Skip to content

Not allowed to core.manage? Use 403 exception (for remaning components) #11608

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 24 commits into from
Aug 15, 2016
Merged

Not allowed to core.manage? Use 403 exception (for remaning components) #11608

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
e245e47
add exception to com_cache
andrepereiradasilva Aug 14, 2016
b60cbd7
Update categories.php
andrepereiradasilva Aug 14, 2016
1783e09
Update checkin.php
andrepereiradasilva Aug 14, 2016
e89512a
Update contact.php
andrepereiradasilva Aug 14, 2016
5567280
Update content.php
andrepereiradasilva Aug 14, 2016
77bd8df
Update contenthistory.php
andrepereiradasilva Aug 14, 2016
08d6609
Update finder.php
andrepereiradasilva Aug 14, 2016
3a0568c
Update installer.php
andrepereiradasilva Aug 14, 2016
d655de8
Update joomlaupdate.php
andrepereiradasilva Aug 14, 2016
b906769
Update languages.php
andrepereiradasilva Aug 14, 2016
2304376
Update media.php
andrepereiradasilva Aug 14, 2016
418fb58
Update menus.php
andrepereiradasilva Aug 14, 2016
1c472cb
Update messages.php
andrepereiradasilva Aug 14, 2016
1c95755
Update modules.php
andrepereiradasilva Aug 14, 2016
f82c848
Update newsfeeds.php
andrepereiradasilva Aug 14, 2016
4e91004
Update redirect.php
andrepereiradasilva Aug 14, 2016
6a077e4
Update search.php
andrepereiradasilva Aug 14, 2016
cde3516
Update tags.php
andrepereiradasilva Aug 14, 2016
977a65d
Update templates.php
andrepereiradasilva Aug 14, 2016
f771b38
Update users.php
andrepereiradasilva Aug 14, 2016
aec0e60
Update templates.php
andrepereiradasilva Aug 14, 2016
68787b3
Merge remote-tracking branch 'refs/remotes/joomla/staging' into 403-e…
andrepereiradasilva Aug 15, 2016
eb483ad
move to JAccessExceptionNotallowed
andrepereiradasilva Aug 15, 2016
bb75a88
move to JAccessExceptionNotallowed 2
andrepereiradasilva Aug 15, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion administrator/components/com_banners/banners.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@

if (!JFactory::getUser()->authorise('core.manage', 'com_banners'))
{
throw new JControllerExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
throw new JAccessExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
}

// Execute the task.
Expand Down
2 changes: 1 addition & 1 deletion administrator/components/com_cache/cache.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@

if (!JFactory::getUser()->authorise('core.manage', 'com_cache'))
{
return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
throw new JAccessExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
}

$controller = JControllerLegacy::getInstance('Cache');
Expand Down
2 changes: 1 addition & 1 deletion administrator/components/com_categories/categories.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@

if (!JFactory::getUser()->authorise('core.manage', $component))
{
return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
throw new JAccessExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
}

JLoader::register('JHtmlCategoriesAdministrator', JPATH_ADMINISTRATOR . '/components/com_categories/helpers/html/categoriesadministrator.php');
Expand Down
2 changes: 1 addition & 1 deletion administrator/components/com_checkin/checkin.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@

if (!JFactory::getUser()->authorise('core.manage', 'com_checkin'))
{
return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
throw new JAccessExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
}

$controller = JControllerLegacy::getInstance('Checkin');
Expand Down
2 changes: 1 addition & 1 deletion administrator/components/com_contact/contact.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@

if (!JFactory::getUser()->authorise('core.manage', 'com_contact'))
{
return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
throw new JAccessExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
}

$controller = JControllerLegacy::getInstance('contact');
Expand Down
2 changes: 1 addition & 1 deletion administrator/components/com_content/content.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@

if (!JFactory::getUser()->authorise('core.manage', 'com_content'))
{
return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
throw new JAccessExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
}

JLoader::register('ContentHelper', __DIR__ . '/helpers/content.php');
Expand Down
2 changes: 1 addition & 1 deletion administrator/components/com_contenthistory/contenthistory.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
// Disallow unauthenticated users
if (JFactory::getUser()->guest)
{
return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
throw new JAccessExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
}

$controller = JControllerLegacy::getInstance('Contenthistory', array('base_path' => JPATH_COMPONENT_ADMINISTRATOR));
Expand Down
2 changes: 1 addition & 1 deletion administrator/components/com_finder/finder.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@

if (!JFactory::getUser()->authorise('core.manage', 'com_finder'))
{
return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
throw new JAccessExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
}

$controller = JControllerLegacy::getInstance('Finder');
Expand Down
2 changes: 1 addition & 1 deletion administrator/components/com_installer/installer.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@

if (!JFactory::getUser()->authorise('core.manage', 'com_installer'))
{
return JError::raiseWarning(403, JText::_('JERROR_ALERTNOAUTHOR'));
throw new JAccessExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
}

$controller = JControllerLegacy::getInstance('Installer');
Expand Down
2 changes: 1 addition & 1 deletion administrator/components/com_joomlaupdate/joomlaupdate.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@

if (!JFactory::getUser()->authorise('core.manage', 'com_joomlaupdate'))
{
return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
throw new JAccessExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
}

$controller = JControllerLegacy::getInstance('Joomlaupdate');
Expand Down
2 changes: 1 addition & 1 deletion administrator/components/com_languages/languages.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@

if (!JFactory::getUser()->authorise('core.manage', 'com_languages'))
{
return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
throw new JAccessExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
}

$controller = JControllerLegacy::getInstance('Languages');
Expand Down
2 changes: 1 addition & 1 deletion administrator/components/com_media/media.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
&& count($user->getAuthorisedCategories($asset, 'core.create')) == 0)
&& !($user->id == $author && $user->authorise('core.edit.own', $asset))))
{
return JError::raiseWarning(403, JText::_('JERROR_ALERTNOAUTHOR'));
throw new JAccessExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
}

$params = JComponentHelper::getParams('com_media');
Expand Down
2 changes: 1 addition & 1 deletion administrator/components/com_menus/menus.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@

if (!JFactory::getUser()->authorise('core.manage', 'com_menus'))
{
return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
throw new JAccessExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
}

$controller = JControllerLegacy::getInstance('Menus');
Expand Down
2 changes: 1 addition & 1 deletion administrator/components/com_messages/messages.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@

if (!JFactory::getUser()->authorise('core.manage', 'com_messages'))
{
return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
throw new JAccessExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
}

$task = JFactory::getApplication()->input->get('task');
Expand Down
2 changes: 1 addition & 1 deletion administrator/components/com_modules/modules.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@

if (!JFactory::getUser()->authorise('core.manage', 'com_modules'))
{
return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
throw new JAccessExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
}

$controller = JControllerLegacy::getInstance('Modules');
Expand Down
2 changes: 1 addition & 1 deletion administrator/components/com_newsfeeds/newsfeeds.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@

if (!JFactory::getUser()->authorise('core.manage', 'com_newsfeeds'))
{
return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
throw new JAccessExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
}

$controller = JControllerLegacy::getInstance('Newsfeeds');
Expand Down
2 changes: 1 addition & 1 deletion administrator/components/com_plugins/plugins.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@

if (!JFactory::getUser()->authorise('core.manage', 'com_plugins'))
{
throw new JControllerExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
throw new JAccessExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
}

$controller = JControllerLegacy::getInstance('Plugins');
Expand Down
2 changes: 1 addition & 1 deletion administrator/components/com_redirect/redirect.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@

if (!JFactory::getUser()->authorise('core.manage', 'com_redirect'))
{
return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
throw new JAccessExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
}

$controller = JControllerLegacy::getInstance('Redirect');
Expand Down
2 changes: 1 addition & 1 deletion administrator/components/com_search/search.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@

if (!JFactory::getUser()->authorise('core.manage', 'com_search'))
{
return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
throw new JAccessExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
}

$controller = JControllerLegacy::getInstance('Search');
Expand Down
2 changes: 1 addition & 1 deletion administrator/components/com_tags/tags.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@

if (!JFactory::getUser()->authorise('core.manage', 'com_tags'))
{
return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
throw new JAccessExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
}

$controller = JControllerLegacy::getInstance('Tags');
Expand Down
9 changes: 2 additions & 7 deletions administrator/components/com_templates/templates.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,9 @@
defined('_JEXEC') or die;
JHtml::_('behavior.tabstate');

$app = JFactory::getApplication();
$user = JFactory::getUser();

if (!$user->authorise('core.manage', 'com_templates'))
if (!JFactory::getUser()->authorise('core.manage', 'com_templates'))
{
$app->enqueueMessage(JText::_('JERROR_ALERTNOAUTHOR'), 'error');

return false;
throw new JAccessExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
}

JLoader::register('TemplatesHelper', __DIR__ . '/helpers/templates.php');
Expand Down
2 changes: 1 addition & 1 deletion administrator/components/com_users/users.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@

if (!JFactory::getUser()->authorise('core.manage', 'com_users'))
{
return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
throw new JAccessExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
}

JLoader::register('UsersHelper', __DIR__ . '/helpers/users.php');
Expand Down
6 changes: 3 additions & 3 deletions ...oomla/controller/exception/notallowed.php → ...es/joomla/access/exception/notallowed.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?php
/**
* @package Joomla.Platform
* @subpackage Controller
* @subpackage Access
*
* @copyright Copyright (C) 2005 - 2016 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE
Expand All @@ -10,10 +10,10 @@
defined('JPATH_PLATFORM') or die;

/**
* Exception class defining an not allowed controller access
* Exception class defining an not allowed access
*
* @since __DEPLOY_VERSION__
*/
class JControllerExceptionNotallowed extends RuntimeException
class JAccessExceptionNotallowed extends RuntimeException
{
}