Prepare 3.4.5 Release

wilsonge · wilsonge · commit dca641f67e8e · 2015-10-21T22:48:15.000+01:00
diff --git a/administrator/components/com_contenthistory/contenthistory.php b/administrator/components/com_contenthistory/contenthistory.php
@@ -9,6 +9,12 @@
 
 defined('_JEXEC') or die;
 
+// Disallow unauthenticated users
+if (JFactory::getUser()->guest)
+{
+	return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
+}
+
 $controller = JControllerLegacy::getInstance('Contenthistory', array('base_path' => JPATH_COMPONENT_ADMINISTRATOR));
 $controller->execute(JFactory::getApplication()->input->get('task'));
 $controller->redirect();
diff --git a/administrator/components/com_contenthistory/models/compare.php b/administrator/components/com_contenthistory/models/compare.php
@@ -21,20 +21,46 @@ class ContenthistoryModelCompare extends JModelItem
 	/**
 	 * Method to get a version history row.
 	 *
-	 * @return  mixed    On success, array of populated tables. False on failure.
+	 * @return  array|boolean    On success, array of populated tables. False on failure.
 	 *
 	 * @since   3.2
 	 */
 	public function getItems()
 	{
+		$input = JFactory::getApplication()->input;
+
+		/** @var JTableContenthistory $table1 */
 		$table1 = JTable::getInstance('Contenthistory');
+
+		/** @var JTableContenthistory $table2 */
 		$table2 = JTable::getInstance('Contenthistory');
-		$id1 = JFactory::getApplication()->input->getInt('id1');
-		$id2 = JFactory::getApplication()->input->getInt('id2');
+
+		$id1 = $input->getInt('id1');
+		$id2 = $input->getInt('id2');
 		$result = array();
 
 		if ($table1->load($id1) && $table2->load($id2))
 		{
+			// Get the first history record's content type record so we can check ACL
+			/** @var JTableContenttype $contentTypeTable */
+			$contentTypeTable = JTable::getInstance('Contenttype');
+			$ucmTypeId        = $table1->ucm_type_id;
+
+			if (!$contentTypeTable->load($ucmTypeId))
+			{
+				// Assume a failure to load the content type means broken data, abort mission
+				return false;
+			}
+
+			// Access check
+			if (!JFactory::getUser()->authorise('core.edit', $contentTypeTable->type_alias . '.' . (int) $table1->ucm_item_id))
+			{
+				$this->setError(JText::_('JERROR_ALERTNOAUTHOR'));
+
+				return false;
+			}
+
+			// All's well, process the records
 			foreach (array($table1, $table2) as $table)
 			{
 				$object = new stdClass;
@@ -46,9 +72,7 @@ public function getItems()
 
 			return $result;
 		}
-		else
-		{
-			return false;
-		}
+
+		return false;
 	}
 }
diff --git a/administrator/components/com_contenthistory/models/history.php b/administrator/components/com_contenthistory/models/history.php
@@ -43,20 +43,22 @@ public function __construct($config = array())
 	 * Method to test whether a history record can be deleted. Note that we check whether we have edit permissions
 	 * for the content item row.
 	 *
-	 * @param   object  $record  A JTable object.
+	 * @param   JTableContenthistory  $record  A JTable object.
 	 *
 	 * @return  boolean  True if allowed to delete the record. Defaults to the permission set in the component.
 	 *
 	 * @since   3.2
 	 */
 	protected function canEdit($record)
 	{
+		$result = false;
+
 		if (!empty($record->ucm_type_id))
 		{
-			$result = false;
-
 			// Check that the type id matches the type alias
 			$typeAlias = JFactory::getApplication()->input->get('type_alias');
+
+			/** @var JTableContenttype $contentTypeTable */
 			$contentTypeTable = JTable::getInstance('Contenttype', 'JTable');
 
 			if ($contentTypeTable->getTypeId($typeAlias) == $record->ucm_type_id)
@@ -66,7 +68,7 @@ protected function canEdit($record)
 				 * for the content item, not delete permissions for the content history row.
 				 */
 				$user = JFactory::getUser();
-				$result = $user->authorise('core.edit', $typeAlias . (int) $record->version_id);
+				$result = $user->authorise('core.edit', $typeAlias . '.' . (int) $record->ucm_item_id);
 			}
 		}
 
@@ -135,6 +137,51 @@ public function delete(&$pks)
 		return true;
 	}
 
+	/**
+	 * Method to get an array of data items.
+	 *
+	 * @return  mixed  An array of data items on success, false on failure.
+	 *
+	 * @since   3.4.5
+	 */
+	public function getItems()
+	{
+		$items = parent::getItems();
+
+		if ($items === false)
+		{
+			return false;
+		}
+
+		// This should be an array with at least one element
+		if (!is_array($items) || !isset($items[0]))
+		{
+			return $items;
+		}
+
+		// Get the content type's record so we can check ACL
+		/** @var JTableContenttype $contentTypeTable */
+		$contentTypeTable = JTable::getInstance('Contenttype');
+		$ucmTypeId        = $items[0]->ucm_type_id;
+
+		if (!$contentTypeTable->load($ucmTypeId))
+		{
+			// Assume a failure to load the content type means broken data, abort mission
+			return false;
+		}
+
+		// Access check
+		if (!JFactory::getUser()->authorise('core.edit', $contentTypeTable->type_alias . '.' . (int) $items[0]->ucm_item_id))
+		{
+			$this->setError(JText::_('JERROR_ALERTNOAUTHOR'));
+
+			return false;
+		}
+
+		// All good, return the items array
+		return $items;
+	}
+
 	/**
 	 * Method to get a table object, load it if necessary.
 	 *
diff --git a/administrator/components/com_contenthistory/models/preview.php b/administrator/components/com_contenthistory/models/preview.php
@@ -18,31 +18,48 @@
  */
 class ContenthistoryModelPreview extends JModelItem
 {
-
 	/**
 	 * Method to get a version history row.
 	 *
-	 * @return mixed    On success, standard object with row data. False on failure.
+	 * @return  stdClass|boolean    On success, standard object with row data. False on failure.
 	 *
 	 * @since   3.2
 	 */
 	public function getItem()
 	{
+		/** @var JTableContenthistory $table */
 		$table = JTable::getInstance('Contenthistory');
 		$versionId = JFactory::getApplication()->input->getInt('version_id');
 
-		if ($table->load($versionId))
+		if (!$table->load($versionId))
+		{
+			return false;
+		}
+
+		// Get the content type's record so we can check ACL
+		/** @var JTableContenttype $contentTypeTable */
+		$contentTypeTable = JTable::getInstance('Contenttype');
+
+		if (!$contentTypeTable->load($table->ucm_type_id))
 		{
-			$result = new stdClass;
-			$result->save_date = $table->save_date;
-			$result->version_note = $table->version_note;
-			$result->data = ContenthistoryHelper::prepareData($table);
+			// Assume a failure to load the content type means broken data, abort mission
+			return false;
 		}
-		else
+
+		// Access check
+		if (!JFactory::getUser()->authorise('core.edit', $contentTypeTable->type_alias . '.' . (int) $table->ucm_item_id))
 		{
-			$result = false;
+			$this->setError(JText::_('JERROR_ALERTNOAUTHOR'));
+
+			return false;
 		}
 
+		// Good to go, finish processing the data
+		$result = new stdClass;
+		$result->save_date = $table->save_date;
+		$result->version_note = $table->version_note;
+		$result->data = ContenthistoryHelper::prepareData($table);
+
 		return $result;
 	}
 }
diff --git a/administrator/manifests/files/joomla.xml b/administrator/manifests/files/joomla.xml
@@ -6,8 +6,8 @@
 	<authorUrl>www.joomla.org</authorUrl>
 	<copyright>(C) 2005 - 2015 Open Source Matters. All rights reserved</copyright>
 	<license>GNU General Public License version 2 or later; see LICENSE.txt</license>
-	<version>3.4.4</version>
-	<creationDate>September 2015</creationDate>
+	<version>3.4.5</version>
+	<creationDate>October 2015</creationDate>
 	<description>FILES_JOOMLA_XML_DESCRIPTION</description>
 
 	<scriptfile>administrator/components/com_admin/script.php</scriptfile>
diff --git a/components/com_content/content.php b/components/com_content/content.php
@@ -12,6 +12,28 @@
 require_once JPATH_COMPONENT . '/helpers/route.php';
 require_once JPATH_COMPONENT . '/helpers/query.php';
 
+$input = JFactory::getApplication()->input;
+$user  = JFactory::getUser();
+
+if ($input->get('view') === 'article' && $input->get('layout') === 'pagebreak')
+{
+	if (!$user->authorise('core.edit', 'com_content'))
+	{
+		JFactory::getApplication()->enqueueMessage(JText::_('JERROR_ALERTNOAUTHOR'), 'warning');
+
+		return;
+	}
+}
+elseif ($input->get('view') === 'articles' && $input->get('layout') === 'modal')
+{
+	if (!$user->authorise('core.edit', 'com_content'))
+	{
+		JFactory::getApplication()->enqueueMessage(JText::_('JERROR_ALERTNOAUTHOR'), 'warning');
+
+		return;
+	}
+}
+
 $controller = JControllerLegacy::getInstance('Content');
-$controller->execute(JFactory::getApplication()->input->get('task'));
+$controller->execute($input->get('task'));
 $controller->redirect();
diff --git a/libraries/cms/version/version.php b/libraries/cms/version/version.php
@@ -23,7 +23,7 @@ final class JVersion
 	public $RELEASE = '3.4';
 
 	/** @var  string  Maintenance version. */
-	public $DEV_LEVEL = '4';
+	public $DEV_LEVEL = '5';
 
 	/** @var  string  Development STATUS. */
 	public $DEV_STATUS = 'Stable';
@@ -35,7 +35,7 @@ final class JVersion
 	public $CODENAME = 'Ember';
 
 	/** @var  string  Release date. */
-	public $RELDATE = '8-September-2015';
+	public $RELDATE = '22-October-2015';
 
 	/** @var  string  Release time. */
 	public $RELTIME = '21:30';
diff --git a/libraries/joomla/filter/input.php b/libraries/joomla/filter/input.php
@@ -441,7 +441,7 @@ public static function isSafeFile($file, $options = array())
 					$explodedName = explode('.', $intendedName);
 					$explodedName =	array_reverse($explodedName);
 					array_pop($explodedName);
-					array_map('strtolower', $explodedName);
+					$explodedName = array_map('strtolower', $explodedName);
 
 					/*
 					 * DO NOT USE array_intersect HERE! array_intersect expects the two arrays to
@@ -468,10 +468,9 @@ public static function isSafeFile($file, $options = array())
 
 						while (!feof($fp))
 						{
-							$buffer = @fread($fp, 131072);
-							$data .= $buffer;
+							$data .= @fread($fp, 131072);
 
-							if ($options['php_tag_in_content'] && strstr($buffer, '<?php'))
+							if ($options['php_tag_in_content'] && stristr($data, '<?php'))
 							{
 								return false;
 							}
@@ -506,7 +505,7 @@ public static function isSafeFile($file, $options = array())
 								if ($collide)
 								{
 									// These are suspicious text files which may have the short tag (<?) in them
-									if (strstr($buffer, '<?'))
+									if (strstr($data, '<?'))
 									{
 										return false;
 									}
@@ -548,7 +547,7 @@ public static function isSafeFile($file, $options = array())
 									 */
 									foreach ($options['forbidden_extensions'] as $ext)
 									{
-										if (strstr($buffer, '.' . $ext))
+										if (strstr($data, '.' . $ext))
 										{
 											return false;
 										}
@@ -560,7 +559,7 @@ public static function isSafeFile($file, $options = array())
 							 * This makes sure that we don't accidentally skip a <?php tag if it's across
 							 * a read boundary, even on multibyte strings
 							 */
-							$data = substr($data, -8);
+							$data = substr($data, -10);
 						}
 
 						fclose($fp);
diff --git a/libraries/legacy/model/list.php b/libraries/legacy/model/list.php
diff --git a/tests/unit/suites/libraries/legacy/model/JModelListTest.php b/tests/unit/suites/libraries/legacy/model/JModelListTest.php

Original file line number	Diff line number	Diff line change
`@@ -441,7 +441,7 @@ public static function isSafeFile($file, $options = array())`
`441`	`441`	`$explodedName = explode('.', $intendedName);`
`442`	`442`	`$explodedName = array_reverse($explodedName);`
`443`	`443`	`array_pop($explodedName);`
`444`		`- array_map('strtolower', $explodedName);`
	`444`	`+ $explodedName = array_map('strtolower', $explodedName);`
`445`	`445`
`446`	`446`	`/*`
`447`	`447`	`* DO NOT USE array_intersect HERE! array_intersect expects the two arrays to`
`@@ -468,10 +468,9 @@ public static function isSafeFile($file, $options = array())`
`468`	`468`
`469`	`469`	`while (!feof($fp))`
`470`	`470`	`{`
`471`		`- $buffer = @fread($fp, 131072);`
`472`		`- $data .= $buffer;`
	`471`	`+ $data .= @fread($fp, 131072);`
`473`	`472`
`474`		`- if ($options['php_tag_in_content'] && strstr($buffer, '<?php'))`
	`473`	`+ if ($options['php_tag_in_content'] && stristr($data, '<?php'))`
`475`	`474`	`{`
`476`	`475`	`return false;`
`477`	`476`	`}`
`@@ -506,7 +505,7 @@ public static function isSafeFile($file, $options = array())`
`506`	`505`	`if ($collide)`
`507`	`506`	`{`
`508`	`507`	`// These are suspicious text files which may have the short tag (<?) in them`
`509`		`- if (strstr($buffer, '<?'))`
	`508`	`+ if (strstr($data, '<?'))`
`510`	`509`	`{`
`511`	`510`	`return false;`
`512`	`511`	`}`
`@@ -548,7 +547,7 @@ public static function isSafeFile($file, $options = array())`
`548`	`547`	`*/`
`549`	`548`	`foreach ($options['forbidden_extensions'] as $ext)`
`550`	`549`	`{`
`551`		`- if (strstr($buffer, '.' . $ext))`
	`550`	`+ if (strstr($data, '.' . $ext))`
`552`	`551`	`{`
`553`	`552`	`return false;`
`554`	`553`	`}`
`@@ -560,7 +559,7 @@ public static function isSafeFile($file, $options = array())`
`560`	`559`	`* This makes sure that we don't accidentally skip a <?php tag if it's across`
`561`	`560`	`* a read boundary, even on multibyte strings`
`562`	`561`	`*/`
`563`		`- $data = substr($data, -8);`
	`562`	`+ $data = substr($data, -10);`
`564`	`563`	`}`
`565`	`564`
`566`	`565`	`fclose($fp);`