Bug Fixes / Forbid user to edit Core Joomla UpdateSite

joomla · Jun 12, 2017 · bd377db · bd377db
1 parent 0907a93
commit bd377db
Show file tree

Hide file tree

Showing 7 changed files with 101 additions and 14 deletions.
diff --git a/administrator/components/com_installer/Controller/Updatesite.php b/administrator/components/com_installer/Controller/Updatesite.php
@@ -20,4 +20,37 @@
  */
 class Updatesite extends Form
 {
+	/**
+	 * Edit update site.
+	 *
+	 * @return  void
+	 *
+	 * @since   4.0
+	 */
+	public function edit()
+	{
+		$model = $this->getModel('updatesites');
+
+		//Get the id of the UpdateSite that we are trying to edit
+		$recordId    = $this->input->post->get('cid', array(), 'array')[0];
+
+		//Get the list of the Joomla Core UpdateSites
+		$joomlaUpdateSitesIds = $model->getJoomlaUpdateSitesIds(0);
+
+		if (in_array($recordId, $joomlaUpdateSitesIds))
+		{
+			$this->setMessage(\JText::sprintf('COM_INSTALLER_MSG_UPDATESITES_DELETE_CANNOT_EDIT',reset($model->getJoomlaUpdateSitesNames(array($recordId)))->name), 'error');
+
+			$this->setRedirect(
+				\JRoute::_(
+					'index.php?option=' . $this->option . '&view=' . $this->view_list
+					. $this->getRedirectToListAppend(), false
+				)
+			);
+
+			return false;
+		}
+
+		parent::edit();
+	}
 }
diff --git a/administrator/components/com_installer/Controller/Updatesites.php b/administrator/components/com_installer/Controller/Updatesites.php
@@ -53,7 +53,7 @@ public function rebuild()
 		\JSession::checkToken() or jexit(\JText::_('JINVALID_TOKEN'));
 
 		// Rebuild the update sites.
-		$this->getModel('Updatesites')->rebuild();
+		$this->getModel('updatesites')->rebuild();
 
 		$this->setRedirect(\JRoute::_('index.php?option=com_installer&view=updatesites', false));
 	}

diff --git a/administrator/components/com_installer/Model/Updatesites.php b/administrator/components/com_installer/Model/Updatesites.php
@@ -119,6 +119,40 @@ public function publish(&$eid = array(), $value = 1)
 		return $result;
 	}
 
+	public function edit(&$eid = array(), $value = 1)
+	{
+		if (!\JFactory::getUser()->authorise('core.edit.state', 'com_installer'))
+		{
+			throw new \Exception(\JText::_('JLIB_APPLICATION_ERROR_EDITSTATE_NOT_PERMITTED'), 403);
+		}
+
+		$result = true;
+
+		// Ensure eid is an array of extension ids
+		if (!is_array($eid))
+		{
+			$eid = array($eid);
+		}
+
+		// Get a table object for the extension type
+		$table = new \Joomla\CMS\Table\UpdateSite($this->getDbo());
+
+		// Enable the update site in the table and store it in the database
+		foreach ($eid as $i => $id)
+		{
+			$table->load($id);
+			$table->enabled = $value;
+
+			if (!$table->store())
+			{
+				$this->setError($table->getError());
+				$result = false;
+			}
+		}
+
+		return $result;
+	}
+
 	/**
 	 * Deletes an update site.
 	 *
@@ -148,13 +182,8 @@ public function delete($ids = array())
 
 		$count = 0;
 
-		// Gets the update site names.
-		$query = $db->getQuery(true)
-			->select($db->qn(array('update_site_id', 'name')))
-			->from($db->qn('#__update_sites'))
-			->where($db->qn('update_site_id') . ' IN (' . implode(', ', $ids) . ')');
-		$db->setQuery($query);
-		$updateSitesNames = $db->loadObjectList('update_site_id');
+		// Gets Joomla core update sites names.
+		$updateSitesNames = $this->getJoomlaUpdateSitesNames($ids);
 
 		// Gets Joomla core update sites Ids.
 		$joomlaUpdateSitesIds = $this->getJoomlaUpdateSitesIds(0);
@@ -377,7 +406,7 @@ public function rebuild()
 	 *
 	 * @since   3.6.0
 	 */
-	protected function getJoomlaUpdateSitesIds($column = 0)
+	public function getJoomlaUpdateSitesIds($column = 0)
 	{
 		$db  = $this->getDbo();
 
@@ -398,6 +427,30 @@ protected function getJoomlaUpdateSitesIds($column = 0)
 		return $db->loadColumn($column);
 	}
 
+	/**
+	 * Fetch the Joomla update sites ids.
+	 *
+	 * @param   integer  $column  Column to return. 0 for update site ids, 1 for extension ids.
+	 *
+	 * @return  array  Array with joomla core update site ids.
+	 *
+	 * @since   3.6.0
+	 */
+	public function getJoomlaUpdateSitesNames($ids = array())
+	{
+		$db  = $this->getDbo();
+
+		// Gets the update site names.
+		$query = $db->getQuery(true)
+			->select($db->qn(array('update_site_id', 'name')))
+			->from($db->qn('#__update_sites'))
+			->where($db->qn('update_site_id') . ' IN (' . implode(', ', $ids) . ')');
+		$db->setQuery($query);
+		$updateSitesNames = $db->loadObjectList('update_site_id');
+
+		return $updateSitesNames;
+	}
+
 	/**
 	 * Method to get the database query
 	 *

diff --git a/administrator/components/com_installer/View/Updatesite/Html.php b/administrator/components/com_installer/View/Updatesite/Html.php
@@ -74,7 +74,7 @@ protected function addToolbar()
 		//$checkedOut = !($this->item->checked_out == 0 || $this->item->checked_out == $userId);
 
 		$checkedOut = false;
-		
+
 		// Since we don't track these assets at the item level, use the category id.
 		$canDo = ContentHelper::getActions('com_installer', 'updatesite');
 

diff --git a/administrator/components/com_installer/View/Updatesites/Html.php b/administrator/components/com_installer/View/Updatesites/Html.php
@@ -72,7 +72,7 @@ protected function addToolbar()
 	{
 		$canDo = ContentHelper::getActions('com_installer');
 
-		if (($canDo->get('core.edit')) || ($canDo->get('core.edit.own')))
+		if ($canDo->get('core.edit'))
 		{
 			ToolbarHelper::editList('updatesite.edit');
 		}

diff --git a/administrator/components/com_installer/tmpl/updatesite/edit.php b/administrator/components/com_installer/tmpl/updatesite/edit.php
@@ -16,8 +16,8 @@
 	<div class="form-horizontal">
 		<fieldset class="adminform">
 			<legend><?php echo JText::_('COM_INSTALLER_UPDATESITE_EDIT_DETAILS'); ?></legend>
-			<div class="row-fluid">
-				<div class="span6">
+			<div class="row">
+				<div class="col">
 					<?php foreach ($this->form->getFieldset() as $field): ?>
 						<div class="control-group">
 							<div class="control-label"><?php echo $field->label; ?></div>

diff --git a/administrator/language/en-GB/en-GB.com_installer.ini b/administrator/language/en-GB/en-GB.com_installer.ini
@@ -145,6 +145,7 @@ COM_INSTALLER_MSG_UPDATE_SUCCESS="Updating %s was successful."
 COM_INSTALLER_MSG_UPDATE_UPDATE="Update"
 COM_INSTALLER_MSG_UPDATESITES_DELETE_ERROR="An error has occurred while trying to delete "_QQ_"%s"_QQ_" update site: %s."
 COM_INSTALLER_MSG_UPDATESITES_DELETE_CANNOT_DELETE="%s update site cannot be deleted."
+COM_INSTALLER_MSG_UPDATESITES_DELETE_CANNOT_EDIT="%s update site cannot be editted."
 COM_INSTALLER_MSG_UPDATESITES_N_DELETE_UPDATESITES_DELETED="%s update sites have been deleted."
 COM_INSTALLER_MSG_UPDATESITES_N_DELETE_UPDATESITES_DELETED_1="1 update site has been deleted."
 COM_INSTALLER_MSG_UPDATESITES_REBUILD_EXTENSION_PLUGIN_NOT_ENABLED="The <a href="_QQ_"%s"_QQ_">Joomla Extension Plugin</a> is disabled. This plugin must be enabled to rebuild the update sites."
@@ -190,7 +191,7 @@ COM_INSTALLER_N_ITEMS_UNPUBLISHED_1="%d update site disabled."
 COM_INSTALLER_NEW_INSTALL="New Install"
 COM_INSTALLER_NEW_VERSION="Available"
 COM_INSTALLER_NO_INSTALL_TYPE_FOUND="No Install Type Found"
-COM_INSTALLER_NO_INSTALLATION   _PLUGINS_FOUND="No installation plugin has been enabled. At least one must be enabled to be able to use the installer. Go to the <a href='index.php?option=com_plugins&view=plugins&filter[folder]=installer' title='Plugin Manager'>Plugin Manager</a> to enable the plugins."
+COM_INSTALLER_NO_INSTALLATION_PLUGINS_FOUND="No installation plugin has been enabled. At least one must be enabled to be able to use the installer. Go to the <a href='index.php?option=com_plugins&view=plugins&filter[folder]=installer' title='Plugin Manager'>Plugin Manager</a> to enable the plugins."
 COM_INSTALLER_PACKAGE_DOWNLOAD_FAILED="Failed to download package. Download it and install manually from <a href='%1$s'>%1$s</a>."
 COM_INSTALLER_PACKAGE_FILE="Package File"
 COM_INSTALLER_PREFERENCES_DESCRIPTION="Fine tune how extensions installation and updates work."