Merge branch '4.0-dev' into 4.0-dev-update-file-and-folder-removal-in-script-2021-05-08

Author: richard67

administrator/components/com_joomlaupdate/restore.php

@@ -11,7 +11,6 @@
 
 \defined('_JEXEC') or die;
 
-use Joomla\CMS\Client\ClientHelper;
 use Joomla\CMS\Language\Text;
 use Joomla\CMS\MVC\Controller\BaseController;
 use Joomla\CMS\Response\JsonResponse;
@@ -46,8 +45,6 @@ public function display($cachable = false, $urlparams = false)
 		// Get and render the view.
 		if ($view = $this->getView($vName, $vFormat))
 		{
-			ClientHelper::setCredentialsFromRequest('ftp');
-
 			// Get the model for the view.
 			/** @var \Joomla\Component\Joomlaupdate\Administrator\Model\UpdateModel $model */
 			$model = $this->getModel('Update');

administrator/components/com_joomlaupdate/src/Controller/DisplayController.php

@@ -11,7 +11,6 @@
 
 \defined('_JEXEC') or die;
 
-use Joomla\CMS\Client\ClientHelper;
 use Joomla\CMS\Factory;
 use Joomla\CMS\Filesystem\File;
 use Joomla\CMS\Language\Text;
@@ -41,7 +40,7 @@ public function download()
 		$options['format'] = '{DATE}\t{TIME}\t{LEVEL}\t{CODE}\t{MESSAGE}';
 		$options['text_file'] = 'joomla_update.php';
 		Log::addLogger($options, Log::INFO, array('Update', 'databasequery', 'jerror'));
-		$user = Factory::getUser();
+		$user = $this->app->getIdentity();
 
 		try
 		{
@@ -52,8 +51,6 @@ public function download()
 			// Informational log only
 		}
 
-		$this->_applyCredentials();
-
 		/** @var \Joomla\Component\Joomlaupdate\Administrator\Model\UpdateModel $model */
 		$model  = $this->getModel('Update');
 		$result = $model->download();
@@ -119,7 +116,7 @@ public function download()
 	public function install()
 	{
 		$this->checkToken('get');
-		Factory::getApplication()->setUserState('com_joomlaupdate.oldversion', JVERSION);
+		$this->app->setUserState('com_joomlaupdate.oldversion', JVERSION);
 
 		$options['format'] = '{DATE}\t{TIME}\t{LEVEL}\t{CODE}\t{MESSAGE}';
 		$options['text_file'] = 'joomla_update.php';
@@ -134,12 +131,10 @@ public function install()
 			// Informational log only
 		}
 
-		$this->_applyCredentials();
-
 		/** @var \Joomla\Component\Joomlaupdate\Administrator\Model\UpdateModel $model */
 		$model = $this->getModel('Update');
 
-		$file = Factory::getApplication()->getUserState('com_joomlaupdate.file', null);
+		$file = $this->app->getUserState('com_joomlaupdate.file', null);
 		$model->createRestorationFile($file);
 
 		$this->display();
@@ -178,8 +173,6 @@ public function finalise()
 			// Informational log only
 		}
 
-		$this->_applyCredentials();
-
 		/** @var \Joomla\Component\Joomlaupdate\Administrator\Model\UpdateModel $model */
 		$model = $this->getModel('Update');
 
@@ -222,8 +215,6 @@ public function cleanup()
 			// Informational log only
 		}
 
-		$this->_applyCredentials();
-
 		/** @var \Joomla\Component\Joomlaupdate\Administrator\Model\UpdateModel $model */
 		$model = $this->getModel('Update');
 
@@ -276,9 +267,7 @@ public function upload()
 		$this->checkToken();
 
 		// Did a non Super User tried to upload something (a.k.a. pathetic hacking attempt)?
-		Factory::getUser()->authorise('core.admin') or jexit(Text::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN'));
-
-		$this->_applyCredentials();
+		$this->app->getIdentity()->authorise('core.admin') or jexit(Text::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN'));
 
 		/** @var \Joomla\Component\Joomlaupdate\Administrator\Model\UpdateModel $model */
 		$model = $this->getModel('Update');
@@ -313,13 +302,13 @@ public function captive()
 		$this->checkToken('get');
 
 		// Did a non Super User tried to upload something (a.k.a. pathetic hacking attempt)?
-		if (!Factory::getUser()->authorise('core.admin'))
+		if (!$this->app->getIdentity()->authorise('core.admin'))
 		{
 			throw new \RuntimeException(Text::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN'), 403);
 		}
 
 		// Do I really have an update package?
-		$tempFile = Factory::getApplication()->getUserState('com_joomlaupdate.temp_file', null);
+		$tempFile = $this->app->getUserState('com_joomlaupdate.temp_file', null);
 
 		if (empty($tempFile) || !File::exists($tempFile))
 		{
@@ -434,33 +423,6 @@ public function display($cachable = false, $urlparams = array())
 		return $this;
 	}
 
-	/**
-	 * Applies FTP credentials to Joomla! itself, when required
-	 *
-	 * @return  void
-	 *
-	 * @since   2.5.4
-	 */
-	protected function _applyCredentials()
-	{
-		$this->app->getUserStateFromRequest('com_joomlaupdate.method', 'method', 'direct', 'cmd');
-
-		if (!ClientHelper::hasCredentials('ftp'))
-		{
-			$user = $this->app->getUserStateFromRequest('com_joomlaupdate.ftp_user', 'ftp_user', null, 'raw');
-			$pass = $this->app->getUserStateFromRequest('com_joomlaupdate.ftp_pass', 'ftp_pass', null, 'raw');
-
-			if ($user != '' && $pass != '')
-			{
-				// Add credentials to the session
-				if (!ClientHelper::setCredentials('ftp', $user, $pass))
-				{
-					$this->app->enqueueMessage(Text::_('JLIB_CLIENT_ERROR_HELPER_SETCREDENTIALSFROMREQUEST_FAILED'), 'warning');
-				}
-			}
-		}
-	}
-
 	/**
 	 * Checks the admin has super administrator privileges and then proceeds with the final & cleanup steps.
 	 *
@@ -474,7 +436,7 @@ public function finaliseconfirm()
 		$this->checkToken();
 
 		// Did a non Super User try do this?
-		if (!Factory::getUser()->authorise('core.admin'))
+		if (!$this->app->getIdentity()->authorise('core.admin'))
 		{
 			throw new \RuntimeException(Text::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN'), 403);
 		}

administrator/components/com_joomlaupdate/src/Controller/UpdateController.php

@@ -12,14 +12,10 @@
 \defined('_JEXEC') or die;
 
 use Joomla\CMS\Authentication\Authentication;
-use Joomla\CMS\Client\ClientHelper;
-use Joomla\CMS\Client\FtpClient;
 use Joomla\CMS\Component\ComponentHelper;
 use Joomla\CMS\Extension\ExtensionHelper;
 use Joomla\CMS\Factory;
 use Joomla\CMS\Filesystem\File;
-use Joomla\CMS\Filesystem\Folder;
-use Joomla\CMS\Filesystem\Path;
 use Joomla\CMS\Filter\InputFilter;
 use Joomla\CMS\Http\Http;
 use Joomla\CMS\Http\HttpFactory;
@@ -252,27 +248,6 @@ public function getUpdateInformation()
 		return $this->updateInformation;
 	}
 
-	/**
-	 * Returns an array with the configured FTP options.
-	 *
-	 * @return  array
-	 *
-	 * @since   2.5.4
-	 */
-	public function getFTPOptions()
-	{
-		$config = Factory::getApplication()->getConfig();
-
-		return array(
-			'host'      => $config->get('ftp_host'),
-			'port'      => $config->get('ftp_port'),
-			'username'  => $config->get('ftp_user'),
-			'password'  => $config->get('ftp_pass'),
-			'directory' => $config->get('ftp_root'),
-			'enabled'   => $config->get('ftp_enable'),
-		);
-	}
-
 	/**
 	 * Removes all of the updates from the table and enable all update streams.
 	 *
@@ -494,14 +469,10 @@ public function createRestorationFile($basename = null)
 		// Get a password
 		$password = UserHelper::genRandomPassword(32);
 		$app = Factory::getApplication();
-		$app->setUserState('com_joomlaupdate.password', $password);
 
 		// Trigger event before joomla update.
 		$app->triggerEvent('onJoomlaBeforeUpdate');
 
-		// Do we have to use FTP?
-		$method = Factory::getApplication()->getUserStateFromRequest('com_joomlaupdate.method', 'method', 'direct', 'cmd');
-
 		// Get the absolute path to site's root.
 		$siteroot = JPATH_SITE;
 
@@ -529,7 +500,7 @@ public function createRestorationFile($basename = null)
 	'kickstart.tuning.max_exec_time' => '5',
 	'kickstart.tuning.run_time_bias' => '75',
 	'kickstart.tuning.min_exec_time' => '0',
-	'kickstart.procengine' => '$method',
+	'kickstart.procengine' => 'direct',
 	'kickstart.setup.sourcefile' => '$file',
 	'kickstart.setup.destdir' => '$siteroot',
 	'kickstart.setup.restoreperms' => '0',
@@ -539,133 +510,6 @@ public function createRestorationFile($basename = null)
 	'kickstart.setup.postrenamefiles' => false
 ENDDATA;
 
-		if ($method != 'direct')
-		{
-			/*
-			 * Fetch the FTP parameters from the request. Note: The password should be
-			 * allowed as raw mode, otherwise something like !@<sdf34>43H% would be
-			 * sanitised to !@43H% which is just plain wrong.
-			 */
-			$ftp_host = $app->input->get('ftp_host', '');
-			$ftp_port = $app->input->get('ftp_port', '21');
-			$ftp_user = $app->input->get('ftp_user', '');
-			$ftp_pass = addcslashes($app->input->get('ftp_pass', '', 'raw'), "'\\");
-			$ftp_root = $app->input->get('ftp_root', '');
-
-			// Is the tempdir really writable?
-			$writable = @is_writable($tempdir);
-
-			if ($writable)
-			{
-				// Let's be REALLY sure.
-				$fp = @fopen($tempdir . '/test.txt', 'w');
-
-				if ($fp === false)
-				{
-					$writable = false;
-				}
-				else
-				{
-					fclose($fp);
-					unlink($tempdir . '/test.txt');
-				}
-			}
-
-			// If the tempdir is not writable, create a new writable subdirectory.
-			if (!$writable)
-			{
-				$FTPOptions = ClientHelper::getCredentials('ftp');
-				$ftp = FtpClient::getInstance($FTPOptions['host'], $FTPOptions['port'], array(), $FTPOptions['user'], $FTPOptions['pass']);
-				$dest = Path::clean(str_replace(JPATH_ROOT, $FTPOptions['root'], $tempdir . '/admintools'), '/');
-
-				if (!@mkdir($tempdir . '/admintools'))
-				{
-					$ftp->mkdir($dest);
-				}
-
-				if (!@chmod($tempdir . '/admintools', 511))
-				{
-					$ftp->chmod($dest, 511);
-				}
-
-				$tempdir .= '/admintools';
-			}
-
-			// \Just in case the temp-directory was off-root, try using the default tmp directory.
-			$writable = @is_writable($tempdir);
-
-			if (!$writable)
-			{
-				$tempdir = JPATH_ROOT . '/tmp';
-
-				// Does the JPATH_ROOT/tmp directory exist?
-				if (!is_dir($tempdir))
-				{
-					Folder::create($tempdir, 511);
-					$htaccessContents = "order deny,allow\ndeny from all\nallow from none\n";
-					File::write($tempdir . '/.htaccess', $htaccessContents);
-				}
-
-				// If it exists and it is unwritable, try creating a writable admintools subdirectory.
-				if (!is_writable($tempdir))
-				{
-					$FTPOptions = ClientHelper::getCredentials('ftp');
-					$ftp = FtpClient::getInstance($FTPOptions['host'], $FTPOptions['port'], array(), $FTPOptions['user'], $FTPOptions['pass']);
-					$dest = Path::clean(str_replace(JPATH_ROOT, $FTPOptions['root'], $tempdir . '/admintools'), '/');
-
-					if (!@mkdir($tempdir . '/admintools'))
-					{
-						$ftp->mkdir($dest);
-					}
-
-					if (!@chmod($tempdir . '/admintools', 511))
-					{
-						$ftp->chmod($dest, 511);
-					}
-
-					$tempdir .= '/admintools';
-				}
-			}
-
-			// If we still have no writable directory, we'll try /tmp and the system's temp-directory.
-			$writable = @is_writable($tempdir);
-
-			if (!$writable)
-			{
-				if (@is_dir('/tmp') && @is_writable('/tmp'))
-				{
-					$tempdir = '/tmp';
-				}
-				else
-				{
-					// Try to find the system temp path.
-					$tmpfile = @tempnam('dummy', '');
-					$systemp = @dirname($tmpfile);
-					@unlink($tmpfile);
-
-					if (!empty($systemp))
-					{
-						if (@is_dir($systemp) && @is_writable($systemp))
-						{
-							$tempdir = $systemp;
-						}
-					}
-				}
-			}
-
-			$data .= <<<ENDDATA
-	,
-	'kickstart.ftp.ssl' => '0',
-	'kickstart.ftp.passive' => '1',
-	'kickstart.ftp.host' => '$ftp_host',
-	'kickstart.ftp.port' => '$ftp_port',
-	'kickstart.ftp.user' => '$ftp_user',
-	'kickstart.ftp.pass' => '$ftp_pass',
-	'kickstart.ftp.dir' => '$ftp_root',
-	'kickstart.ftp.tempdir' => '$tempdir'
-ENDDATA;
-		}
-
 		$data .= ');';
 
 		// Remove the old file, if it's there...