joomla · wilsonge · Mar 14, 2020 · Sep 4, 2017 · Sep 5, 2017 · Sep 5, 2017
diff --git a/administrator/components/com_categories/forms/category.xml b/administrator/components/com_categories/forms/category.xml
@@ -17,6 +17,7 @@
 		default="0"
 		class="readonly"
 		readonly="true"
+		filter="unset"
 	/>
 
 	<field

diff --git a/administrator/components/com_fields/src/Field/FieldLayoutField.php b/administrator/components/com_fields/src/Field/FieldLayoutField.php
@@ -43,7 +43,8 @@ class FieldLayoutField extends FormField
 	 */
 	protected function getInput()
 	{
-		$extension = explode('.', $this->form->getValue('context'))[0];
+		$extension = explode('.', $this->form->getValue('context'));
+		$extension = $extension[0];
 
 		if ($extension)
 		{

diff --git a/administrator/components/com_fields/src/Model/FieldModel.php b/administrator/components/com_fields/src/Model/FieldModel.php
@@ -255,7 +255,7 @@ public function save($data)
 	private function checkDefaultValue($data)
 	{
 		// Empty default values are correct
-		if (empty($data['default_value']))
+		if (empty($data['default_value']) && $data['default_value'] !== '0')
 		{
 			return true;
 		}

diff --git a/administrator/components/com_media/src/Controller/ApiController.php b/administrator/components/com_media/src/Controller/ApiController.php
@@ -354,7 +354,7 @@ private function checkContent()
 		$params = ComponentHelper::getParams('com_media');
 
 		$helper       = new MediaHelper;
-		$serverlength = $this->input->server->get('CONTENT_LENGTH');
+		$serverlength = $this->input->server->getInt('CONTENT_LENGTH');
 
 		if ($serverlength > ($params->get('upload_maxsize', 0) * 1024 * 1024)
 			|| $serverlength > $helper->toBytes(ini_get('upload_max_filesize'))

diff --git a/administrator/components/com_menus/forms/item_url.xml b/administrator/components/com_menus/forms/item_url.xml
@@ -30,11 +30,14 @@
 				<option value="license"/>
 				<option value="next"/>
 				<option value="nofollow"/>
+				<option value="noopener"/>
 				<option value="noreferrer"/>
 				<option value="prefetch"/>
 				<option value="prev"/>
 				<option value="search"/>
+				<option value="sponsored"/>
 				<option value="tag"/>
+				<option value="ugc"/>
 			</field>
 
 			<field

diff --git a/administrator/components/com_menus/src/Controller/MenuController.php b/administrator/components/com_menus/src/Controller/MenuController.php
@@ -68,7 +68,7 @@ public function save($key = null, $urlVar = null)
 			$this->setMessage(Text::_('COM_MENUS_ERROR_MENUTYPE'), 'error');
 
 			// Redirect back to the edit screen.
-			$this->setRedirect(Route::_('index.php?option=com_menus&view=menu&layout=edit', false));
+			$this->setRedirect(Route::_('index.php?option=com_menus&view=menu&layout=edit' . $this->getRedirectToItemAppend($recordId), false));
 
 			return false;
 		}
@@ -113,7 +113,7 @@ public function save($key = null, $urlVar = null)
 			$app->setUserState($context . '.data', $data);
 
 			// Redirect back to the edit screen.
-			$this->setRedirect(Route::_('index.php?option=com_menus&view=menu&layout=edit', false));
+			$this->setRedirect(Route::_('index.php?option=com_menus&view=menu&layout=edit' . $this->getRedirectToItemAppend($recordId), false));
 
 			return false;
 		}
@@ -133,7 +133,7 @@ public function save($key = null, $urlVar = null)
 
 			// Redirect back to the edit screen.
 			$this->setMessage(Text::sprintf('JLIB_APPLICATION_ERROR_SAVE_FAILED', $model->getError()), 'error');
-			$this->setRedirect(Route::_('index.php?option=com_menus&view=menu&layout=edit', false));
+			$this->setRedirect(Route::_('index.php?option=com_menus&view=menu&layout=edit' . $this->getRedirectToItemAppend($recordId), false));
 
 			return false;
 		}
@@ -168,6 +168,7 @@ public function save($key = null, $urlVar = null)
 				// Set the record data in the session.
 				$recordId = $model->getState($this->context . '.id');
 				$this->holdEditId($context, $recordId);
+				$app->setUserState($context . '.data', null);
 
 				// Redirect back to the edit screen.
 				$this->setRedirect(Route::_('index.php?option=com_menus&view=menu&layout=edit' . $this->getRedirectToItemAppend($recordId), false));

diff --git a/administrator/components/com_tags/forms/tag.xml b/administrator/components/com_tags/forms/tag.xml
@@ -16,6 +16,7 @@
 		class="readonly"
 		default="0"
 		readonly="true"
+		filter="unset"
 	/>
 
 	<field

diff --git a/administrator/components/com_templates/src/Controller/TemplateController.php b/administrator/components/com_templates/src/Controller/TemplateController.php
@@ -155,6 +155,14 @@ public function copy()
 		$templateID = $this->input->getInt('id', 0);
 		$file       = $this->input->get('file');
 
+		// Access check.
+		if (!$this->allowEdit())
+		{
+			$app->enqueueMessage(Text::_('JLIB_APPLICATION_ERROR_SAVE_NOT_PERMITTED'), 'error');
+
+			return false;
+		}
+
 		$this->setRedirect('index.php?option=com_templates&view=template&id=' . $templateID . '&file=' . $file);
 
 		/* @var \Joomla\Component\Templates\Administrator\Model\TemplateModel $model */
@@ -260,19 +268,7 @@ public function getModel($name = 'Template', $prefix = 'Administrator', $config
 	 */
 	protected function allowEdit()
 	{
-		return $this->app->getIdentity()->authorise('core.edit', 'com_templates');
-	}
-
-	/**
-	 * Method to check if you can save a new or existing record.
-	 *
-	 * @return  boolean
-	 *
-	 * @since   3.2
-	 */
-	protected function allowSave()
-	{
-		return $this->allowEdit();
+		return $this->app->getIdentity()->authorise('core.admin');
 	}
 
 	/**
@@ -296,7 +292,7 @@ public function save()
 		$explodeArray = explode(':', base64_decode($fileName));
 
 		// Access check.
-		if (!$this->allowSave())
+		if (!$this->allowEdit())
 		{
 			$this->setMessage(Text::_('JLIB_APPLICATION_ERROR_SAVE_NOT_PERMITTED'), 'error');
 
@@ -411,6 +407,14 @@ public function overrides()
 		$override = base64_decode($this->input->get('folder'));
 		$id       = $this->input->get('id');
 
+		// Access check.
+		if (!$this->allowEdit())
+		{
+			$this->app->enqueueMessage(Text::_('JLIB_APPLICATION_ERROR_SAVE_NOT_PERMITTED'), 'error');
+
+			return;
+		}
+
 		if ($model->createOverride($override))
 		{
 			$this->setMessage(Text::_('COM_TEMPLATES_OVERRIDE_SUCCESS'));
@@ -438,6 +442,14 @@ public function delete()
 		$id    = $this->input->get('id');
 		$file  = $this->input->get('file');
 
+		// Access check.
+		if (!$this->allowEdit())
+		{
+			$this->app->enqueueMessage(Text::_('JLIB_APPLICATION_ERROR_SAVE_NOT_PERMITTED'), 'error');
+
+			return;
+		}
+
 		if (base64_decode(urldecode($file)) == '/index.php')
 		{
 			$this->setMessage(Text::_('COM_TEMPLATES_ERROR_INDEX_DELETE'), 'warning');
@@ -479,6 +491,14 @@ public function createFile()
 		$location = base64_decode($this->input->get('address'));
 		$type     = $this->input->get('type');
 
+		// Access check.
+		if (!$this->allowEdit())
+		{
+			$this->app->enqueueMessage(Text::_('JLIB_APPLICATION_ERROR_SAVE_NOT_PERMITTED'), 'error');
+
+			return;
+		}
+
 		if ($type == 'null')
 		{
 			$this->setMessage(Text::_('COM_TEMPLATES_INVALID_FILE_TYPE'), 'error');
@@ -525,6 +545,14 @@ public function uploadFile()
 		$upload   = $this->input->files->get('files');
 		$location = base64_decode($this->input->get('address'));
 
+		// Access check.
+		if (!$this->allowEdit())
+		{
+			$this->app->enqueueMessage(Text::_('JLIB_APPLICATION_ERROR_SAVE_NOT_PERMITTED'), 'error');
+
+			return;
+		}
+
 		if ($return = $model->uploadFile($upload, $location))
 		{
 			$this->setMessage(Text::_('COM_TEMPLATES_FILE_UPLOAD_SUCCESS') . $upload['name']);
@@ -559,6 +587,14 @@ public function createFolder()
 		$name     = $this->input->get('name');
 		$location = base64_decode($this->input->get('address'));
 
+		// Access check.
+		if (!$this->allowEdit())
+		{
+			$this->app->enqueueMessage(Text::_('JLIB_APPLICATION_ERROR_SAVE_NOT_PERMITTED'), 'error');
+
+			return;
+		}
+
 		if (!preg_match('/^[a-zA-Z0-9-_.]+$/', $name))
 		{
 			$this->setMessage(Text::_('COM_TEMPLATES_INVALID_FOLDER_NAME'), 'error');
@@ -597,6 +633,14 @@ public function deleteFolder()
 		$file     = $this->input->get('file');
 		$location = base64_decode($this->input->get('address'));
 
+		// Access check.
+		if (!$this->allowEdit())
+		{
+			$this->app->enqueueMessage(Text::_('JLIB_APPLICATION_ERROR_SAVE_NOT_PERMITTED'), 'error');
+
+			return;
+		}
+
 		if (empty($location))
 		{
 			$this->setMessage(Text::_('COM_TEMPLATES_ERROR_ROOT_DELETE'), 'warning');
@@ -641,6 +685,14 @@ public function renameFile()
 		$file    = $this->input->get('file');
 		$newName = $this->input->get('new_name');
 
+		// Access check.
+		if (!$this->allowEdit())
+		{
+			$this->app->enqueueMessage(Text::_('JLIB_APPLICATION_ERROR_SAVE_NOT_PERMITTED'), 'error');
+
+			return;
+		}
+
 		if (base64_decode(urldecode($file)) == '/index.php')
 		{
 			$this->setMessage(Text::_('COM_TEMPLATES_ERROR_RENAME_INDEX'), 'warning');
@@ -676,6 +728,9 @@ public function renameFile()
 	 */
 	public function cropImage()
 	{
+		// Check for request forgeries
+		$this->checkToken();
+
 		$id    = $this->input->get('id');
 		$file  = $this->input->get('file');
 		$x     = $this->input->get('x');
@@ -686,6 +741,14 @@ public function cropImage()
 		/** @var \Joomla\Component\Templates\Administrator\Model\TemplateModel $model */
 		$model = $this->getModel();
 
+		// Access check.
+		if (!$this->allowEdit())
+		{
+			$this->app->enqueueMessage(Text::_('JLIB_APPLICATION_ERROR_SAVE_NOT_PERMITTED'), 'error');
+
+			return;
+		}
+
 		if (empty($w) && empty($h) && empty($x) && empty($y))
 		{
 			$this->setMessage(Text::_('COM_TEMPLATES_CROP_AREA_ERROR'), 'error');
@@ -715,6 +778,9 @@ public function cropImage()
 	 */
 	public function resizeImage()
 	{
+		// Check for request forgeries
+		$this->checkToken();
+
 		$id     = $this->input->get('id');
 		$file   = $this->input->get('file');
 		$width  = $this->input->get('width');
@@ -723,6 +789,14 @@ public function resizeImage()
 		/** @var \Joomla\Component\Templates\Administrator\Model\TemplateModel $model */
 		$model  = $this->getModel();
 
+		// Access check.
+		if (!$this->allowEdit())
+		{
+			$this->app->enqueueMessage(Text::_('JLIB_APPLICATION_ERROR_SAVE_NOT_PERMITTED'), 'error');
+
+			return;
+		}
+
 		if ($model->resizeImage($file, $width, $height))
 		{
 			$this->setMessage(Text::_('COM_TEMPLATES_FILE_RESIZE_SUCCESS'));
@@ -757,6 +831,14 @@ public function copyFile()
 		/** @var \Joomla\Component\Templates\Administrator\Model\TemplateModel $model */
 		$model    = $this->getModel();
 
+		// Access check.
+		if (!$this->allowEdit())
+		{
+			$this->app->enqueueMessage(Text::_('JLIB_APPLICATION_ERROR_SAVE_NOT_PERMITTED'), 'error');
+
+			return;
+		}
+
 		if (!preg_match('/^[a-zA-Z0-9-_]+$/', $newName))
 		{
 			$this->setMessage(Text::_('COM_TEMPLATES_INVALID_FILE_NAME'), 'error');
@@ -794,6 +876,14 @@ public function extractArchive()
 		/** @var \Joomla\Component\Templates\Administrator\Model\TemplateModel $model */
 		$model = $this->getModel();
 
+		// Access check.
+		if (!$this->allowEdit())
+		{
+			$this->app->enqueueMessage(Text::_('JLIB_APPLICATION_ERROR_SAVE_NOT_PERMITTED'), 'error');
+
+			return;
+		}
+
 		if ($model->extractArchive($file))
 		{
 			$this->setMessage(Text::_('COM_TEMPLATES_FILE_ARCHIVE_EXTRACT_SUCCESS'));

diff --git a/administrator/language/en-GB/plg_fields_sql.ini b/administrator/language/en-GB/plg_fields_sql.ini
@@ -4,7 +4,7 @@
 ; Note : All ini files need to be saved as UTF-8
 
 PLG_FIELDS_SQL="Fields - SQL"
-PLG_FIELDS_SQL_CREATE_NOT_POSSIBLE="Only a Super User can create an SQL field!"
+PLG_FIELDS_SQL_CREATE_NOT_POSSIBLE="Only a Super User can create or edit an SQL field!"
 PLG_FIELDS_SQL_LABEL="SQL (%s)"
 PLG_FIELDS_SQL_PARAMS_MULTIPLE_LABEL="Multiple"
 ; In the string below the terms 'value' and 'text' should not be translated

diff --git a/components/com_contact/src/View/Contact/HtmlView.php b/components/com_contact/src/View/Contact/HtmlView.php
@@ -117,6 +117,7 @@ public function display($tpl = null)
 		$item       = $this->get('Item');
 		$this->form = $this->get('Form');
 		$params     = $state->get('params');
+		$contacts   = array();
 
 		$temp = clone $params;
 
@@ -154,7 +155,8 @@ public function display($tpl = null)
 			$item->params = $temp;
 		}
 
-		if ($item)
+		// Collect extra contact information when this information is required
+		if ($item && $item->params->get('show_contact_list'))
 		{
 			// Get Category Model data
 			$categoryModel = new \Joomla\Component\Contact\Site\Model\CategoryModel(array('ignore_request' => true));

diff --git a/components/com_content/src/Model/FeaturedModel.php b/components/com_content/src/Model/FeaturedModel.php
@@ -15,6 +15,7 @@
 use Joomla\Component\Content\Administrator\Extension\ContentComponent;
 use Joomla\Component\Content\Site\Helper\QueryHelper;
 use Joomla\Registry\Registry;
+use Joomla\Utilities\ArrayHelper;
 
 /**
  * Frontpage Component Model
@@ -168,7 +169,7 @@ protected function getListQuery()
 
 		if (is_array($featuredCategories) && !in_array('', $featuredCategories))
 		{
-			$query->where('a.catid IN (' . implode(',', $featuredCategories) . ')');
+			$query->where('a.catid IN (' . implode(',', ArrayHelper::toInteger($featuredCategories)) . ')');
 		}
 
 		return $query;