Merge branch '4.2-dev' into deprecated-2

joomla · Oct 27, 2022 · eb9fa72 · eb9fa72
2 parents bb1ffff + ca502d1
commit eb9fa72
Show file tree

Hide file tree

Showing 26 changed files with 255 additions and 43 deletions.
diff --git a/.github/workflows/cacert-update.yml b/.github/workflows/cacert-update.yml
@@ -20,7 +20,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           ref: 3.10-dev
 
@@ -33,7 +33,7 @@ jobs:
         run: cp "libraries/src/Http/Transport/cacert.pem" "libraries/fof/download/adapter/cacert.pem"
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v3
+        uses: peter-evans/create-pull-request@v4
         id: cpr
         with:
           branch: mozilla_ca_update

diff --git a/.github/workflows/create-translation-pull-request-v4.yml b/.github/workflows/create-translation-pull-request-v4.yml
@@ -22,13 +22,13 @@ jobs:
     if: ${{ github.repository == 'joomla-translation-bot/joomla-cms' && github.ref == 'refs/heads/translation' }}
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         # We need the full depth to create / update the pull request against the main repo
         with:
           fetch-depth: 0
-      - uses: actions/setup-node@v1
+      - uses: actions/setup-node@v3
         with:
-          node-version: 12
+          node-version: 16
 
       - name: Fetch latest cms changes
         run: |

diff --git a/administrator/components/com_languages/tmpl/language/edit.php b/administrator/components/com_languages/tmpl/language/edit.php
@@ -22,7 +22,7 @@
 
 ?>
 
-<h2><?php echo $this->form->getValue('title', null, Text::_('COM_LANGUAGES_LANGUAGE_NEW_LANGUAGE_TITLE')); ?></h2>
+<h2><?php echo $this->escape($this->form->getValue('title', null, Text::_('COM_LANGUAGES_LANGUAGE_NEW_LANGUAGE_TITLE'))); ?></h2>
 
 <form action="<?php echo Route::_('index.php?option=com_languages&view=language&layout=edit&lang_id=' . (int) $this->item->lang_id); ?>" method="post" name="adminForm" id="language-form" aria-label="<?php echo Text::_('COM_LANGUAGES_LANGUAGE_FORM_' . ((int) $this->item->lang_id === 0 ? 'NEW' : 'EDIT'), true); ?>" class="main-card form-validate">
 

diff --git a/administrator/components/com_users/tmpl/user/edit.php b/administrator/components/com_users/tmpl/user/edit.php
@@ -33,7 +33,7 @@
 ?>
 <form action="<?php echo Route::_('index.php?option=com_users&layout=edit&id=' . (int) $this->item->id); ?>" method="post" name="adminForm" id="user-form" enctype="multipart/form-data" aria-label="<?php echo Text::_('COM_USERS_USER_FORM_' . ((int) $this->item->id === 0 ? 'NEW' : 'EDIT'), true); ?>" class="form-validate">
 
-    <h2><?php echo $this->form->getValue('name', null, Text::_('COM_USERS_USER_NEW_USER_TITLE')); ?></h2>
+    <h2><?php echo $this->escape($this->form->getValue('name', null, Text::_('COM_USERS_USER_NEW_USER_TITLE'))); ?></h2>
 
     <div class="main-card">
         <?php echo HTMLHelper::_('uitab.startTabSet', 'myTab', ['active' => 'details', 'recall' => true, 'breakpoint' => 768]); ?>

diff --git a/administrator/language/en-GB/com_media.ini b/administrator/language/en-GB/com_media.ini
@@ -80,7 +80,7 @@ COM_MEDIA_MEDIA_NAME="Name"
 COM_MEDIA_MEDIA_SIZE="Size"
 COM_MEDIA_MEDIA_TYPE="Type"
 COM_MEDIA_NAME="Name"
-; The string COM_MEDIA_OPEN_ITEM_ACTIONS is deprecated and no longer in use as of __DEPLOY_VERSION__
+; The string COM_MEDIA_OPEN_ITEM_ACTIONS is deprecated and no longer in use as of 4.2.4
 ; Please use the string COM_MEDIA_MANAGE_ITEM (with the file name) instead.
 COM_MEDIA_OPEN_ITEM_ACTIONS="Open item actions"
 COM_MEDIA_PLEASE_SELECT_ITEM="Please select item."

diff --git a/administrator/language/en-GB/install.xml b/administrator/language/en-GB/install.xml
@@ -2,8 +2,8 @@
 <extension client="administrator" type="language" method="upgrade">
 	<name>English (en-GB)</name>
 	<tag>en-GB</tag>
-	<version>4.2.4</version>
-	<creationDate>2022-09</creationDate>
+	<version>4.2.5</version>
+	<creationDate>2022-10</creationDate>
 	<author>Joomla! Project</author>
 	<authorEmail>admin@joomla.org</authorEmail>
 	<authorUrl>www.joomla.org</authorUrl>

diff --git a/administrator/language/en-GB/langmetadata.xml b/administrator/language/en-GB/langmetadata.xml
@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="utf-8"?>
 <metafile client="administrator">
 	<name>English (en-GB)</name>
-	<version>4.2.4</version>
-	<creationDate>2022-09</creationDate>
+	<version>4.2.5</version>
+	<creationDate>2022-10</creationDate>
 	<author>Joomla! Project</author>
 	<authorEmail>admin@joomla.org</authorEmail>
 	<authorUrl>www.joomla.org</authorUrl>

diff --git a/administrator/language/en-GB/plg_system_debug.ini b/administrator/language/en-GB/plg_system_debug.ini
@@ -31,6 +31,8 @@ PLG_DEBUG_FIELD_STRIP_PREFIX_DESC="Strip words from the beginning of the string.
 PLG_DEBUG_FIELD_STRIP_PREFIX_LABEL="Strip From Start"
 PLG_DEBUG_FIELD_STRIP_SUFFIX_DESC="Strip words from the end of the string. For multiple words, use the format: (word1|word2)."
 PLG_DEBUG_FIELD_STRIP_SUFFIX_LABEL="Strip From End"
+PLG_DEBUG_FIELD_TRACK_REQUEST_HISTORY_LABEL="Track Request History"
+PLG_DEBUG_FIELD_TRACK_REQUEST_HISTORY_DESC="When enabled this saves the request history data into the filesystem for future analysis. This data may include passwords and secret tokens. Only enable this for a short period of time as the file can be read by anyone with read access to the cache folder. When this setting is subsequently disabled it is strongly recommended to clear the Site Cache!"
 PLG_DEBUG_LANG_LOADED="Loaded"
 PLG_DEBUG_LANG_NOT_LOADED="Not loaded"
 PLG_DEBUG_LANGUAGE_FIELDSET_LABEL="Language"

diff --git a/administrator/manifests/files/joomla.xml b/administrator/manifests/files/joomla.xml
@@ -6,8 +6,8 @@
 	<authorUrl>www.joomla.org</authorUrl>
 	<copyright>(C) 2019 Open Source Matters, Inc.</copyright>
 	<license>GNU General Public License version 2 or later; see LICENSE.txt</license>
-	<version>4.2.4-dev</version>
-	<creationDate>2022-09</creationDate>
+	<version>4.2.5-dev</version>
+	<creationDate>2022-10</creationDate>
 	<description>FILES_JOOMLA_XML_DESCRIPTION</description>
 
 	<scriptfile>administrator/components/com_admin/script.php</scriptfile>

diff --git a/administrator/manifests/packages/pkg_en-GB.xml b/administrator/manifests/packages/pkg_en-GB.xml
@@ -2,8 +2,8 @@
 <extension type="package" method="upgrade">
 	<name>English (en-GB) Language Pack</name>
 	<packagename>en-GB</packagename>
-	<version>4.2.4.1</version>
-	<creationDate>2022-09</creationDate>
+	<version>4.2.5.1</version>
+	<creationDate>2022-10</creationDate>
 	<author>Joomla! Project</author>
 	<authorEmail>admin@joomla.org</authorEmail>
 	<authorUrl>www.joomla.org</authorUrl>

diff --git a/api/language/en-GB/install.xml b/api/language/en-GB/install.xml
@@ -2,8 +2,8 @@
 <extension client="api" type="language" method="upgrade">
 	<name>English (en-GB)</name>
 	<tag>en-GB</tag>
-	<version>4.2.4</version>
-	<creationDate>2022-09</creationDate>
+	<version>4.2.5</version>
+	<creationDate>2022-10</creationDate>
 	<author>Joomla! Project</author>
 	<authorEmail>admin@joomla.org</authorEmail>
 	<authorUrl>www.joomla.org</authorUrl>

diff --git a/api/language/en-GB/langmetadata.xml b/api/language/en-GB/langmetadata.xml
@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="utf-8"?>
 <metafile client="api">
 	<name>English (en-GB)</name>
-	<version>4.2.4</version>
-	<creationDate>2022-09</creationDate>
+	<version>4.2.5</version>
+	<creationDate>2022-10</creationDate>
 	<author>Joomla! Project</author>
 	<authorEmail>admin@joomla.org</authorEmail>
 	<authorUrl>www.joomla.org</authorUrl>

diff --git a/installation/language/en-GB/langmetadata.xml b/installation/language/en-GB/langmetadata.xml
@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="utf-8"?>
 <metafile client="installation">
 	<name>English (United Kingdom)</name>
-	<version>4.2.4</version>
-	<creationDate>2022-09</creationDate>
+	<version>4.2.5</version>
+	<creationDate>2022-10</creationDate>
 	<author>Joomla! Project</author>
 	<copyright>(C) 2005 Open Source Matters, Inc.</copyright>
 	<license>GNU General Public License version 2 or later; see LICENSE.txt</license>

diff --git a/language/en-GB/com_media.ini b/language/en-GB/com_media.ini
@@ -93,7 +93,7 @@ COM_MEDIA_MEDIA_TYPE="Type"
 COM_MEDIA_NAME="Image Name"
 COM_MEDIA_NO_IMAGES_FOUND="No Images Found"
 COM_MEDIA_NOT_SET="Not Set"
-; The string COM_MEDIA_OPEN_ITEM_ACTIONS is deprecated and no longer in use as of __DEPLOY_VERSION__
+; The string COM_MEDIA_OPEN_ITEM_ACTIONS is deprecated and no longer in use as of 4.2.4
 ; Please use the string COM_MEDIA_MANAGE_ITEM (with the file name) instead.
 COM_MEDIA_OPEN_ITEM_ACTIONS="Open item actions"
 COM_MEDIA_OVERALL_PROGRESS="Overall Progress"

diff --git a/language/en-GB/install.xml b/language/en-GB/install.xml
@@ -2,8 +2,8 @@
 <extension client="site" type="language" method="upgrade">
 	<name>English (en-GB)</name>
 	<tag>en-GB</tag>
-	<version>4.2.4</version>
-	<creationDate>2022-09</creationDate>
+	<version>4.2.5</version>
+	<creationDate>2022-10</creationDate>
 	<author>Joomla! Project</author>
 	<authorEmail>admin@joomla.org</authorEmail>
 	<authorUrl>www.joomla.org</authorUrl>

diff --git a/language/en-GB/langmetadata.xml b/language/en-GB/langmetadata.xml
@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="utf-8"?>
 <metafile client="site">
 	<name>English (en-GB)</name>
-	<version>4.2.4</version>
-	<creationDate>2022-09</creationDate>
+	<version>4.2.5</version>
+	<creationDate>2022-10</creationDate>
 	<author>Joomla! Project</author>
 	<authorEmail>admin@joomla.org</authorEmail>
 	<authorUrl>www.joomla.org</authorUrl>

diff --git a/libraries/src/Form/Rule/CaptchaRule.php b/libraries/src/Form/Rule/CaptchaRule.php
@@ -43,13 +43,15 @@ class CaptchaRule extends FormRule
      */
     public function test(\SimpleXMLElement $element, $value, $group = null, Registry $input = null, Form $form = null)
     {
-        $app    = Factory::getApplication();
-        $plugin = $app->get('captcha');
+        $app     = Factory::getApplication();
+        $default = $app->get('captcha');
 
         if ($app->isClient('site')) {
-            $plugin = $app->getParams()->get('captcha', $plugin);
+            $default = $app->getParams()->get('captcha', $default);
         }
 
+        $plugin = $element['plugin'] ? (string) $element['plugin'] : $default;
+
         $namespace = $element['namespace'] ?: $form->getName();
 
         // Use 0 for none

diff --git a/libraries/src/Version.php b/libraries/src/Version.php
@@ -55,7 +55,7 @@ final class Version
      * @var    integer
      * @since  3.8.0
      */
-    public const PATCH_VERSION = 4;
+    public const PATCH_VERSION = 5;
 
     /**
      * Extra release version info.
@@ -90,15 +90,15 @@ final class Version
      * @var    string
      * @since  3.5
      */
-    public const RELDATE = '27-September-2022';
+    public const RELDATE = '25-October-2022';
 
     /**
      * Release time.
      *
      * @var    string
      * @since  3.5
      */
-    public const RELTIME = '15:40';
+    public const RELTIME = '16:30';
 
     /**
      * Release timezone.

diff --git a/libraries/src/Workflow/WorkflowPluginTrait.php b/libraries/src/Workflow/WorkflowPluginTrait.php
@@ -30,7 +30,7 @@ trait WorkflowPluginTrait
      * @param   Form      $form The form
      * @param   \stdClass $data The data
      *
-     * @return  boolean
+     * @return  boolean|\stdClass
      *
      * @since   4.0.0
      */

diff --git a/plugins/system/debug/debug.php b/plugins/system/debug/debug.php
@@ -12,7 +12,6 @@
 
 use DebugBar\DataCollector\MemoryCollector;
 use DebugBar\DataCollector\MessagesCollector;
-use DebugBar\DataCollector\RequestDataCollector;
 use DebugBar\DebugBar;
 use DebugBar\OpenHandler;
 use Joomla\Application\ApplicationEvents;
@@ -34,7 +33,9 @@
 use Joomla\Plugin\System\Debug\DataCollector\LanguageStringsCollector;
 use Joomla\Plugin\System\Debug\DataCollector\ProfileCollector;
 use Joomla\Plugin\System\Debug\DataCollector\QueryCollector;
+use Joomla\Plugin\System\Debug\DataCollector\RequestDataCollector;
 use Joomla\Plugin\System\Debug\DataCollector\SessionCollector;
+use Joomla\Plugin\System\Debug\DataCollector\UserCollector;
 use Joomla\Plugin\System\Debug\JavascriptRenderer;
 use Joomla\Plugin\System\Debug\JoomlaHttpDriver;
 use Joomla\Plugin\System\Debug\Storage\FileStorage;
@@ -50,6 +51,13 @@
  */
 class PlgSystemDebug extends CMSPlugin implements SubscriberInterface
 {
+    /**
+     * List of protected keys that will be redacted in multiple data collected
+     *
+     * @since  4.2.4
+     */
+    public const PROTECTED_COLLECTOR_KEYS = "/password|passwd|pwd|secret|token|server_auth|_pass|smtppass|otpKey|otep/i";
+
     /**
      * True if debug lang is on.
      *
@@ -194,10 +202,14 @@ public function __construct(&$subject, $config)
             $this->db->setMonitor(null);
         }
 
-        $storagePath = JPATH_CACHE . '/plg_system_debug_' . $this->app->getName();
-
         $this->debugBar = new DebugBar();
-        $this->debugBar->setStorage(new FileStorage($storagePath));
+
+        // Check whether we want to track the request history for future use.
+        if ($this->params->get('track_request_history', false)) {
+            $storagePath = JPATH_CACHE . '/plg_system_debug_' . $this->app->getName();
+            $this->debugBar->setStorage(new FileStorage($storagePath));
+        }
+
         $this->debugBar->setHttpDriver(new JoomlaHttpDriver($this->app));
 
         $this->isAjax = $this->app->input->get('option') === 'com_ajax'
@@ -280,6 +292,7 @@ public function onAfterRespond()
         $this->loadLanguage();
 
         $this->debugBar->addCollector(new InfoCollector($this->params, $this->debugBar->getCurrentRequestId()));
+        $this->debugBar->addCollector(new UserCollector());
 
         if (JDEBUG) {
             if ($this->params->get('memory', 1)) {

diff --git a/plugins/system/debug/debug.xml b/plugins/system/debug/debug.xml
@@ -141,6 +141,19 @@
 					<option value="0">JHIDE</option>
 					<option value="1">JSHOW</option>
 				</field>
+
+				<field
+					name="track_request_history"
+					type="radio"
+					label="PLG_DEBUG_FIELD_TRACK_REQUEST_HISTORY_LABEL"
+					description="PLG_DEBUG_FIELD_TRACK_REQUEST_HISTORY_DESC"
+					layout="joomla.form.field.radio.switcher"
+					default="0"
+					filter="integer"
+					>
+					<option value="0">JDISABLED</option>
+					<option value="1">JENABLED</option>
+				</field>
 			</fieldset>
 
 			<fieldset

diff --git a/plugins/system/debug/src/DataCollector/RequestDataCollector.php b/plugins/system/debug/src/DataCollector/RequestDataCollector.php
@@ -0,0 +1,60 @@
+<?php
+
+/**
+ * @package     Joomla.Plugin
+ * @subpackage  System.Debug
+ *
+ * @copyright   (C) 2022 Open Source Matters, Inc. <https://www.joomla.org>
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
+ */
+
+namespace Joomla\Plugin\System\Debug\DataCollector;
+
+// phpcs:disable PSR1.Files.SideEffects
+\defined('_JEXEC') or die;
+// phpcs:enable PSR1.Files.SideEffects
+
+/**
+ * Collects info about the request content while redacting potentially secret content
+ *
+ * @since  4.2.4
+ */
+class RequestDataCollector extends \DebugBar\DataCollector\RequestDataCollector
+{
+    /**
+     * Called by the DebugBar when data needs to be collected
+     *
+     * @since  4.2.4
+     *
+     * @return array
+     */
+    public function collect()
+    {
+        $vars = array('_GET', '_POST', '_SESSION', '_COOKIE', '_SERVER');
+        $returnData = array();
+
+        foreach ($vars as $var) {
+            if (isset($GLOBALS[$var])) {
+                $key = "$" . $var;
+
+                $data = $GLOBALS[$var];
+
+                array_walk_recursive($data, static function (&$value, $key) {
+                    if (!preg_match(\PlgSystemDebug::PROTECTED_COLLECTOR_KEYS, $key)) {
+                        return;
+                    }
+
+                    $value = '***redacted***';
+                });
+
+                if ($this->isHtmlVarDumperUsed()) {
+                    $returnData[$key] = $this->getVarDumper()->renderVar($data);
+                } else {
+                    $returnData[$key] = $this->getDataFormatter()->formatVar($data);
+                }
+            }
+        }
+
+        return $returnData;
+    }
+}