Sync. Merge branch '4.0-dev' into lang-assoc-fix

joomla · Dec 6, 2019 · 722df45 · 722df45
2 parents f035608 + f794274
commit 722df45
Show file tree

Hide file tree

Showing 85 changed files with 819 additions and 802 deletions.
diff --git a/administrator/components/com_associations/Helper/AssociationsHelper.php b/administrator/components/com_associations/Helper/AssociationsHelper.php
@@ -19,6 +19,7 @@
 use Joomla\CMS\Language\Text;
 use Joomla\CMS\Layout\LayoutHelper;
 use Joomla\CMS\Router\Route;
+use Joomla\Database\ParameterType;
 use Joomla\Registry\Registry;
 
 /**
@@ -263,12 +264,13 @@ public static function getAssociationHtmlList($extensionName, $typeName, $itemId
 					$query = $db->getQuery(true)
 						->select($db->quoteName('title'))
 						->from($db->quoteName('#__categories'))
-						->where($db->quoteName('id') . ' = ' . $db->quote($items[$langCode]['catid']));
+						->where($db->quoteName('id') . ' = :id')
+						->bind(':id', $items[$langCode]['catid'], ParameterType::INTEGER);
 
 					$db->setQuery($query);
-					$category_title = $db->loadResult();
+					$categoryTitle = $db->loadResult();
 
-					$additional = '<strong>' . Text::sprintf('JCATEGORY_SPRINTF', $category_title) . '</strong> <br>';
+					$additional = '<strong>' . Text::sprintf('JCATEGORY_SPRINTF', $categoryTitle) . '</strong> <br>';
 				}
 				elseif (isset($items[$langCode]['menutype']))
 				{
@@ -278,12 +280,13 @@ public static function getAssociationHtmlList($extensionName, $typeName, $itemId
 					$query = $db->getQuery(true)
 						->select($db->quoteName('title'))
 						->from($db->quoteName('#__menu_types'))
-						->where($db->quoteName('menutype') . ' = ' . $db->quote($items[$langCode]['menutype']));
+						->where($db->quoteName('menutype') . ' = :menutype')
+						->bind(':menutype', $items[$langCode]['menutype']);
 
 					$db->setQuery($query);
-					$menutype_title = $db->loadResult();
+					$menutypeTitle = $db->loadResult();
 
-					$additional = '<strong>' . Text::sprintf('COM_MENUS_MENU_SPRINTF', $menutype_title) . '</strong><br>';
+					$additional = '<strong>' . Text::sprintf('COM_MENUS_MENU_SPRINTF', $menutypeTitle) . '</strong><br>';
 				}
 
 				$labelClass  = 'badge-secondary';

diff --git a/administrator/components/com_associations/Model/AssociationsModel.php b/administrator/components/com_associations/Model/AssociationsModel.php
@@ -18,6 +18,7 @@
 use Joomla\CMS\Table\Table;
 use Joomla\Component\Associations\Administrator\Helper\AssociationsHelper;
 use Joomla\Database\Exception\ExecutionFailureException;
+use Joomla\Database\ParameterType;
 
 /**
  * Methods supporting a list of article records.
@@ -231,16 +232,27 @@ protected function getListQuery()
 		$query->select($db->quoteName($fields['language'], 'language'))
 			->select($db->quoteName('l.title', 'language_title'))
 			->select($db->quoteName('l.image', 'language_image'))
-			->join('LEFT', $db->quoteName('#__languages', 'l') . ' ON ' . $db->quoteName('l.lang_code') . ' = ' . $db->quoteName($fields['language']));
+			->join(
+				'LEFT',
+				$db->quoteName('#__languages', 'l'),
+				$db->quoteName('l.lang_code') . ' = ' . $db->quoteName($fields['language'])
+			);
+		$extensionNameItem = $extensionName . '.item';
 
 		// Join over the associations.
 		$query->select('COUNT(' . $db->quoteName('asso2.id') . ') > 1 AS ' . $db->quoteName('association'))
 			->join(
 				'LEFT',
-				$db->quoteName('#__associations', 'asso') . ' ON ' . $db->quoteName('asso.id') . ' = ' . $db->quoteName($fields['id'])
-				. ' AND ' . $db->quoteName('asso.context') . ' = ' . $db->quote($extensionName . '.item')
+				$db->quoteName('#__associations', 'asso'),
+				$db->quoteName('asso.id') . ' = ' . $db->quoteName($fields['id'])
+				. ' AND ' . $db->quoteName('asso.context') . ' = :context'
+			)
+			->join(
+				'LEFT',
+				$db->quoteName('#__associations', 'asso2'),
+				$db->quoteName('asso2.key') . ' = ' . $db->quoteName('asso.key')
 			)
-			->join('LEFT', $db->quoteName('#__associations', 'asso2') . ' ON ' . $db->quoteName('asso2.key') . ' = ' . $db->quoteName('asso.key'));
+			->bind(':context', $extensionNameItem);
 
 		// Prepare the group by clause.
 		$groupby = array(
@@ -268,7 +280,11 @@ protected function getListQuery()
 
 			// Join over the users.
 			$query->select($db->quoteName('u.name', 'editor'))
-				->join('LEFT', $db->quoteName('#__users', 'u') . ' ON ' . $db->quoteName('u.id') . ' = ' . $db->quoteName($fields['checked_out']));
+				->join(
+					'LEFT',
+					$db->quoteName('#__users', 'u'),
+					$db->quoteName('u.id') . ' = ' . $db->quoteName($fields['checked_out'])
+				);
 
 			$groupby[] = 'u.name';
 			$groupby[] = $fields['checked_out'];
@@ -306,7 +322,11 @@ protected function getListQuery()
 
 			// Join over the categories.
 			$query->select($db->quoteName('c.title', 'category_title'))
-				->join('LEFT', $db->quoteName('#__categories', 'c') . ' ON ' . $db->quoteName('c.id') . ' = ' . $db->quoteName($fields['catid']));
+				->join(
+					'LEFT',
+					$db->quoteName('#__categories', 'c'),
+					$db->quoteName('c.id') . ' = ' . $db->quoteName($fields['catid'])
+				);
 
 			$groupby[] = 'c.title';
 			$groupby[] = $fields['catid'];
@@ -320,7 +340,11 @@ protected function getListQuery()
 			// Join over the menu types.
 			$query->select($db->quoteName('mt.title', 'menutype_title'))
 				->select($db->quoteName('mt.id', 'menutypeid'))
-				->join('LEFT', $db->quoteName('#__menu_types', 'mt') . ' ON ' . $db->quoteName('mt.menutype') . ' = ' . $db->quoteName($fields['menutype']));
+				->join(
+					'LEFT',
+					$db->quoteName('#__menu_types', 'mt'),
+					$db->quoteName('mt.menutype') . ' = ' . $db->quoteName($fields['menutype'])
+				);
 
 			$groupby[] = 'mt.title';
 			$groupby[] = 'mt.id';
@@ -334,15 +358,20 @@ protected function getListQuery()
 
 			// Join over the access levels.
 			$query->select($db->quoteName('ag.title', 'access_level'))
-				->join('LEFT', $db->quoteName('#__viewlevels', 'ag') . ' ON ' . $db->quoteName('ag.id') . ' = ' . $db->quoteName($fields['access']));
+				->join(
+					'LEFT',
+					$db->quoteName('#__viewlevels', 'ag'),
+					$db->quoteName('ag.id') . ' = ' . $db->quoteName($fields['access'])
+				);
 
 			$groupby[] = 'ag.title';
 			$groupby[] = $fields['access'];
 
 			// Implement View Level Access.
 			if (!$user->authorise('core.admin', $extensionName))
 			{
-				$query->where($fields['access'] . ' IN (' . implode(',', $user->getAuthorisedViewLevels()) . ')');
+				$groups = $user->getAuthorisedViewLevels();
+				$query->whereIn($db->quoteName($fields['access']), $groups);
 			}
 		}
 
@@ -356,33 +385,39 @@ protected function getListQuery()
 		// If component item type is category we need to remove all other component categories.
 		if ($typeName === 'category')
 		{
-			$query->where($db->quoteName('a.extension') . ' = ' . $db->quote($extensionName));
+			$query->where($db->quoteName('a.extension') . ' = :extensionname')
+				->bind(':extensionname', $extensionName);
 		}
 		elseif ($typeNameExploded = explode('.', $typeName))
 		{
 			if (count($typeNameExploded) > 1 && array_pop($typeNameExploded) === 'category')
 			{
 				$section = implode('.', $typeNameExploded);
-				$query->where($db->quoteName('a.extension') . ' = ' . $db->quote($extensionName . '.' . $section));
+				$extensionNameSection = $extensionName . '.' . $section;
+				$query->where($db->quoteName('a.extension') . ' = :extensionsection')
+					->bind(':extensionsection', $extensionNameSection);
 			}
 		}
 
 		// Filter on the language.
 		if ($language = $this->getState('language'))
 		{
-			$query->where($db->quoteName($fields['language']) . ' = ' . $db->quote($language));
+			$query->where($db->quoteName($fields['language']) . ' = :language')
+				->bind(':language', $language);
 		}
 
 		// Filter by item state.
 		$state = $this->getState('filter.state');
 
 		if (is_numeric($state))
 		{
-			$query->where($db->quoteName($fields['state']) . ' = ' . (int) $state);
+			$state = (int) $state;
+			$query->where($db->quoteName($fields['state']) . ' = :state')
+				->bind(':state', $state, ParameterType::INTEGER);
 		}
 		elseif ($state === '')
 		{
-			$query->where($db->quoteName($fields['state']) . ' IN (0, 1)');
+			$query->whereIn($db->quoteName($fields['state']), [0, 1]);
 		}
 
 		// Filter on the category.
@@ -394,41 +429,54 @@ protected function getListQuery()
 			$categoryTable->load($categoryId);
 			$baselevel = (int) $categoryTable->level;
 
-			$query->where($db->quoteName('c.lft') . ' >= ' . (int) $categoryTable->lft)
-				->where($db->quoteName('c.rgt') . ' <= ' . (int) $categoryTable->rgt);
+			$lft = (int) $categoryTable->lft;
+			$rgt = (int) $categoryTable->rgt;
+			$query->where($db->quoteName('c.lft') . ' >= :lft')
+				->where($db->quoteName('c.rgt') . ' <= :rgt')
+				->bind(':lft', $lft, ParameterType::INTEGER)
+				->bind(':rgt', $rgt, ParameterType::INTEGER);
 		}
 
 		// Filter on the level.
 		if ($level = $this->getState('filter.level'))
 		{
-			$query->where($db->quoteName('a.level') . ' <= ' . ((int) $level + (int) $baselevel - 1));
+			$queryLevel = ((int) $level + (int) $baselevel - 1);
+			$query->where($db->quoteName('a.level') . ' <= :alevel')
+				->bind(':alevel', $queryLevel, ParameterType::INTEGER);
 		}
 
 		// Filter by menu type.
 		if ($menutype = $this->getState('filter.menutype'))
 		{
-			$query->where($fields['menutype'] . ' = ' . $db->quote($menutype));
+			$query->where($db->quoteName($fields['menutype']) . ' = :menutype2')
+				->bind(':menutype2', $menutype);
 		}
 
 		// Filter by access level.
 		if ($access = $this->getState('filter.access'))
 		{
-			$query->where($fields['access'] . ' = ' . (int) $access);
+			$access = (int) $access;
+			$query->where($db->quoteName($fields['access']) . ' = :access')
+				->bind(':access', $access, ParameterType::INTEGER);
 		}
 
 		// Filter by search in name.
 		if ($search = $this->getState('filter.search'))
 		{
 			if (stripos($search, 'id:') === 0)
 			{
-				$query->where($db->quoteName($fields['id']) . ' = ' . (int) substr($search, 3));
+				$search = (int) substr($search, 3);
+				$query->where($db->quoteName($fields['id']) . ' = :searchid')
+					->bind(':searchid', $search, ParameterType::INTEGER);
 			}
 			else
 			{
-				$search = $db->quote('%' . str_replace(' ', '%', $db->escape(trim($search), true) . '%'));
-				$query->where('(' . $db->quoteName($fields['title']) . ' LIKE ' . $search
-					. ' OR ' . $db->quoteName($fields['alias']) . ' LIKE ' . $search . ')'
-				);
+				$search = '%' . str_replace(' ', '%', trim($search)) . '%';
+				$query->where('(' . $db->quoteName($fields['title']) . ' LIKE :title'
+					. ' OR ' . $db->quoteName($fields['alias']) . ' LIKE :alias)'
+				)
+					->bind(':title', $search)
+					->bind(':alias', $search);
 			}
 		}
 
@@ -463,13 +511,15 @@ public function purge($context = '', $key = '')
 		// Filter by associations context.
 		if ($context)
 		{
-			$query->where($db->quoteName('context') . ' = ' . $db->quote($context));
+			$query->where($db->quoteName('context') . ' = :context')
+				->bind(':context', $context);
 		}
 
 		// Filter by key.
 		if ($key)
 		{
-			$query->where($db->quoteName('key') . ' = ' . $db->quote($key));
+			$query->where($db->quoteName('key') . ' = :key')
+				->bind(':key', $key);
 		}
 
 		$db->setQuery($query);
@@ -516,13 +566,15 @@ public function clean($context = '', $key = '')
 		// Filter by associations context.
 		if ($context)
 		{
-			$query->where($db->quoteName('context') . ' = ' . $db->quote($context));
+			$query->where($db->quoteName('context') . ' = :context')
+				->bind(':context', $context);
 		}
 
 		// Filter by key.
 		if ($key)
 		{
-			$query->where($db->quoteName('key') . ' = ' . $db->quote($key));
+			$query->where($db->quoteName('key') . ' = :key')
+				->bind(':key', $key);
 		}
 
 		$db->setQuery($query);
@@ -536,7 +588,8 @@ public function clean($context = '', $key = '')
 		{
 			$query->clear()
 				->delete($db->quoteName('#__associations'))
-				->where($db->quoteName('key') . ' = ' . $db->quote($value->key));
+				->where($db->quoteName('key') . ' = :valuekey')
+				->bind(':valuekey', $value->key);
 
 			$db->setQuery($query);
 

diff --git a/administrator/components/com_cache/tmpl/cache/default.php b/administrator/components/com_cache/tmpl/cache/default.php
@@ -31,7 +31,7 @@
 					<?php echo Text::_('COM_CACHE_PURGE_INSTRUCTIONS'); ?>
 				</div>
 				<?php echo LayoutHelper::render('joomla.searchtools.default', ['view' => $this]); ?>
-				<?php if (empty($this->items)) : ?>
+				<?php if (!$this->data) : ?>
 					<div class="alert alert-info">
 						<span class="fa fa-info-circle" aria-hidden="true"></span><span class="sr-only"><?php echo Text::_('INFO'); ?></span>
 						<?php echo Text::_('JGLOBAL_NO_MATCHING_RESULTS'); ?>

diff --git a/administrator/components/com_content/tmpl/articles/default.php b/administrator/components/com_content/tmpl/articles/default.php
@@ -249,10 +249,10 @@
 													->removeState(1)
 													->removeState(2)
 													->removeState(-2)
-													->addState(ContentComponent::CONDITION_PUBLISHED, '', 'publish', 'COM_CONTENT_CHANGE_STAGE', ['tip_title' => 'JPUBLISHED'])
-													->addState(ContentComponent::CONDITION_UNPUBLISHED, '', 'unpublish', 'COM_CONTENT_CHANGE_STAGE', ['tip_title' => 'JUNPUBLISHED'])
-													->addState(ContentComponent::CONDITION_ARCHIVED, '', 'archive', 'COM_CONTENT_CHANGE_STAGE', ['tip_title' => 'JARCHIVED'])
-													->addState(ContentComponent::CONDITION_TRASHED, '', 'trash', 'COM_CONTENT_CHANGE_STAGE', ['tip_title' => 'JTRASHED'])
+													->addState(ContentComponent::CONDITION_PUBLISHED, '', 'publish', Text::_('COM_CONTENT_CHANGE_STAGE'), ['tip_title' => Text::_('JPUBLISHED')])
+													->addState(ContentComponent::CONDITION_UNPUBLISHED, '', 'unpublish', Text::_('COM_CONTENT_CHANGE_STAGE'), ['tip_title' => Text::_('JUNPUBLISHED')])
+													->addState(ContentComponent::CONDITION_ARCHIVED, '', 'archive', Text::_('COM_CONTENT_CHANGE_STAGE'), ['tip_title' => Text::_('JARCHIVED')])
+													->addState(ContentComponent::CONDITION_TRASHED, '', 'trash', Text::_('COM_CONTENT_CHANGE_STAGE'), ['tip_title' => Text::_('JTRASHED')])
 													->setLayout('joomla.button.transition-button')
 													->render($item->stage_condition, $i, $options, $item->publish_up, $item->publish_down);
 										?>

diff --git a/administrator/components/com_content/tmpl/featured/default.php b/administrator/components/com_content/tmpl/featured/default.php
@@ -233,10 +233,10 @@
 													->removeState(1)
 													->removeState(2)
 													->removeState(-2)
-													->addState(ContentComponent::CONDITION_PUBLISHED, '', 'publish', 'COM_CONTENT_CHANGE_STAGE', ['tip_title' => 'JPUBLISHED'])
-													->addState(ContentComponent::CONDITION_UNPUBLISHED, '', 'unpublish', 'COM_CONTENT_CHANGE_STAGE', ['tip_title' => 'JUNPUBLISHED'])
-													->addState(ContentComponent::CONDITION_ARCHIVED, '', 'archive', 'COM_CONTENT_CHANGE_STAGE', ['tip_title' => 'JARCHIVED'])
-													->addState(ContentComponent::CONDITION_TRASHED, '', 'trash', 'COM_CONTENT_CHANGE_STAGE', ['tip_title' => 'JTRASHED'])
+													->addState(ContentComponent::CONDITION_PUBLISHED, '', 'publish', Text::_('COM_CONTENT_CHANGE_STAGE'), ['tip_title' => Text::_('JPUBLISHED')])
+													->addState(ContentComponent::CONDITION_UNPUBLISHED, '', 'unpublish', Text::_('COM_CONTENT_CHANGE_STAGE'), ['tip_title' => Text::_('JUNPUBLISHED')])
+													->addState(ContentComponent::CONDITION_ARCHIVED, '', 'archive', Text::_('COM_CONTENT_CHANGE_STAGE'), ['tip_title' => Text::_('JARCHIVED')])
+													->addState(ContentComponent::CONDITION_TRASHED, '', 'trash', Text::_('COM_CONTENT_CHANGE_STAGE'), ['tip_title' => Text::_('JTRASHED')])
 													->setLayout('joomla.button.transition-button')
 													->render($item->stage_condition, $i, $options, $item->publish_up, $item->publish_down);
 										?>

diff --git a/administrator/components/com_menus/Controller/ItemController.php b/administrator/components/com_menus/Controller/ItemController.php
@@ -401,7 +401,6 @@ public function save($key = null, $urlVar = null)
 			}
 
 			$data['link'] = 'index.php?' . urldecode(http_build_query($args, '', '&'));
-			unset($data['request']);
 		}
 
 		// Check for validation errors.

diff --git a/administrator/components/com_menus/Controller/MenuController.php b/administrator/components/com_menus/Controller/MenuController.php
@@ -11,6 +11,7 @@
 
 defined('_JEXEC') or die;
 
+use Joomla\CMS\Filter\InputFilter;
 use Joomla\CMS\Language\Text;
 use Joomla\CMS\MVC\Controller\FormController;
 use Joomla\CMS\Router\Route;
@@ -70,6 +71,8 @@ public function save($key = null, $urlVar = null)
 			return false;
 		}
 
+		$data['menutype'] = InputFilter::getInstance()->clean($data['menutype'], 'TRIM');
+
 		// Populate the row id from the session.
 		$data['id'] = $recordId;
 

diff --git a/administrator/components/com_menus/Controller/MenusController.php b/administrator/components/com_menus/Controller/MenusController.php
@@ -198,10 +198,6 @@ public function resync()
 			return;
 		}
 
-		// Declare variables before binding.
-		$componentId = 0;
-		$itemId      = 0;
-
 		$query = $db->getQuery(true)
 			->update($db->quoteName('#__menu'))
 			->set($db->quoteName('component_id') . ' = :componentId')