[CMS PR 35874] Add stuff from system templates to deleted files and folders and files for preview images to the move to media folder

[richard67]

Pull Request for Issue # .

Summary of Changes

1. Add stuff from system templates to deleted files and folders.
2. Add moving of single files (here the preview images) to the procedure for moving to the media folder.
3. Don't delete preview images with the regular delete procedure doe to the previous change.
4. Create parent folders at target path if necessary.
5. Use short array syntax because the function is only present at 4.1 or later.
6. Clean up unnecessary assignment of the result of Folder::exists in the if condition (was copied from elsewhere).

@dgrammatiko Question: Does it really need to move the preview images? It only makes sense if they could have been modified by the user. If not, they would be in the update package for the media folder and deleted with the regular file delete at the old place, i.e. changes 2. and 3. should be reverted.

[dgrammatiko]

Does it really need to move the preview images?

There are 2 possible solutions here:

• move the files to media (which is a publicly accessible folder)
• keep the files in their existing place and add a controller function to stream them

I find using PHP for this task is overkill thus I went with the move of the files. Just a reminder that all these files moving make sense if you consider the reason behind them: keep the templates folder inaccessible from the browser, the entry points for any well-tuned Joomla site should be:

• images
• media
• index.php
• administrator/index.php
• api/index.php
• administrator/com_joomlaupdate/extract.php (or update.php)
• everything else should not be accessible from the browser or the surface of attack is hugely increased

[richard67]

Does it really need to move the preview images?

There are 2 possible solutions here:

* move the files to media (which is a publicly accessible folder)

* keep the files in their existing place and add a controller function to stream them

I find using PHP for this task is overkill thus I went with the move of the files. Just a reminder that all these files moving make sense if you consider the reason behind them: keep the templates folder inaccessible from the browser, the entry points for any well-tuned Joomla site should be:

* `images`

* `media`

* `index.php`

* `administrator/index.php`

* `api/index.php`

* `administrator/com_joomlaupdate/extract.php` (or update.php)

* everything else **should not be accessible from the browser** or the surface of attack is hugely increased

@dgrammatiko I still don't get why it needs to move the preview images. Can they really have been modified by a user for a core template and do we want to keep these modifications?