Prepare 3.9.25 release

joomla · Feb 27, 2021 · aadf697 · aadf697
1 parent cea0be4
commit aadf697
Show file tree

Hide file tree

Showing 22 changed files with 433 additions and 267 deletions.
diff --git a/administrator/components/com_banners/models/banner.php b/administrator/components/com_banners/models/banner.php
@@ -466,4 +466,31 @@ private function canCreateCategory()
 	{
 		return JFactory::getUser()->authorise('core.create', 'com_banners');
 	}
+
+	/**
+	 * Method to validate the form data.
+	 *
+	 * @param   JForm   $form   The form to validate against.
+	 * @param   array   $data   The data to validate.
+	 * @param   string  $group  The name of the field group to validate.
+	 *
+	 * @return  array|boolean  Array of filtered data if valid, false otherwise.
+	 *
+	 * @see     JFormRule
+	 * @see     JFilterInput
+	 * @since   __DEPLOY_VERSION__
+	 */
+	public function validate($form, $data, $group = null)
+	{
+		// Don't allow to change the users if not allowed to access com_users.
+		if (!JFactory::getUser()->authorise('core.manage', 'com_users'))
+		{
+			if (isset($data['created_by']))
+			{
+				unset($data['created_by']);
+			}
+		}
+
+		return parent::validate($form, $data, $group);
+	}
 }
diff --git a/administrator/components/com_categories/models/category.php b/administrator/components/com_categories/models/category.php
@@ -368,6 +368,15 @@ protected function loadFormData()
 	 */
 	public function validate($form, $data, $group = null)
 	{
+		// Don't allow to change the users if not allowed to access com_users.
+		if (!JFactory::getUser()->authorise('core.manage', 'com_users'))
+		{
+			if (isset($data['created_user_id']))
+			{
+				unset($data['created_user_id']);
+			}
+		}
+
 		if (!JFactory::getUser()->authorise('core.admin', $data['extension']))
 		{
 			if (isset($data['rules']))

diff --git a/administrator/components/com_contact/models/contact.php b/administrator/components/com_contact/models/contact.php
@@ -538,4 +538,31 @@ private function canCreateCategory()
 	{
 		return JFactory::getUser()->authorise('core.create', 'com_contact');
 	}
+
+	/**
+	 * Method to validate the form data.
+	 *
+	 * @param   JForm   $form   The form to validate against.
+	 * @param   array   $data   The data to validate.
+	 * @param   string  $group  The name of the field group to validate.
+	 *
+	 * @return  array|boolean  Array of filtered data if valid, false otherwise.
+	 *
+	 * @see     JFormRule
+	 * @see     JFilterInput
+	 * @since   __DEPLOY_VERSION__
+	 */
+	public function validate($form, $data, $group = null)
+	{
+		// Don't allow to change the users if not allowed to access com_users.
+		if (!JFactory::getUser()->authorise('core.manage', 'com_users'))
+		{
+			if (isset($data['created_by']))
+			{
+				unset($data['created_by']);
+			}
+		}
+
+		return parent::validate($form, $data, $group);
+	}
 }
diff --git a/administrator/components/com_content/models/article.php b/administrator/components/com_content/models/article.php
@@ -382,13 +382,11 @@ public function getForm($data = array(), $loadData = true)
 		 * The front end calls this model and uses a_id to avoid id clashes so we need to check for that first.
 		 * The back end uses id so we use that the rest of the time and set it to 0 by default.
 		 */
-		$id = $jinput->get('a_id', $jinput->get('id', 0));
+		$id = (int) $jinput->get('a_id', $jinput->get('id', 0));
 
 		// Determine correct permissions to check.
-		if ($this->getState('article.id'))
+		if ($id = $this->getState('article.id', $id))
 		{
-			$id = $this->getState('article.id');
-
 			// Existing record. Can only edit in selected categories.
 			$form->setFieldAttribute('catid', 'action', 'core.edit');
 
@@ -404,6 +402,7 @@ public function getForm($data = array(), $loadData = true)
 					|| ($id == 0 && !$user->authorise('core.edit.state', 'com_content')))
 				{
 					$form->setFieldAttribute('catid', 'readonly', 'true');
+					$form->setFieldAttribute('catid', 'required', 'false');
 					$form->setFieldAttribute('catid', 'filter', 'unset');
 				}
 			}
@@ -519,17 +518,12 @@ protected function loadFormData()
 	public function validate($form, $data, $group = null)
 	{
 		// Don't allow to change the users if not allowed to access com_users.
-		if (JFactory::getApplication()->isClient('administrator') && !JFactory::getUser()->authorise('core.manage', 'com_users'))
+		if (!JFactory::getUser()->authorise('core.manage', 'com_users'))
 		{
 			if (isset($data['created_by']))
 			{
 				unset($data['created_by']);
 			}
-
-			if (isset($data['modified_by']))
-			{
-				unset($data['modified_by']);
-			}
 		}
 
 		if (!JFactory::getUser()->authorise('core.admin', 'com_content'))

diff --git a/administrator/components/com_fields/models/field.php b/administrator/components/com_fields/models/field.php
@@ -891,6 +891,15 @@ protected function loadFormData()
 	 */
 	public function validate($form, $data, $group = null)
 	{
+		// Don't allow to change the users if not allowed to access com_users.
+		if (!JFactory::getUser()->authorise('core.manage', 'com_users'))
+		{
+			if (isset($data['created_user_id']))
+			{
+				unset($data['created_user_id']);
+			}
+		}
+
 		if (!JFactory::getUser()->authorise('core.admin', 'com_fields'))
 		{
 			if (isset($data['rules']))

diff --git a/administrator/components/com_fields/models/group.php b/administrator/components/com_fields/models/group.php
@@ -270,6 +270,15 @@ protected function preprocessForm(JForm $form, $data, $group = 'content')
 	 */
 	public function validate($form, $data, $group = null)
 	{
+		// Don't allow to change the users if not allowed to access com_users.
+		if (!JFactory::getUser()->authorise('core.manage', 'com_users'))
+		{
+			if (isset($data['created_by']))
+			{
+				unset($data['created_by']);
+			}
+		}
+
 		if (!JFactory::getUser()->authorise('core.admin', 'com_fields'))
 		{
 			if (isset($data['rules']))

diff --git a/administrator/components/com_media/config.xml b/administrator/components/com_media/config.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <config>
-	<fieldset 
+	<fieldset
 		name="component"
 		label="COM_MEDIA_FIELDSET_OPTIONS_LABEL">
 		<field
@@ -16,16 +16,16 @@
 			name="upload_maxsize"
 			type="number"
 			label="COM_MEDIA_FIELD_MAXIMUM_SIZE_LABEL"
-			description="COM_MEDIA_FIELD_MAXIMUM_SIZE_DESC" 
+			description="COM_MEDIA_FIELD_MAXIMUM_SIZE_DESC"
 			validate="number"
 			min="0"
 			size="50"
 			default="10"
 		/>
 
 		<field
-			name="spacer1" 
-			type="spacer" 
+			name="spacer1"
+			type="spacer"
 			label="COM_MEDIA_FOLDERS_PATH_LABEL"
 			class="text"
 		/>
@@ -34,10 +34,11 @@
 			name="file_path"
 			type="text"
 			label="COM_MEDIA_FIELD_PATH_FILE_FOLDER_LABEL"
-			description="COM_MEDIA_FIELD_PATH_FILE_FOLDER_DESC" 
+			description="COM_MEDIA_FIELD_PATH_FILE_FOLDER_DESC"
 			size="50"
 			default="images"
 			validate="filePath"
+			exclude="administrator|api|bin|cache|cli|components|includes|language|layouts|libraries|media|modules|plugins|templates|tmp"
 		/>
 
 		<field
@@ -48,6 +49,7 @@
 			size="50"
 			default="images"
 			validate="filePath"
+			exclude="administrator|api|bin|cache|cli|components|includes|language|layouts|libraries|modules|plugins|templates|tmp"
 		/>
 
 		<field
@@ -89,7 +91,7 @@
 			name="ignore_extensions"
 			type="text"
 			label="COM_MEDIA_FIELD_IGNORED_EXTENSIONS_LABEL"
-			description="COM_MEDIA_FIELD_IGNORED_EXTENSIONS_DESC" 
+			description="COM_MEDIA_FIELD_IGNORED_EXTENSIONS_DESC"
 			size="50"
 		/>
 

diff --git a/administrator/components/com_media/media.php b/administrator/components/com_media/media.php
@@ -38,7 +38,14 @@
 	$path = 'image_path';
 }
 
-define('COM_MEDIA_BASE', JPATH_ROOT . '/' . $params->get($path, 'images'));
+$mediaBaseDir = JPATH_ROOT . '/' . $params->get($path, 'images');
+
+if (!is_dir($mediaBaseDir))
+{
+	throw new \InvalidArgumentException(JText::_('JERROR_AN_ERROR_HAS_OCCURRED'), 404);
+}
+
+define('COM_MEDIA_BASE', $mediaBaseDir);
 define('COM_MEDIA_BASEURL', JUri::root() . $params->get($path, 'images'));
 
 $controller = JControllerLegacy::getInstance('Media', array('base_path' => JPATH_COMPONENT_ADMINISTRATOR));

diff --git a/administrator/components/com_newsfeeds/models/newsfeed.php b/administrator/components/com_newsfeeds/models/newsfeed.php
@@ -453,4 +453,31 @@ private function canCreateCategory()
 	{
 		return JFactory::getUser()->authorise('core.create', 'com_newsfeeds');
 	}
+
+	/**
+	 * Method to validate the form data.
+	 *
+	 * @param   JForm   $form   The form to validate against.
+	 * @param   array   $data   The data to validate.
+	 * @param   string  $group  The name of the field group to validate.
+	 *
+	 * @return  array|boolean  Array of filtered data if valid, false otherwise.
+	 *
+	 * @see     JFormRule
+	 * @see     JFilterInput
+	 * @since   __DEPLOY_VERSION__
+	 */
+	public function validate($form, $data, $group = null)
+	{
+		// Don't allow to change the users if not allowed to access com_users.
+		if (!JFactory::getUser()->authorise('core.manage', 'com_users'))
+		{
+			if (isset($data['created_by']))
+			{
+				unset($data['created_by']);
+			}
+		}
+
+		return parent::validate($form, $data, $group);
+	}
 }