Merge branch '4.0-dev' into 4.0_dashboardmenu

Author: infograf768

installation/sql/mysql/joomla.sql

@@ -633,7 +633,7 @@ INSERT INTO `#__extensions` (`package_id`, `name`, `type`, `element`, `folder`,
 (0, 'plg_quickicon_extensionupdate', 'plugin', 'extensionupdate', 'quickicon', 0, 1, 1, 1, '', '', 0, '0000-00-00 00:00:00', 0, 0),
 (0, 'plg_captcha_recaptcha', 'plugin', 'recaptcha', 'captcha', 0, 0, 1, 0, '', '{"public_key":"","private_key":"","theme":"clean"}', 0, '0000-00-00 00:00:00', 0, 0),
 (0, 'plg_system_highlight', 'plugin', 'highlight', 'system', 0, 1, 1, 0, '', '', 0, '0000-00-00 00:00:00', 7, 0),
-(0, 'plg_content_finder', 'plugin', 'finder', 'content', 0, 0, 1, 0, '', '', 0, '0000-00-00 00:00:00', 0, 0),
+(0, 'plg_content_finder', 'plugin', 'finder', 'content', 0, 1, 1, 0, '', '', 0, '0000-00-00 00:00:00', 0, 0),
 (0, 'plg_finder_categories', 'plugin', 'categories', 'finder', 0, 1, 1, 0, '', '', 0, '0000-00-00 00:00:00', 1, 0),
 (0, 'plg_finder_contacts', 'plugin', 'contacts', 'finder', 0, 1, 1, 0, '', '', 0, '0000-00-00 00:00:00', 2, 0),
 (0, 'plg_finder_content', 'plugin', 'content', 'finder', 0, 1, 1, 0, '', '', 0, '0000-00-00 00:00:00', 3, 0),

installation/sql/postgresql/joomla.sql

@@ -644,7 +644,7 @@ INSERT INTO "#__extensions" ("package_id", "name", "type", "element", "folder",
 (0, 'plg_quickicon_extensionupdate', 'plugin', 'extensionupdate', 'quickicon', 0, 1, 1, 1, '', '', 0, '1970-01-01 00:00:00', 0, 0),
 (0, 'plg_captcha_recaptcha', 'plugin', 'recaptcha', 'captcha', 0, 0, 1, 0, '', '{"public_key":"","private_key":"","theme":"clean"}', 0, '1970-01-01 00:00:00', 0, 0),
 (0, 'plg_system_highlight', 'plugin', 'highlight', 'system', 0, 1, 1, 0, '', '', 0, '1970-01-01 00:00:00', 7, 0),
-(0, 'plg_content_finder', 'plugin', 'finder', 'content', 0, 0, 1, 0, '', '', 0, '1970-01-01 00:00:00', 0, 0),
+(0, 'plg_content_finder', 'plugin', 'finder', 'content', 0, 1, 1, 0, '', '', 0, '1970-01-01 00:00:00', 0, 0),
 (0, 'plg_finder_categories', 'plugin', 'categories', 'finder', 0, 1, 1, 0, '', '', 0, '1970-01-01 00:00:00', 1, 0),
 (0, 'plg_finder_contacts', 'plugin', 'contacts', 'finder', 0, 1, 1, 0, '', '', 0, '1970-01-01 00:00:00', 2, 0),
 (0, 'plg_finder_content', 'plugin', 'content', 'finder', 0, 1, 1, 0, '', '', 0, '1970-01-01 00:00:00', 3, 0),

libraries/src/User/User.php

@@ -401,22 +401,27 @@ public function getAuthorisedCategories($component, $action)
 		$db = Factory::getDbo();
 
 		$subQuery = $db->getQuery(true)
-			->select('id,asset_id')
-			->from('#__categories')
-			->where('extension = ' . $db->quote($component))
-			->where('published = 1');
+			->select($db->quoteName(['id', 'asset_id']))
+			->from($db->quoteName('#__categories'))
+			->where(
+				[
+					$db->quoteName('extension') . ' = :component',
+					$db->quoteName('published') . ' = 1',
+				]
+			);
 
 		$query = $db->getQuery(true)
-			->select('c.id AS id, a.name AS asset_name')
-			->from('(' . (string) $subQuery . ') AS c')
-			->join('INNER', '#__assets AS a ON c.asset_id = a.id');
+			->select($db->quoteName(['c.id', 'a.name']))
+			->from('(' . $subQuery . ') AS ' . $db->quoteName('c'))
+			->join('INNER', $db->quoteName('#__assets', 'a'), $db->quoteName('c.asset_id') . ' = ' . $db->quoteName('a.id'))
+			->bind(':component', $component);
 		$db->setQuery($query);
 		$allCategories = $db->loadObjectList('id');
 		$allowedCategories = array();
 
 		foreach ($allCategories as $category)
 		{
-			if ($this->authorise($action, $category->asset_name))
+			if ($this->authorise($action, $category->name))
 			{
 				$allowedCategories[] = (int) $category->id;
 			}

libraries/src/User/UserFactory.php

@@ -65,8 +65,9 @@ public function loadUserByUsername(string $username): User
 		$query = $this->db->getQuery(true)
 			->select($this->db->quoteName('id'))
 			->from($this->db->quoteName('#__users'))
-			->where($this->db->quoteName('username') . ' = ' . $this->db->quote($username));
-		$query->setLimit(1, 0);
+			->where($this->db->quoteName('username') . ' = :username')
+			->bind(':username', $username)
+			->setLimit(1);
 		$this->db->setQuery($query);
 
 		return $this->loadUserById((int) $this->db->loadResult());

libraries/src/User/UserHelper.php

@@ -26,6 +26,7 @@
 use Joomla\CMS\Object\CMSObject;
 use Joomla\CMS\Plugin\PluginHelper;
 use Joomla\CMS\Uri\Uri;
+use Joomla\Database\ParameterType;
 use Joomla\Utilities\ArrayHelper;
 
 /**
@@ -108,8 +109,12 @@ abstract class UserHelper
 	 */
 	public static function addUserToGroup($userId, $groupId)
 	{
+		// Cast as integer until method is typehinted.
+		$userId  = (int) $userId;
+		$groupId = (int) $groupId;
+
 		// Get the user object.
-		$user = new User((int) $userId);
+		$user = new User($userId);
 
 		// Add the user to the group if necessary.
 		if (!in_array($groupId, $user->groups))
@@ -119,7 +124,8 @@ public static function addUserToGroup($userId, $groupId)
 			$query = $db->getQuery(true)
 				->select($db->quoteName('id'))
 				->from($db->quoteName('#__usergroups'))
-				->where($db->quoteName('id') . ' = ' . (int) $groupId);
+				->where($db->quoteName('id') . ' = :groupId')
+				->bind(':groupId', $groupId, ParameterType::INTEGER);
 			$db->setQuery($query);
 
 			// If the group does not exist, return an exception.
@@ -136,7 +142,7 @@ public static function addUserToGroup($userId, $groupId)
 		}
 
 		// Set the group data for any preloaded user objects.
-		$temp         = User::getInstance((int) $userId);
+		$temp         = User::getInstance($userId);
 		$temp->groups = $user->groups;
 
 		if (Factory::getSession()->getId())
@@ -234,9 +240,9 @@ public static function setUserGroups($userId, $groups)
 		// Get the titles for the user groups.
 		$db = Factory::getDbo();
 		$query = $db->getQuery(true)
-			->select($db->quoteName('id') . ', ' . $db->quoteName('title'))
+			->select($db->quoteName(['id', 'title']))
 			->from($db->quoteName('#__usergroups'))
-			->where($db->quoteName('id') . ' = ' . implode(' OR ' . $db->quoteName('id') . ' = ', $user->groups));
+			->whereIn($db->quoteName('id'), $user->groups);
 		$db->setQuery($query);
 		$results = $db->loadObjectList();
 
@@ -307,22 +313,25 @@ public static function getProfile($userId = 0)
 	 */
 	public static function activateUser($activation)
 	{
-		$db = Factory::getDbo();
+		$db       = Factory::getDbo();
+		$nullDate = $db->getNullDate();
 
 		// Let's get the id of the user we want to activate
 		$query = $db->getQuery(true)
 			->select($db->quoteName('id'))
 			->from($db->quoteName('#__users'))
-			->where($db->quoteName('activation') . ' = ' . $db->quote($activation))
+			->where($db->quoteName('activation') . ' = :activation')
 			->where($db->quoteName('block') . ' = 1')
-			->where($db->quoteName('lastvisitDate') . ' = ' . $db->quote($db->getNullDate()));
+			->where($db->quoteName('lastvisitDate') . ' = :nullDate')
+			->bind(':activation', $activation)
+			->bind(':nullDate', $nullDate);
 		$db->setQuery($query);
 		$id = (int) $db->loadResult();
 
 		// Is it a valid user to activate?
 		if ($id)
 		{
-			$user = User::getInstance((int) $id);
+			$user = User::getInstance($id);
 
 			$user->set('block', '0');
 			$user->set('activation', '');
@@ -361,8 +370,10 @@ public static function getUserId($username)
 		$query = $db->getQuery(true)
 			->select($db->quoteName('id'))
 			->from($db->quoteName('#__users'))
-			->where($db->quoteName('username') . ' = ' . $db->quote($username));
-		$db->setQuery($query, 0, 1);
+			->where($db->quoteName('username') . ' = :username')
+			->bind(':username', $username)
+			->setLimit(1);
+		$db->setQuery($query);
 
 		return $db->loadResult();
 	}