Merge remote-tracking branch 'upstream/staging' into j3/bug/gmail-ver…

…ify-peer
joomla · Feb 10, 2021 · b31f21c · b31f21c
2 parents 506dec0 + e6cbda0
commit b31f21c
Show file tree

Hide file tree

Showing 321 changed files with 12,804 additions and 10,120 deletions.
diff --git a/.drone.yml b/.drone.yml
@@ -11,6 +11,8 @@ steps:
   image: joomlaprojects/docker-images:php7.4
   commands:
   - php -v
+  - git config --global url."git://".insteadOf https://
+  - git config --global url."ssh://".insteadOf https://
   - composer install
   - composer require phpmd/phpmd
   volumes:
@@ -722,6 +724,6 @@ steps:
 
 ---
 kind: signature
-hmac: 891055d296eb627e4c15bb3a6e672a3171d33e74f73d916075cf384b5c9a552e
+hmac: cbef4bc42fe32344786211da2373cc3f6899ed9d40c31678f93fe24dce99a0d6
 
 ...
diff --git a/.editorconfig b/.editorconfig
@@ -1,4 +1,4 @@
-# EditorConfig is awesome: http://EditorConfig.org
+# EditorConfig is awesome: https://EditorConfig.org
 
 # top-most EditorConfig file
 root = true

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -11,7 +11,7 @@ This document outlines security procedures and policies for the `Joomla! Project
 
 The `Joomla` team and community take all security bugs in `Joomla` seriously. The Joomla! Security Strike Team (JSST) oversees the project's security issues and follows some specific procedures when dealing with these issues.
 
-If you find a possible vulnerability, please report it to the JSST using the [online form](https://developer.joomla.org/security/contact-the-team.html) or via email at security@joomla.org 
+If you find a possible vulnerability, please report it to the JSST using the [online form](https://developer.joomla.org/security/contact-the-team.html) or via email at security@joomla.org
 
 We maintain a list of [GPG keys and addresses](https://developer.joomla.org/security/gpg-keys.html) for the security@joomla.org address and members of the JSST to allow signed and encrypted communications.
 

diff --git a/.gitignore b/.gitignore
@@ -70,6 +70,7 @@ Desktop.ini
 # Extra files installed by Composer not needed in the CMS environment
 # This should only ignore files like unit testing or READMEs, production
 # code must remain to ensure all libraries properly function
+/libraries/vendor/bin
 /libraries/vendor/brumann/polyfill-unserialize/.gitattributes
 /libraries/vendor/brumann/polyfill-unserialize/.gitignore
 /libraries/vendor/brumann/polyfill-unserialize/.travis.yml
@@ -97,6 +98,8 @@ Desktop.ini
 /libraries/vendor/joomla/*/.github
 /libraries/vendor/joomla/*/.gitignore
 /libraries/vendor/joomla/*/.gitmodules
+/libraries/vendor/joomla/*/.drone.jsonnet
+/libraries/vendor/joomla/*/.drone.yml
 /libraries/vendor/joomla/*/docs
 /libraries/vendor/joomla/*/Tests
 /libraries/vendor/joomla/*/vendor
@@ -118,12 +121,15 @@ Desktop.ini
 /libraries/vendor/joomla/session/Joomla/Session/ruleset.xml
 /libraries/vendor/leafo/lessphp/docs
 /libraries/vendor/leafo/lessphp/tests
+/libraries/vendor/leafo/lessphp/.drone.yml
 /libraries/vendor/leafo/lessphp/.gitignore
 /libraries/vendor/leafo/lessphp/.travis.yml
 /libraries/vendor/leafo/lessphp/composer.json
 /libraries/vendor/leafo/lessphp/Makefile
 /libraries/vendor/leafo/lessphp/package.sh
+/libraries/vendor/leafo/lessphp/phpunit.xml.dist
 /libraries/vendor/leafo/lessphp/README.md
+/libraries/vendor/leafo/lessphp/ruleset.xml
 /libraries/vendor/paragonie/random_compat/.gitignore
 /libraries/vendor/paragonie/random_compat/.scrutinizer.yml
 /libraries/vendor/paragonie/random_compat/.travis.yml

diff --git a/administrator/components/com_admin/models/profile.php b/administrator/components/com_admin/models/profile.php
@@ -140,7 +140,7 @@ public function save($data)
 		}
 
 		// Handle the two factor authentication setup
-		if (array_key_exists('twofactor', $data))
+		if (isset($data['twofactor']['method']))
 		{
 			$twoFactorMethod = $data['twofactor']['method'];
 

diff --git a/administrator/components/com_admin/script.php b/administrator/components/com_admin/script.php
@@ -1519,7 +1519,6 @@ public function deleteUnexistingFiles()
 			'/media/editors/tinymce/skins/lightgray/fonts/tinymce.dev.svg',
 			'/media/editors/tinymce/skins/lightgray/img/wline.gif',
 			'/media/mod_languages/images/km_kr.gif',
-			'/media/mod_languages/images/si_LK.gif',
 			'/plugins/editors/codemirror/styles.css',
 			'/plugins/editors/codemirror/styles.min.css',
 
@@ -1539,7 +1538,6 @@ public function deleteUnexistingFiles()
 			'/libraries/simplepie/idn/idna_convert.class.php',
 			'/libraries/simplepie/idn/npdata.ser',
 			'/libraries/simplepie/simplepie.php',
-			'/media/mod_languages/images/si_lk.gif',
 			'/media/system/js/permissions.min.js',
 			'/plugins/editors/tinymce/fields/skins.php',
 			'/plugins/user/profile/fields/dob.php',
@@ -2036,6 +2034,23 @@ public function deleteUnexistingFiles()
 
 			// Joomla! 3.9.21
 			'/.github/SECURITY.md',
+
+			// Joomla! 3.9.23
+			'/.drone.jsonnet',
+
+			// Joomla! added by the 3.9.23-rc1
+			'/libraries/vendor/bin/lessify',
+			'/libraries/vendor/bin/lessify.bat',
+			'/libraries/vendor/bin/plessc',
+			'/libraries/vendor/bin/plessc.bat',
+			'/libraries/vendor/joomla/archive/.drone.jsonnet',
+			'/libraries/vendor/joomla/archive/.drone.yml',
+			'/libraries/vendor/joomla/string/.drone.jsonnet',
+			'/libraries/vendor/joomla/string/.drone.yml',
+			'/libraries/vendor/leafo/lessphp/.drone.yml',
+			'/libraries/vendor/leafo/lessphp/phpunit.xml.dist',
+			'/libraries/vendor/leafo/lessphp/ruleset.xml',
+
 		);
 
 		// TODO There is an issue while deleting folders using the ftp mode
@@ -2307,6 +2322,8 @@ public function deleteUnexistingFiles()
 		{
 			JFile::delete(JPATH_ROOT . '/administrator/manifests/packages/pkg_weblinks.xml');
 		}
+
+		$this->fixFilenameCasing();
 	}
 
 	/**
@@ -2640,4 +2657,67 @@ private function cleanJoomlaCache()
 		$model->setState('client_id', 1);
 		$model->clean();
 	}
+
+	/**
+	 * Renames or removes incorrectly cased files.
+	 *
+	 * @return  void
+	 *
+	 * @since   __DEPLOY_VERSION__
+	 */
+	protected function fixFilenameCasing()
+	{
+		$files = array(
+			'libraries/src/Filesystem/Support/Stringcontroller.php' => 'libraries/src/Filesystem/Support/StringController.php',
+			'libraries/vendor/paragonie/sodium_compat/src/Core/Xsalsa20.php' => 'libraries/vendor/paragonie/sodium_compat/src/Core/XSalsa20.php',
+			'media/mod_languages/images/si_LK.gif' => 'media/mod_languages/images/si_lk.gif',
+		);
+
+		foreach ($files as $old => $expected)
+		{
+			$oldRealpath = realpath(JPATH_ROOT . '/' . $old);
+
+			// On Unix without incorrectly cased file.
+			if ($oldRealpath === false)
+			{
+				continue;
+			}
+
+			$oldBasename      = basename($oldRealpath);
+			$newRealpath      = realpath(JPATH_ROOT . '/' . $expected);
+			$newBasename      = basename($newRealpath);
+			$expectedBasename = basename($expected);
+
+			// On Windows or Unix with only the incorrectly cased file.
+			if ($newBasename !== $expectedBasename)
+			{
+				// Rename the file.
+				rename(JPATH_ROOT . '/' . $old, JPATH_ROOT . '/' . $old . '.tmp');
+				rename(JPATH_ROOT . '/' . $old . '.tmp', JPATH_ROOT . '/' . $expected);
+
+				continue;
+			}
+
+			// There might still be an incorrectly cased file on other OS than Windows.
+			if ($oldBasename === basename($old))
+			{
+				// Check if case-insensitive file system, eg on OSX.
+				if (fileinode($oldRealpath) === fileinode($newRealpath))
+				{
+					// Check deeper because even realpath or glob might not return the actual case.
+					if (!in_array($expectedBasename, scandir(dirname($newRealpath))))
+					{
+						// Rename the file.
+						rename(JPATH_ROOT . '/' . $old, JPATH_ROOT . '/' . $old . '.tmp');
+						rename(JPATH_ROOT . '/' . $old . '.tmp', JPATH_ROOT . '/' . $expected);
+					}
+				}
+				else
+				{
+					// On Unix with both files: Delete the incorrectly cased file.
+					unlink(JPATH_ROOT . '/' . $old);
+				}
+			}
+		}
+	}
 }
diff --git a/administrator/components/com_categories/models/category.php b/administrator/components/com_categories/models/category.php
@@ -353,6 +353,32 @@ protected function loadFormData()
 		return $data;
 	}
 
+	/**
+	 * Method to validate the form data.
+	 *
+	 * @param   JForm   $form   The form to validate against.
+	 * @param   array   $data   The data to validate.
+	 * @param   string  $group  The name of the field group to validate.
+	 *
+	 * @return  array|boolean  Array of filtered data if valid, false otherwise.
+	 *
+	 * @see     JFormRule
+	 * @see     JFilterInput
+	 * @since   3.9.23
+	 */
+	public function validate($form, $data, $group = null)
+	{
+		if (!JFactory::getUser()->authorise('core.admin', $data['extension']))
+		{
+			if (isset($data['rules']))
+			{
+				unset($data['rules']);
+			}
+		}
+
+		return parent::validate($form, $data, $group);
+	}
+
 	/**
 	 * Method to preprocess the form.
 	 *
@@ -756,19 +782,19 @@ public function rebuild()
 	 * First we save the new order values in the lft values of the changed ids.
 	 * Then we invoke the table rebuild to implement the new ordering.
 	 *
-	 * @param   array    $idArray    An array of primary key ids.
-	 * @param   integer  $lft_array  The lft value
+	 * @param   array    $idArray   An array of primary key ids.
+	 * @param   integer  $lftArray  The lft value
 	 *
 	 * @return  boolean  False on failure or error, True otherwise
 	 *
 	 * @since   1.6
 	 */
-	public function saveorder($idArray = null, $lft_array = null)
+	public function saveorder($idArray = null, $lftArray = null)
 	{
 		// Get an instance of the table object.
 		$table = $this->getTable();
 
-		if (!$table->saveorder($idArray, $lft_array))
+		if (!$table->saveorder($idArray, $lftArray))
 		{
 			$this->setError($table->getError());
 
@@ -1259,14 +1285,14 @@ protected function batchMove($value, $pks, $contexts)
 	/**
 	 * Custom clean the cache of com_content and content modules
 	 *
-	 * @param   string   $group      Cache group name.
-	 * @param   integer  $client_id  Application client id.
+	 * @param   string   $group     Cache group name.
+	 * @param   integer  $clientId  Application client id.
 	 *
 	 * @return  void
 	 *
 	 * @since   1.6
 	 */
-	protected function cleanCache($group = null, $client_id = 0)
+	protected function cleanCache($group = null, $clientId = 0)
 	{
 		$extension = JFactory::getApplication()->input->get('extension');
 
@@ -1290,20 +1316,20 @@ protected function cleanCache($group = null, $client_id = 0)
 	/**
 	 * Method to change the title & alias.
 	 *
-	 * @param   integer  $parent_id  The id of the parent.
-	 * @param   string   $alias      The alias.
-	 * @param   string   $title      The title.
+	 * @param   integer  $parentId  The id of the parent.
+	 * @param   string   $alias     The alias.
+	 * @param   string   $title     The title.
 	 *
 	 * @return  array    Contains the modified title and alias.
 	 *
 	 * @since   1.7
 	 */
-	protected function generateNewTitle($parent_id, $alias, $title)
+	protected function generateNewTitle($parentId, $alias, $title)
 	{
 		// Alter the title & alias
 		$table = $this->getTable();
 
-		while ($table->load(array('alias' => $alias, 'parent_id' => $parent_id)))
+		while ($table->load(array('alias' => $alias, 'parent_id' => $parentId)))
 		{
 			$title = StringHelper::increment($title);
 			$alias = StringHelper::increment($alias, 'dash');

diff --git a/administrator/components/com_categories/views/categories/tmpl/default_batch_body.php b/administrator/components/com_categories/views/categories/tmpl/default_batch_body.php
@@ -12,7 +12,7 @@
 	JHtml::_('select.option', 'c', JText::_('JLIB_HTML_BATCH_COPY')),
 	JHtml::_('select.option', 'm', JText::_('JLIB_HTML_BATCH_MOVE'))
 );
-$published = $this->state->get('filter.published');
+$published = (int) $this->state->get('filter.published');
 $extension = $this->escape($this->state->get('filter.extension'));
 ?>
 
@@ -39,7 +39,7 @@
 					<div id="batch-choose-action" class="combo controls">
 						<select name="batch[category_id]" id="batch-category-id">
 							<option value=""><?php echo JText::_('JLIB_HTML_BATCH_NO_CATEGORY') ?></option>
-							<?php echo JHtml::_('select.options', JHtml::_('category.categories', $extension, array('filter.published' => $published))); ?>
+							<?php echo JHtml::_('select.options', JHtml::_('category.categories', $extension, array('filter.published' => $this->state->get('filter.published')))); ?>
 						</select>
 					</div>
 				</div>

diff --git a/administrator/components/com_config/controller/application/save.php b/administrator/components/com_config/controller/application/save.php
@@ -46,6 +46,9 @@ public function execute()
 			$this->app->redirect('index.php');
 		}
 
+		// Clear the data from the session.
+		$this->app->setUserState('com_config.config.global.data', null);
+
 		// Set FTP credentials, if given.
 		JClientHelper::setCredentialsFromRequest('ftp');
 
@@ -54,6 +57,7 @@ public function execute()
 
 		// Complete data array if needed
 		$oldData = $model->getData();
+
 		$data = array_replace($oldData, $data);
 
 		// Get request type
@@ -116,9 +120,6 @@ public function execute()
 		// Set the success message.
 		$this->app->enqueueMessage(JText::_('COM_CONFIG_SAVE_SUCCESS'), 'message');
 
-		// Clear the data from the session.
-		$this->app->setUserState('com_config.config.global.data', null);
-
 		// Set the redirect based on the task.
 		switch ($this->options[3])
 		{

diff --git a/administrator/components/com_config/controller/application/sendtestmail.php b/administrator/components/com_config/controller/application/sendtestmail.php
@@ -30,7 +30,7 @@ public function execute()
 		$this->app->sendHeaders();
 
 		// Check if user token is valid.
-		if (!JSession::checkToken('get'))
+		if (!JSession::checkToken())
 		{
 			$this->app->enqueueMessage(JText::_('JINVALID_TOKEN'), 'error');
 			echo new JResponseJson;