From b1ceb971c70671270df3bbbb158977a22b4ccdac Mon Sep 17 00:00:00 2001 From: andrepereiradasilva Date: Sun, 27 Nov 2016 23:41:48 +0000 Subject: [PATCH 1/2] protect update sites part 1 --- .../components/com_installer/models/updatesites.php | 1 + .../com_installer/views/updatesites/tmpl/default.php | 6 +++++- administrator/language/en-GB/en-GB.com_installer.ini | 1 + 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/administrator/components/com_installer/models/updatesites.php b/administrator/components/com_installer/models/updatesites.php index a53d55c9f406f..9b68e4997cc1b 100644 --- a/administrator/components/com_installer/models/updatesites.php +++ b/administrator/components/com_installer/models/updatesites.php @@ -419,6 +419,7 @@ protected function getListQuery() 'e.folder', 'e.client_id', 'e.state', + 'e.protected', 'e.manifest_cache', ) ) diff --git a/administrator/components/com_installer/views/updatesites/tmpl/default.php b/administrator/components/com_installer/views/updatesites/tmpl/default.php index 012792721aca9..027f35534b8b0 100644 --- a/administrator/components/com_installer/views/updatesites/tmpl/default.php +++ b/administrator/components/com_installer/views/updatesites/tmpl/default.php @@ -79,7 +79,11 @@ element) : ?> X - enabled, $i, $item->enabled < 2, 'cb'); ?> + protected) : ?> + + + enabled, $i, $item->enabled < 2, 'cb'); ?> + diff --git a/administrator/language/en-GB/en-GB.com_installer.ini b/administrator/language/en-GB/en-GB.com_installer.ini index 2ecc30f0f67a0..0ac665d8ae6f2 100644 --- a/administrator/language/en-GB/en-GB.com_installer.ini +++ b/administrator/language/en-GB/en-GB.com_installer.ini @@ -140,6 +140,7 @@ COM_INSTALLER_MSG_UPDATE_NOUPDATES="There are no updates available at the moment COM_INSTALLER_MSG_UPDATE_SITES_COUNT_CHECK="Some update sites are disabled. You may want to check the Update Sites Manager." COM_INSTALLER_MSG_UPDATE_SUCCESS="Updating %s was successful." COM_INSTALLER_MSG_UPDATE_UPDATE="Update" +COM_INSTALLER_MSG_UPDATESITES_CANNOT_DISABLE_PROTECTED="Cannot disable update sites of protected extensions: %s." COM_INSTALLER_MSG_UPDATESITES_DELETE_ERROR="An error has occurred while trying to delete "_QQ_"%s"_QQ_" update site: %s." COM_INSTALLER_MSG_UPDATESITES_DELETE_CANNOT_DELETE="%s update site cannot be deleted." COM_INSTALLER_MSG_UPDATESITES_N_DELETE_UPDATESITES_DELETED="%s update sites have been deleted." From 1e7d2fc49704e0f6c830c518d3f165831d0e6145 Mon Sep 17 00:00:00 2001 From: andrepereiradasilva Date: Mon, 28 Nov 2016 00:10:02 +0000 Subject: [PATCH 2/2] improvements --- .../com_installer/controllers/updatesites.php | 4 - .../com_installer/models/updatesites.php | 81 ++++++++++++++----- .../language/en-GB/en-GB.com_installer.ini | 3 +- 3 files changed, 61 insertions(+), 27 deletions(-) diff --git a/administrator/components/com_installer/controllers/updatesites.php b/administrator/components/com_installer/controllers/updatesites.php index d82355d9d0248..42e21ab044e04 100644 --- a/administrator/components/com_installer/controllers/updatesites.php +++ b/administrator/components/com_installer/controllers/updatesites.php @@ -71,10 +71,6 @@ public function publish() throw new Exception(implode('
', $model->getErrors()), 500); } - $ntext = ($value == 0) ? 'COM_INSTALLER_N_UPDATESITES_UNPUBLISHED' : 'COM_INSTALLER_N_UPDATESITES_PUBLISHED'; - - $this->setMessage(JText::plural($ntext, count($ids))); - $this->setRedirect(JRoute::_('index.php?option=com_installer&view=updatesites', false)); } diff --git a/administrator/components/com_installer/models/updatesites.php b/administrator/components/com_installer/models/updatesites.php index 9b68e4997cc1b..a9433000730af 100644 --- a/administrator/components/com_installer/models/updatesites.php +++ b/administrator/components/com_installer/models/updatesites.php @@ -71,9 +71,9 @@ protected function populateState($ordering = 'name', $direction = 'asc') } /** - * Enable/Disable an extension. + * Enable/Disable an update site. * - * @param array &$eid Extension ids to un/publish + * @param array &$ids Update site ids to un/publish * @param int $value Publish value * * @return boolean True on success @@ -82,7 +82,7 @@ protected function populateState($ordering = 'name', $direction = 'asc') * * @throws Exception on ACL error */ - public function publish(&$eid = array(), $value = 1) + public function publish(&$ids = array(), $value = 1) { if (!JFactory::getUser()->authorise('core.edit.state', 'com_installer')) { @@ -91,26 +91,56 @@ public function publish(&$eid = array(), $value = 1) $result = true; - // Ensure eid is an array of extension ids - if (!is_array($eid)) + // Ensure ids is an array of update sites ids. + if (!is_array($ids)) { - $eid = array($eid); + $ids = array($ids); } - // Get a table object for the extension type - $table = JTable::getInstance('Updatesite'); + $db = JFactory::getDbo(); + $app = JFactory::getApplication(); + $count = 0; + + // Gets the update site extensions. + $query = $db->getQuery(true) + ->select($db->qn(array('update_site_id', 'extension_id'))) + ->from($db->qn('#__update_sites_extensions')) + ->where($db->qn('update_site_id') . ' IN (' . implode(', ', $ids) . ')'); + $db->setQuery($query); + $updateSitesExtensions = $db->loadObjectList('update_site_id'); + + // Get the table object for the extension and update site. + $extensionTable = JTable::getInstance('Extension'); + $updateSiteTable = JTable::getInstance('Updatesite'); // Enable the update site in the table and store it in the database - foreach ($eid as $i => $id) + foreach ($ids as $i => $id) { - $table->load($id); - $table->enabled = $value; + // Don't allow to (un)published protected extensions update sites. + if ($extensionTable->load($updateSitesExtensions[$id]->extension_id) && $extensionTable->protected) + { + $app->enqueueMessage(JText::sprintf('COM_INSTALLER_MSG_UPDATESITES_CANNOT_DISABLE_PROTECTED', $extensionTable->name), 'error'); + unset($ids[$i]); + continue; + } + + $updateSiteTable->load($id); + $updateSiteTable->enabled = $value; - if (!$table->store()) + if (!$updateSiteTable->store()) { - $this->setError($table->getError()); - $result = false; + $app->enqueueMessage($updateSiteTable->getError(), 'error'); + unset($ids[$i]); + continue; } + + $count++; + } + + if ($count > 0) + { + $ntext = ($value == 0) ? 'COM_INSTALLER_N_UPDATESITES_UNPUBLISHED' : 'COM_INSTALLER_N_UPDATESITES_PUBLISHED'; + $app->enqueueMessage(JText::plural($ntext, count($ids)), 'message'); } return $result; @@ -140,9 +170,8 @@ public function delete($ids = array()) $ids = array($ids); } - $db = JFactory::getDbo(); - $app = JFactory::getApplication(); - + $db = JFactory::getDbo(); + $app = JFactory::getApplication(); $count = 0; // Gets the update site names. @@ -153,16 +182,24 @@ public function delete($ids = array()) $db->setQuery($query); $updateSitesNames = $db->loadObjectList('update_site_id'); - // Gets Joomla core update sites Ids. - $joomlaUpdateSitesIds = $this->getJoomlaUpdateSitesIds(0); + // Gets the update site extensions. + $query = $db->getQuery(true) + ->select($db->qn(array('update_site_id', 'extension_id'))) + ->from($db->qn('#__update_sites_extensions')) + ->where($db->qn('update_site_id') . ' IN (' . implode(', ', $ids) . ')'); + $db->setQuery($query); + $updateSitesExtensions = $db->loadObjectList('update_site_id'); + + // Get the table object for the extension and update site. + $extensionTable = JTable::getInstance('Extension'); // Enable the update site in the table and store it in the database foreach ($ids as $i => $id) { - // Don't allow to delete Joomla Core update sites. - if (in_array((int) $id, $joomlaUpdateSitesIds)) + // Don't allow to delete protected extensions update sites. + if ($extensionTable->load($updateSitesExtensions[$id]->extension_id) && $extensionTable->protected) { - $app->enqueueMessage(JText::sprintf('COM_INSTALLER_MSG_UPDATESITES_DELETE_CANNOT_DELETE', $updateSitesNames[$id]->name), 'error'); + $app->enqueueMessage(JText::sprintf('COM_INSTALLER_MSG_UPDATESITES_CANNOT_DELETE_PROTECTED', $extensionTable->name), 'error'); continue; } diff --git a/administrator/language/en-GB/en-GB.com_installer.ini b/administrator/language/en-GB/en-GB.com_installer.ini index 0ac665d8ae6f2..5679f39948431 100644 --- a/administrator/language/en-GB/en-GB.com_installer.ini +++ b/administrator/language/en-GB/en-GB.com_installer.ini @@ -140,7 +140,8 @@ COM_INSTALLER_MSG_UPDATE_NOUPDATES="There are no updates available at the moment COM_INSTALLER_MSG_UPDATE_SITES_COUNT_CHECK="Some update sites are disabled. You may want to check the Update Sites Manager." COM_INSTALLER_MSG_UPDATE_SUCCESS="Updating %s was successful." COM_INSTALLER_MSG_UPDATE_UPDATE="Update" -COM_INSTALLER_MSG_UPDATESITES_CANNOT_DISABLE_PROTECTED="Cannot disable update sites of protected extensions: %s." +COM_INSTALLER_MSG_UPDATESITES_CANNOT_DELETE_PROTECTED="Cannot delete update sites of protected extensions: %s." +COM_INSTALLER_MSG_UPDATESITES_CANNOT_DISABLE_PROTECTED="Cannot enable or disable update sites of protected extensions: %s." COM_INSTALLER_MSG_UPDATESITES_DELETE_ERROR="An error has occurred while trying to delete "_QQ_"%s"_QQ_" update site: %s." COM_INSTALLER_MSG_UPDATESITES_DELETE_CANNOT_DELETE="%s update site cannot be deleted." COM_INSTALLER_MSG_UPDATESITES_N_DELETE_UPDATESITES_DELETED="%s update sites have been deleted."