, but should use the calculated permissions for achild of the component/section.
+			 */
+
+			// If not in global config we need the parent_id asset to calculate permissions.
+			if (!$isGlobalConfig)
+			{
+				// In this case we need to get the component rules too.
+				$query->clear()
 					->select($this->db->quoteName('parent_id'))
-					->from($this->db->quoteName('#__usergroups'))
-					->where($this->db->quoteName('id') . ' = ' . (int) $permission['rule']);
+					->from($this->db->quoteName('#__assets'))
+					->where($this->db->quoteName('id') . ' = ' . $assetId);
+
+				$this->db->setQuery($query);
+
+				$parentAssetId = (int) $this->db->loadResult();
+			}
+
+			// Get the group parent id of the current group.
+			$query->clear()
+				->select($this->db->quoteName('parent_id'))
+				->from($this->db->quoteName('#__usergroups'))
+				->where($this->db->quoteName('id') . ' = ' . (int) $permission['rule']);
 
 			$this->db->setQuery($query);
 
 			$parentGroupId = (int) $this->db->loadResult();
 
 			// Count the number of child groups of the current group.
-			$query = $this->db->getQuery(true)
-					->select('COUNT(' . $this->db->quoteName('id') . ')')
-					->from($this->db->quoteName('#__usergroups'))
-					->where($this->db->quoteName('parent_id') . ' = ' . (int) $permission['rule']);
+			$query->clear()
+				->select('COUNT(' . $this->db->quoteName('id') . ')')
+				->from($this->db->quoteName('#__usergroups'))
+				->where($this->db->quoteName('parent_id') . ' = ' . (int) $permission['rule']);
 
 			$this->db->setQuery($query);
 
@@ -611,12 +649,12 @@ public function storePermissions($permission = null)
 		$isSuperUserGroupAfter = JAccess::checkGroup($permission['rule'], 'core.admin');
 
 		// Get the rule for just this asset (non-recursive) and get the actual setting for the action for this group.
-		$assetRule = JAccess::getAssetRules($assetId)->allow($permission['action'], $permission['rule']);
+		$assetRule = JAccess::getAssetRules($assetId, false, false)->allow($permission['action'], $permission['rule']);
 
 		// Get the group, group parent id, and group global config recursive calculated permission for the chosen action.
-		$inheritedGroupRule       = JAccess::checkGroup($permission['rule'], $permission['action'], $assetId);
-		$inheritedGroupGlobalRule = JAccess::checkGroup($permission['rule'], $permission['action']);
-		$inheritedParentGroupRule = JAccess::checkGroup($parentGroupId, $permission['action'], $assetId);
+		$inheritedGroupRule            = JAccess::checkGroup($permission['rule'], $permission['action'], $assetId);
+		$inheritedGroupParentAssetRule = !empty($parentAssetId) ? JAccess::checkGroup($permission['rule'], $permission['action'], $parentAssetId) : null;
+		$inheritedParentGroupRule      = !empty($parentGroupId) ? JAccess::checkGroup($parentGroupId, $permission['action'], $assetId) : null;
 
 		// Current group is a Super User group, so calculated setting is "Allowed (Super User)".
 		if ($isSuperUserGroupAfter)
@@ -644,6 +682,12 @@ public function storePermissions($permission = null)
 
 			// Second part: Overwrite the calculated permissions labels if there is an explicity permission in the current group.
 
+			/**
+			 * @to do: incorect info
+			 * If a component as a permission that doesn't exists in global config (ex: frontend editing in com_modules) by default
+			 * we get "Not Allowed (Inherited)" when we should get "Not Allowed (Default)".
+			 */
+
 			// If there is an explicity permission "Not Allowed". Calculated permission is "Not Allowed".
 			if ($assetRule === false)
 			{
@@ -659,23 +703,18 @@ public function storePermissions($permission = null)
 
 			// Third part: Overwrite the calculated permissions labels for special cases.
 
-			// User in in global config Root (Public)?
-			$isGlobalConfig = (empty($permission['component']) || $permission['component'] === 'root.1') ? true : false;
-
 			// Global configuration with "Not Set" permission. Calculated permission is "Not Allowed (Default)".
 			if (empty($parentGroupId) && $isGlobalConfig === true && $assetRule === null)
 			{
 				$result['class'] = 'label label-important';
 				$result['text']  = JText::_('JLIB_RULES_NOT_ALLOWED_DEFAULT');
 			}
-			// Component/item root level with explicit "Denied" permission at Global configuration. Calculated permission is "Not Allowed (Locked)".
-			elseif (empty($parentGroupId) && $isGlobalConfig === false && $inheritedParentGroupRule === null && $inheritedGroupGlobalRule === false)
-			{
-				$result['class'] = 'label label-important';
-				$result['text']  = '<span class="icon-lock icon-white"></span>' . JText::_('JLIB_RULES_NOT_ALLOWED_LOCKED');
-			}
-			// Some parent group has an explicit "Denied". Calculated permission is "Not Allowed (Locked)".
-			elseif ($inheritedParentGroupRule === false)
+			/**
+			 * Component/Item with explicit "Denied" permission at parent Asset (Category, Component or Global config) configuration.
+			 * Or some parent group has an explicit "Denied".
+			 * Calculated permission is "Not Allowed (Locked)".
+			 */
+			elseif ($inheritedGroupParentAssetRule === false || $inheritedParentGroupRule === false)
 			{
 				$result['class'] = 'label label-important';
 				$result['text']  = '<span class="icon-lock icon-white"></span>' . JText::_('JLIB_RULES_NOT_ALLOWED_LOCKED');

administrator/components/com_config/view/component/tmpl/default.php

@@ -43,14 +43,16 @@
 
 <form action="<?php echo JRoute::_('index.php?option=com_config'); ?>" id="component-form" method="post" name="adminForm" autocomplete="off" class="form-validate form-horizontal">
 	<div class="row-fluid">
+
 		<!-- Begin Sidebar -->
-		<div id="sidebar" class="span2">
+		<div class="span2" id="sidebar">
 			<div class="sidebar-nav">
 				<?php echo $this->loadTemplate('navigation'); ?>
 			</div>
-		</div>
-		<!-- End Sidebar -->
-		<div class="span10">
+		</div><!-- End Sidebar -->
+
+		<div class="span10" id="config">
+
 			<ul class="nav nav-tabs" id="configTabs">
 				<?php foreach ($this->fieldsets as $name => $fieldSet) : ?>
 					<?php $rel = ''; ?>
@@ -59,7 +61,7 @@
 						<?php JHtml::_('script', 'jui/cms.js', false, true); ?>
 						<?php $showonarr = array(); ?>
 						<?php foreach (preg_split('%\[AND\]|\[OR\]%', $fieldSet->showon) as $showonfield) : ?>
-							<?php $showon   = explode(':', $showonfield, 2); ?>
+							<?php $showon = explode(':', $showonfield, 2); ?>
 							<?php $showonarr[] = array(
 								'field'  => $this->form->getFormControl() . '[' . $showon[0] . ']',
 								'values' => explode(',', $showon[1]),
@@ -69,55 +71,55 @@
 						<?php $rel = ' data-showon=\'' . json_encode($showonarr) . '\''; ?>
 					<?php endif; ?>
 					<?php $label = empty($fieldSet->label) ? 'COM_CONFIG_' . $name . '_FIELDSET_LABEL' : $fieldSet->label; ?>
-					<li<?php echo $rel; ?>><a href="#<?php echo $name; ?>" data-toggle="tab"><?php echo JText::_($label); ?></a></li>
+					<li<?php echo $rel; ?>><a data-toggle="tab" href="#<?php echo $name; ?>"><?php echo JText::_($label); ?></a></li>
 				<?php endforeach; ?>
-			</ul>
-			<div class="tab-content">
+			</ul><!-- /configTabs -->
+
+			<div class="tab-content" id="configContent">
 				<?php foreach ($this->fieldsets as $name => $fieldSet) : ?>
 					<div class="tab-pane" id="<?php echo $name; ?>">
-						<?php
-						if (isset($fieldSet->description) && !empty($fieldSet->description))
-						{
-							echo '<p class="tab-description">' . JText::_($fieldSet->description) . '</p>';
-						}
-						?>
+						<?php if (isset($fieldSet->description) && !empty($fieldSet->description)) : ?>
+							<div class="tab-description alert alert-info">
+								<span class="icon-info"></span> <?php echo JText::_($fieldSet->description); ?>
+							</div>
+						<?php endif; ?>
 						<?php foreach ($this->form->getFieldset($name) as $field) : ?>
-							<?php
-							$datashowon = '';
-							if ($showonstring = $field->getAttribute('showon'))							{
-								JHtml::_('jquery.framework');
-								JHtml::_('script', 'jui/cms.js', false, true);
-								$showonarr = array();
-
-								foreach (preg_split('%\[AND\]|\[OR\]%', $showonstring) as $showonfield)
-								{
-									$showon   = explode(':', $showonfield, 2);
-									$showonarr[] = array(
+							<?php $datashowon = ''; ?>
+							<?php if ($showonstring = $field->getAttribute('showon')) : ?>
+								<?php JHtml::_('jquery.framework'); ?>
+								<?php JHtml::_('script', 'jui/cms.js', false, true); ?>
+								<?php $showonarr = array(); ?>
+								<?php foreach (preg_split('%\[AND\]|\[OR\]%', $showonstring) as $showonfield) : ?>
+									<?php $showon = explode(':', $showonfield, 2); ?>
+									<?php $showonarr[] = array(
 										'field'  => $this->form->getFormControl() . '[' . $this->form->getFieldAttribute($showon[0], 'name') . ']',
 										'values' => explode(',', $showon[1]),
 										'op'     => (preg_match('%\[(AND|OR)\]' . $showonfield . '%', $showonstring, $matches)) ? $matches[1] : ''
-									);
-								}
-								$datashowon = ' data-showon=\'' . json_encode($showonarr) . '\'';
-							}
-							?>
-							<div class="control-group"<?php echo $datashowon; ?>>
-								<?php if (!$field->hidden && $name != "permissions") : ?>
-									<div class="control-label">
-										<?php echo $field->label; ?>
+									); ?>
+								<?php endforeach; ?>
+								<?php $datashowon = ' data-showon=\'' . json_encode($showonarr) . '\''; ?>
+							<?php endif; ?>
+							<?php if ($field->hidden) : ?>
+								<?php echo $field->input; ?>
+							<?php else : ?>
+								<div class="control-group"<?php echo $datashowon; ?>>
+									<?php if ($name != "permissions") : ?>
+										<div class="control-label">
+											<?php echo $field->label; ?>
+										</div>
+									<?php endif; ?>
+									<div class="<?php if ($name != "permissions") : ?>controls<?php endif; ?>">
+										<?php echo $field->input; ?>
 									</div>
-								<?php endif; ?>
-								<div class="<?php if ($name != "permissions") : ?>controls<?php endif; ?>">
-									<?php echo $field->input; ?>
 								</div>
-							</div>
+							<?php endif; ?>
 						<?php endforeach; ?>
 					</div>
 				<?php endforeach; ?>
-			</div>
-		</div>
-	</div>
-	<div>
+			</div><!-- /configContent -->
+
+		</div><!-- /config -->
+
 		<input type="hidden" name="id" value="<?php echo $this->component->id; ?>" />
 		<input type="hidden" name="component" value="<?php echo $this->component->option; ?>" />
 		<input type="hidden" name="return" value="<?php echo $this->return; ?>" />

administrator/components/com_login/controller.php

@@ -36,6 +36,12 @@ public function display($cachable = false, $urlparams = false)
 		$this->input->set('view', 'login');
 		$this->input->set('layout', 'default');
 
+		// For non-html formats we do not have login view, so just display 403 instead
+		if ($this->input->get('format', 'html') !== 'html')
+		{
+			throw new RuntimeException(JText::_('JERROR_ALERTNOAUTHOR'), 403);
+		}
+
 		parent::display();
 	}
 

administrator/components/com_menus/tables/menu.php

@@ -25,7 +25,6 @@ class MenusTableMenu extends JTableMenu
 	 * @return  boolean  True on success.
 	 *
 	 * @since   2.5
-	 * @see     https://docs.joomla.org/JTableNested/delete
 	 */
 	public function delete($pk = null, $children = false)
 	{

administrator/components/com_tags/tables/tag.php

@@ -263,7 +263,6 @@ public function store($updateNulls = false)
 	 * @return  boolean  True on success.
 	 *
 	 * @since   3.1
-	 * @see     https://docs.joomla.org/JTableNested/delete
 	 */
 	public function delete($pk = null, $children = false)
 	{

administrator/components/com_users/tables/note.php

@@ -75,7 +75,6 @@ public function store($updateNulls = false)
 	 *
 	 * @return  boolean  True on success.
 	 *
-	 * @link    https://docs.joomla.org/JTable/publish
 	 * @since   2.5
 	 */
 	public function publish($pks = null, $state = 1, $userId = 0)

administrator/components/com_users/views/user/tmpl/edit.php

@@ -75,32 +75,9 @@
 			<?php endif; ?>
 
 			<?php
-			foreach ($fieldsets as $fieldset) :
-				if ($fieldset->name == 'user_details') :
-					continue;
-				endif;
+			$this->ignore_fieldsets = array('user_details');
+			echo JLayoutHelper::render('joomla.edit.params', $this);
 			?>
-			<?php echo JHtml::_('bootstrap.addTab', 'myTab', $fieldset->name, JText::_($fieldset->label)); ?>
-				<?php foreach ($this->form->getFieldset($fieldset->name) as $field) : ?>
-					<?php if ($field->hidden) : ?>
-						<div class="control-group">
-							<div class="controls">
-								<?php echo $field->input; ?>
-							</div>
-						</div>
-					<?php else: ?>
-						<div class="control-group">
-							<div class="control-label">
-								<?php echo $field->label; ?>
-							</div>
-							<div class="controls">
-								<?php echo $field->input; ?>
-							</div>
-						</div>
-					<?php endif; ?>
-				<?php endforeach; ?>
-		<?php echo JHtml::_('bootstrap.endTab'); ?>
-		<?php endforeach; ?>
 
 		<?php if (!empty($this->tfaform) && $this->item->id): ?>
 		<?php echo JHtml::_('bootstrap.addTab', 'myTab', 'twofactorauth', JText::_('COM_USERS_USER_TWO_FACTOR_AUTH')); ?>
@@ -153,4 +130,4 @@
 
 	<input type="hidden" name="task" value="" />
 	<?php echo JHtml::_('form.token'); ?>
-</form>
+</form>

administrator/templates/isis/html/layouts/joomla/form/field/user.php

@@ -3,7 +3,7 @@
  * @package     Joomla.Administrator
  * @subpackage  Layout
  *
- * @copyright   Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
+ * @copyright   Copyright (C) 2005 - 2016 Open Source Matters, Inc. All rights reserved.
  * @license     GNU General Public License version 2 or later; see LICENSE.txt
  */