Skip to content
Permalink
Browse files

Merge branch '4.0-dev' into drop_server_config_files

  • Loading branch information...
zero-24 committed Sep 3, 2019
2 parents 82630e3 + c021233 commit 77aa38945c827aa7a15ded8a396213cef5c5794c
Showing 483 changed files with 4,200 additions and 3,229 deletions.
@@ -15,12 +15,14 @@ environment:
matrix:
- php_ver_target: 7.2
DLLVersion: "5.3.0"
WINCACHE: "2.0.0.8"
- php_ver_target: 7.3
WINCACHE: "2.0.0.8"

init:
- SET PATH=C:\Program Files\OpenSSL;C:\tools\php;%PATH%
- SET COMPOSER_NO_INTERACTION=1
- SET PHP=1 # This var relates to caching the php install
- SET PHP=1 # This var relates to caching the php install
- SET ANSICON=121x90 (121x90)
services:
- mssql2014
@@ -52,10 +54,11 @@ install:
$source = "https://windows.php.net/downloads/pecl/releases/pdo_sqlsrv/$($env:DLLVersion)/php_pdo_sqlsrv-$($env:DLLVersion)-$($env:php_ver_target)-nts-$($env:VC)-$($env:PHPBuild).zip"
$destination = "c:\tools\php\ext\php_pdo_sqlsrv-$($env:DLLVersion)-$($env:php_ver_target)-nts-$($env:VC)-$($env:PHPBuild).zip"
Invoke-WebRequest $source -OutFile $destination
#appveyor-retry appveyor DownloadFile http://windows.php.net/downloads/pecl/releases/pdo_sqlsrv/$($env:DLLVersion)/php_pdo_sqlsrv-$($env:DLLVersion)-$($env:php_ver_target)-nts-$($env:VC)-$($env:PHPBuild).zip
#appveyor-retry appveyor DownloadFile https://windows.php.net/downloads/pecl/releases/pdo_sqlsrv/$($env:DLLVersion)/php_pdo_sqlsrv-$($env:DLLVersion)-$($env:php_ver_target)-nts-$($env:VC)-$($env:PHPBuild).zip
7z x -y php_pdo_sqlsrv-$($env:DLLVersion)-$($env:php_ver_target)-nts-$($env:VC)-$($env:PHPBuild).zip > $null
Remove-Item c:\tools\php\ext* -include .zip
cd c:\tools\php}
cd c:\tools\php
}
- IF %PHP%==1 copy php.ini-production php.ini /Y
- IF %PHP%==1 echo date.timezone="UTC" >> php.ini
- IF %PHP%==1 echo extension_dir=ext >> php.ini
@@ -80,18 +83,19 @@ install:
- IF %PHP%==1 echo extension=php_curl.dll >> php.ini
# Get the Wincache DLLs
- ps: >-
If ($env:PHP -eq "1") {
$wincache = "2.0.0.8"
If ($env:PHP -eq "1" -and $env:WINCACHE) {
cd c:\tools\php\ext
$source = "http://windows.php.net/downloads/pecl/releases/wincache/$($wincache)/php_wincache-$($wincache)-$($env:php_ver_target)-nts-$($env:VC)-$($env:PHPBuild).zip"
$destination = "c:\tools\php\ext\php_wincache-$($wincache)-$($env:php_ver_target)-nts-$($env:VC)-$($env:PHPBuild).zip"
$source = "https://windows.php.net/downloads/pecl/releases/wincache/$($env:WINCACHE)/php_wincache-$($env:WINCACHE)-$($env:php_ver_target)-nts-$($env:VC)-$($env:PHPBuild).zip"
$destination = "c:\tools\php\ext\php_wincache-$($env:WINCACHE)-$($env:php_ver_target)-nts-$($env:VC)-$($env:PHPBuild).zip"
Invoke-WebRequest $source -OutFile $destination
#appveyor-retry appveyor DownloadFile http://windows.php.net/downloads/pecl/releases/wincache/$($wincache)/php_wincache-$($wincache)-$($env:php_ver_target)-nts-$($env:VC)-$($env:PHPBuild).zip
7z x -y php_wincache-$($wincache)-$($env:php_ver_target)-nts-$($env:VC)-$($env:PHPBuild).zip > $null
#appveyor-retry appveyor DownloadFile https://windows.php.net/downloads/pecl/releases/wincache/$($env:WINCACHE)/php_wincache-$($env:WINCACHE)-$($env:php_ver_target)-nts-$($env:VC)-$($env:PHPBuild).zip
7z x -y php_wincache-$($env:WINCACHE)-$($env:php_ver_target)-nts-$($env:VC)-$($env:PHPBuild).zip > $null
Remove-Item C:\tools\php\ext* -include .zip
cd c:\tools\php}
- IF %PHP%==1 echo extension=php_wincache.dll >> php.ini
- IF %PHP%==1 echo wincache.enablecli = 1 >> php.ini
cd c:\tools\php
Add-Content php.ini "`nextension=php_wincache.dll"
Add-Content php.ini "`wincache.enablecli = 1"
Add-Content php.ini "`n"
}
- IF %PHP%==1 echo zend_extension=php_opcache.dll >> php.ini
- IF %PHP%==1 echo opcache.enable_cli=1 >> php.ini
- IF %PHP%==1 echo extension=php_ldap.dll >> php.ini
@@ -10,3 +10,7 @@ end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true

[*.{js,scss,css}]
indent_style = space
indent_size = 2
@@ -0,0 +1 @@
custom: https://community.joomla.org/sponsorship-campaigns.html
@@ -9,9 +9,7 @@ This document outlines security procedures and policies for the `Joomla! Project

## Reporting a Bug

The `Joomla` team and community take all security bugs in `Joomla` seriously.

The Joomla! Project takes security vulnerabilities very seriously. As such, the Joomla! Security Strike Team (JSST) oversees the project's security issues and follows some specific procedures when dealing with these issues.
The `Joomla` team and community take all security bugs in `Joomla` seriously. The Joomla! Security Strike Team (JSST) oversees the project's security issues and follows some specific procedures when dealing with these issues.

If you find a possible vulnerability, please report it to the JSST using the [online form](https://developer.joomla.org/security/contact-the-team.html) or via email at security@joomla.org

@@ -25,7 +23,7 @@ Thank you for improving the security of `Joomla`.

## Response Handling

The JSST aims to ensure all issues are handled in a timely manner and for clear communication between the team and issue reporters. As such, we have established the following guidelines for responding to issue reports:
The JSST aims to ensure all issues are handled in a timely manner and for clear communication between the team and issue reporters. We have established the following guidelines for responding to issue reports:

* Within 24 hours every report gets acknowledged
* Within 7 days every report gets a further response stating either
@@ -58,12 +58,12 @@ protected function getOptions()
// Construct the query
$query = $db->getQuery(true)
->select($db->quoteName('u.id', 'value'))
->select($db->quoteName('u.name', 'text'))
->select($db->quoteName('u.username', 'text'))
->from($db->quoteName('#__users', 'u'))
->join('INNER', $db->quoteName('#__action_logs', 'c') . ' ON ' . $db->quoteName('c.user_id') . ' = ' . $db->quoteName('u.id'))
->group($db->quoteName('u.id'))
->group($db->quoteName('u.name'))
->order($db->quoteName('u.name'));
->group($db->quoteName('u.username'))
->order($db->quoteName('u.username'));
// Setup the query
$db->setQuery($query);
@@ -26,6 +26,14 @@
*/
class ActionlogsHelper
{
/**
* Array of characters starting a formula
*
* @var array
* @since 3.9.7
*/
private static $characters = array('=', '+', '-', '@');
/**
* Method to convert logs objects array to an iterable type for use with a CSV export
*
@@ -49,6 +57,8 @@ public static function getCsvData($data): Generator
);
}
$disabledText = Text::_('COM_ACTIONLOGS_DISABLED');
// Header row
yield ['Id', 'Message', 'Date', 'Extension', 'User', 'Ip'];
@@ -58,14 +68,14 @@ public static function getCsvData($data): Generator
static::loadTranslationFiles($extension);
yield [
yield array(
'id' => $log->id,
'message' => strip_tags(static::getHumanReadableLogMessage($log, false)),
'message' => self::escapeCsvFormula(strip_tags(static::getHumanReadableLogMessage($log, false))),
'date' => (new Date($log->log_date, new \DateTimeZone('UTC')))->format('Y-m-d H:i:s T'),
'extension' => Text::_($extension),
'name' => $log->name,
'ip_address' => Text::_($log->ip_address),
];
'extension' => self::escapeCsvFormula(Text::_($extension)),
'name' => self::escapeCsvFormula($log->name),
'ip_address' => self::escapeCsvFormula($log->ip_address === 'COM_ACTIONLOGS_DISABLED' ? $disabledText : $log->ip_address)
);
}
}
@@ -196,7 +206,7 @@ public static function getHumanReadableLogMessage($log, $generateLinks = true)
$messageData['type'] = Text::_($messageData['type']);
}
$linkMode = Factory::getApplication()->get('force_ssl', 0) >= 1 ? 1 : -1;
$linkMode = Factory::getApplication()->get('force_ssl', 0) >= 1 ? Route::TLS_FORCE : Route::TLS_IGNORE;
foreach ($messageData as $key => $value)
{
@@ -330,4 +340,28 @@ public static function loadActionLogPluginsLanguage()
// Load com_privacy too.
$lang->load('com_privacy', JPATH_ADMINISTRATOR, null, false, true);
}
/**
* Escapes potential characters that start a formula in a CSV value to prevent injection attacks
*
* @param mixed $value csv field value
*
* @return mixed
*
* @since 3.9.7
*/
protected static function escapeCsvFormula($value)
{
if ($value == '')
{
return $value;
}
if (in_array($value[0], self::$characters, true))
{
$value = ' ' . $value;
}
return $value;
}
}
@@ -530,7 +530,7 @@ public function getDirectory($public = false)
foreach ($admin_langs as $folder)
{
if (!$folder->isDir() || $folder->isDot())
if ($folder->isDot() || !$folder->isDir())
{
continue;
}
@@ -546,7 +546,7 @@ public function getDirectory($public = false)
foreach ($manifests as $folder)
{
if (!$folder->isDir() || $folder->isDot())
if ($folder->isDot() || !$folder->isDir())
{
continue;
}
@@ -569,7 +569,7 @@ public function getDirectory($public = false)
foreach ($image_folders as $folder)
{
if (!$folder->isDir() || $folder->isDot())
if ($folder->isDot() || !$folder->isDir())
{
continue;
}
@@ -587,7 +587,7 @@ public function getDirectory($public = false)
foreach ($site_langs as $folder)
{
if (!$folder->isDir() || $folder->isDot())
if ($folder->isDot() || !$folder->isDir())
{
continue;
}
@@ -605,7 +605,7 @@ public function getDirectory($public = false)
foreach ($plugin_groups as $folder)
{
if (!$folder->isDir() || $folder->isDot())
if ($folder->isDot() || !$folder->isDir())
{
continue;
}
@@ -0,0 +1 @@
ALTER TABLE `#__template_styles` MODIFY `home` char(7) NOT NULL DEFAULT '0';
@@ -0,0 +1 @@
ALTER TABLE `#__session` ADD INDEX `client_id_guest` (`client_id`, `guest`);
@@ -0,0 +1 @@
UPDATE `#__content_types` SET `content_history_options` = REPLACE(`content_history_options`, '\"ignoreChanges\":[\"modified_by\", \"modified\", \"checked_out\", \"checked_out_time\", \"version\", \"hits\"]', '\"ignoreChanges\":[\"modified_by\", \"modified\", \"checked_out\", \"checked_out_time\", \"version\", \"hits\", \"ordering\"]');
@@ -0,0 +1 @@
# Query removed, see https://github.com/joomla/joomla-cms/pull/25177
@@ -0,0 +1 @@
UPDATE #__users SET params = REPLACE(params, '",,"', '","');
@@ -0,0 +1,4 @@
ALTER TABLE `#__template_styles` DROP INDEX `idx_home`;
# Query removed, see https://github.com/joomla/joomla-cms/pull/25484
ALTER TABLE `#__template_styles` ADD INDEX `idx_client_id` (`client_id`);
ALTER TABLE `#__template_styles` ADD INDEX `idx_client_id_home` (`client_id`, `home`);
@@ -0,0 +1 @@
INSERT INTO `#__menu` (`id`, `menutype`, `title`, `alias`, `note`, `path`, `link`, `type`, `published`, `parent_id`, `level`, `component_id`, `checked_out`, `checked_out_time`, `browserNav`, `access`, `img`, `template_style_id`, `params`, `lft`, `rgt`, `home`, `language`, `client_id`, `publish_up`, `publish_down`) VALUES (18, 'main', 'com_messages_manager', 'Private Messages', '', 'Messaging/Private Messages', 'index.php?option=com_messages&view=messages', 'component', 1, 10, 2, 15, 0, '0000-00-00 00:00:00', 0, 0, 'class:messages', 0, '', 17, 20, 0, '*', 1, '0000-00-00 00:00:00', '0000-00-00 00:00:00');
@@ -0,0 +1,2 @@
ALTER TABLE "#__template_styles" ALTER COLUMN "home" TYPE character varying(7);
ALTER TABLE "#__template_styles" ALTER COLUMN "home" SET DEFAULT '0';
@@ -0,0 +1 @@
CREATE INDEX "#__session_idx_client_id_guest" ON "#__session" ("client_id", "guest");
@@ -0,0 +1 @@
UPDATE "#__content_types" SET "content_history_options" = REPLACE("content_history_options", '\"ignoreChanges\":[\"modified_by\", \"modified\", \"checked_out\", \"checked_out_time\", \"version\", \"hits\"]', '\"ignoreChanges\":[\"modified_by\", \"modified\", \"checked_out\", \"checked_out_time\", \"version\", \"hits\", \"ordering\"]');
@@ -0,0 +1 @@
# Query removed, see https://github.com/joomla/joomla-cms/pull/25177
@@ -0,0 +1 @@
UPDATE "#__users" SET "params" = REPLACE("params", '",,"', '","');
@@ -0,0 +1,4 @@
DROP INDEX IF EXISTS "#__template_styles_idx_home";
# Queries removed, see https://github.com/joomla/joomla-cms/pull/25484
CREATE INDEX "#__template_styles_idx_client_id" ON "#__template_styles" ("client_id");
CREATE INDEX "#__template_styles_idx_client_id_home" ON "#__template_styles" ("client_id", "home");
@@ -0,0 +1 @@
INSERT INTO "#__menu" ("id", "menutype", "title", "alias", "note", "path", "link", "type", "published", "parent_id", "level", "component_id", "checked_out", "checked_out_time", "browserNav", "access", "img", "template_style_id", "params", "lft", "rgt", "home", "language", "client_id", "publish_up", "publish_down") VALUES (18, 'main', 'com_messages_manager', 'Private Messages', '', 'Messaging/Private Messages', 'index.php?option=com_messages&view=messages', 'component', 1, 10, 2, 15, 0, '1970-01-01 00:00:00', 0, 0, 'class:messages', 0, '', 17, 20, 0, '*', 1, '1970-01-01 00:00:00', '1970-01-01 00:00:00');
@@ -118,8 +118,9 @@ public function display($tpl = null)
$referenceId = $input->get('id', 0, 'int');
$reference = ArrayHelper::fromObject(AssociationsHelper::getItem($extensionName, $typeName, $referenceId));
$this->referenceLanguage = $reference[$languageField];
$this->referenceTitle = AssociationsHelper::getTypeFieldName($extensionName, $typeName, 'title');
$this->referenceLanguage = $reference[$languageField];
$this->referenceTitle = AssociationsHelper::getTypeFieldName($extensionName, $typeName, 'title');
$this->referenceTitleValue = $reference[$this->referenceTitle];
// Check for special case category
$typeNameExploded = explode('.', $typeName);
@@ -82,11 +82,7 @@ public function display($tpl = null)
$link = Route::_('index.php?option=com_plugins&task=plugin.edit&extension_id=' . AssociationsHelper::getLanguagefilterPluginId());
Factory::getApplication()->enqueueMessage(Text::sprintf('COM_ASSOCIATIONS_ERROR_NO_ASSOC', $link), 'warning');
}
elseif ($this->state->get('itemtype') == '' || $this->state->get('language') == '')
{
Factory::getApplication()->enqueueMessage(Text::_('COM_ASSOCIATIONS_NOTICE_NO_SELECTORS'), 'notice');
}
else
elseif ($this->state->get('itemtype') != '' && $this->state->get('language') != '')
{
$type = null;
@@ -19,6 +19,7 @@
HTMLHelper::_('script', 'com_associations/sidebyside.js', ['version' => 'auto', 'relative' => true]);
HTMLHelper::_('stylesheet', 'com_associations/sidebyside.css', ['version' => 'auto', 'relative' => true]);
HTMLHelper::_('webcomponent', 'system/joomla-core-loader.min.js', ['relative' => true, 'version' => 'auto']);
$options = array(
'layout' => $this->app->input->get('layout', '', 'string'),
@@ -43,6 +44,7 @@
data-item="<?php echo $this->typeName; ?>"
data-id="<?php echo $this->referenceId; ?>"
data-title="<?php echo $this->referenceTitle; ?>"
data-title-value="<?php echo $this->referenceTitleValue; ?>"
data-language="<?php echo $this->referenceLanguage; ?>"
data-editurl="<?php echo Route::_($this->editUri); ?>">
</iframe>
@@ -37,7 +37,12 @@
<div class="col-md-12">
<div id="j-main-container" class="j-main-container">
<?php echo LayoutHelper::render('joomla.searchtools.default', array('view' => $this)); ?>
<?php if (empty($this->items)) : ?>
<?php if ($this->state->get('itemtype') == '' || $this->state->get('language') == '') : ?>
<div class="alert alert-info">
<span class="fa fa-info-circle" aria-hidden="true"></span><span class="sr-only"><?php echo Text::_('INFO'); ?></span>
<?php echo Text::_('COM_ASSOCIATIONS_NOTICE_NO_SELECTORS'); ?>
</div>
<?php elseif (empty($this->items)) : ?>
<div class="alert alert-info">
<span class="fa fa-info-circle" aria-hidden="true"></span><span class="sr-only"><?php echo Text::_('INFO'); ?></span>
<?php echo Text::_('JGLOBAL_NO_MATCHING_RESULTS'); ?>
@@ -115,20 +115,17 @@ protected function batchClient($value, $pks, $contexts)
*/
protected function canDelete($record)
{
if (!empty($record->id))
if (empty($record->id) || $record->state != -2)
{
if ($record->state != -2)
{
return false;
}
if (!empty($record->catid))
{
return Factory::getUser()->authorise('core.delete', 'com_banners.category.' . (int) $record->catid);
}
return false;
}
return parent::canDelete($record);
if (!empty($record->catid))
{
return Factory::getUser()->authorise('core.delete', 'com_banners.category.' . (int) $record->catid);
}
return parent::canDelete($record);
}
/**
@@ -376,6 +373,9 @@ protected function preprocessForm(Form $form, $data, $group = 'content')
if ($this->canCreateCategory())
{
$form->setFieldAttribute('catid', 'allowAdd', 'true');
// Add a prefix for categories created on the fly.
$form->setFieldAttribute('catid', 'customPrefix', '#new#');
}
parent::preprocessForm($form, $data, $group);
@@ -394,20 +394,22 @@ public function save($data)
{
$input = Factory::getApplication()->input;
// Cast catid to integer for comparison
$catid = (int) $data['catid'];
// Create new category, if needed.
$createCategory = true;
// Check if New Category exists
if ($catid > 0)
// If category ID is provided, check if it's valid.
if (is_numeric($data['catid']) && $data['catid'])
{
$catid = CategoriesHelper::validateCategoryId($data['catid'], 'com_banners');
$createCategory = !CategoriesHelper::validateCategoryId($data['catid'], 'com_banners');
}
// Save New Category
if ($catid == 0 && $this->canCreateCategory())
if ($createCategory && $this->canCreateCategory())
{
$table = array();
$table['title'] = $data['catid'];
// Remove #new# prefix, if exists.
$table['title'] = strpos($data['catid'], '#new#') === 0 ? substr($data['catid'], 5) : $data['catid'];
$table['parent_id'] = 1;
$table['extension'] = 'com_banners';
$table['language'] = $data['language'];

0 comments on commit 77aa389

Please sign in to comment.
You can’t perform that action at this time.