Since Joomla! 3.5 a statistics plugin will submit anonymous data to the Joomla Project. This will only submit the Joomla version, PHP version, database engine and version, and server operating system.
This data is collected to ensure that future versions of Joomla can take advantage of the latest database and PHP features without affecting significant numbers of users. The need for this became clear when a minimum of PHP 5.3.10 was required when Joomla! 3.3 implemented the more secure Bcrypt passwords.
In the interest of full transparency and to help developers this data is publicly available. An API and graphs will show the Joomla version, PHP versions and database engines in use.
If you do not wish to provide the Joomla Project with this information you can disable the plugin called System - Joomla Statistics.
As part of our security team's review, we have made some changes to the default settings in a new Joomla installation. As these changes are only applied to new installations, we strongly recommend that you review these changes and update your site.
The changed settings are:
We have created a dedicated documentation page explaining these changes.
Whitelist allows only the tags listed in the Filter Tags and Filter Attributes fields.
No HTML removes all HTML tags from the content when it is saved.
Please note that these settings work regardless of the editor that you are using. Even if you are using a WYSIWYG editor, the filtering settings may strip additional tags and attributes prior to saving information in the database." +JGLOBAL_FILTER_TYPE_DESC="1. DisallowList allows all tags and attributes except for those in the disallow list.-- Tags for the Default DisallowList include: 'applet', 'body', 'bgsound', 'base', 'basefont', 'canvas', 'embed', 'frame', 'frameset', 'head', 'html', 'id', 'iframe', 'ilayer', 'layer', 'link', 'meta', 'name', 'object', 'script', 'style', 'title', 'xml'-- Attributes for the Default DisallowList include: 'action', 'background', 'codebase', 'dynsrc', 'lowsrc', 'formaction'-- You can disallow additional tags and attributes by adding to the Filter Tags and Filter Attributes fields, separating each tag or attribute name with a comma.-- Custom DisallowList allows you to override the Default DisallowList. Add the tags and attributes to be disallowed in the Filter Tags and Filter Attributes fields.
AllowList allows only the tags listed in the Filter Tags and Filter Attributes fields.
Please note that these settings work regardless of the editor that you are using. Even if you are using a WYSIWYG editor, the filtering settings may strip additional tags and attributes prior to saving information in the database." JGLOBAL_FILTER_TYPE_LABEL="Filter Type1" JGLOBAL_FILTERED_BY="Filtered by:" JGLOBAL_FULL_TEXT="Full Text" @@ -1017,10 +1017,10 @@ JWARNING_UNPUBLISH_MUST_SELECT="You must select at least one item to unpublish." JWORKFLOW="Workflow: %s" JWORKFLOW_ENABLED_LABEL="Enable Workflow" JWORKFLOW_EXECUTE_TRANSITION="Select the transition to execute on this item." -JWORKFLOW_EXTENSION_BLACKLIST_DESCRIPTION="Disable this plugin for listed extensions." -JWORKFLOW_EXTENSION_BLACKLIST_LABEL="Extension Blacklist" -JWORKFLOW_EXTENSION_WHITELIST_DESCRIPTION="Activate this plugin only for listed extensions. If used all other extensions are disabled." -JWORKFLOW_EXTENSION_WHITELIST_LABEL="Extension Whitelist" +JWORKFLOW_EXTENSION_DISALLOW_LIST_DESCRIPTION="Disable this plugin for listed extensions." +JWORKFLOW_EXTENSION_DISALLOW_LIST_LABEL="Extension DisallowList" +JWORKFLOW_EXTENSION_ALLOW_LIST_DESCRIPTION="Activate this plugin only for listed extensions. If used all other extensions are disabled." +JWORKFLOW_EXTENSION_ALLOW_LIST_LABEL="Extension AllowList" JWORKFLOW_FIELD_COMPONENT_SECTIONS_TEXT="%1$s: %2$s" JWORKFLOW_SHOW_TRANSITIONS_FOR_THIS_ITEM="Show the transition selection to execute a transition on this item." JWORKFLOW_TITLE="Workflow" diff --git a/api/language/en-GB/joomla.ini b/api/language/en-GB/joomla.ini index ad0eb1c1705b2..d5e7ab9ae0f50 100644 --- a/api/language/en-GB/joomla.ini +++ b/api/language/en-GB/joomla.ini @@ -432,7 +432,7 @@ JGLOBAL_FILTER_GROUPS_DESC="This sets the user groups that you want filters appl JGLOBAL_FILTER_GROUPS_LABEL="Filter Groups" JGLOBAL_FILTER_TAGS_DESC="2. List additional tags, separating each tag name with a space or comma. For example: p,div,span." JGLOBAL_FILTER_TAGS_LABEL="Filter Tags2" -JGLOBAL_FILTER_TYPE_DESC="1. Blacklist allows all tags and attributes except for those in the blacklist.-- Tags for the Default Blacklist include: 'applet', 'body', 'bgsound', 'base', 'basefont', 'canvas', 'embed', 'frame', 'frameset', 'head', 'html', 'id', 'iframe', 'ilayer', 'layer', 'link', 'meta', 'name', 'object', 'script', 'style', 'title', 'xml'-- Attributes for the Default Blacklist include: 'action', 'background', 'codebase', 'dynsrc', 'lowsrc', 'formaction'-- You can blacklist additional tags and attributes by adding to the Filter Tags and Filter Attributes fields, separating each tag or attribute name with a comma.-- Custom Blacklist allows you to override the Default Blacklist. Add the tags and attributes to be blacklisted in the Filter Tags and Filter Attributes fields.
Please note that these settings work regardless of the editor that you are using. Even if you are using a WYSIWYG editor, the filtering settings may strip additional tags and attributes prior to saving information in the database." +JGLOBAL_FILTER_TYPE_DESC="1. DisallowList allows all tags and attributes except for those in the disallowList.-- Tags for the Default DisallowList include: 'applet', 'body', 'bgsound', 'base', 'basefont', 'canvas', 'embed', 'frame', 'frameset', 'head', 'html', 'id', 'iframe', 'ilayer', 'layer', 'link', 'meta', 'name', 'object', 'script', 'style', 'title', 'xml'-- Attributes for the Default DisallowList include: 'action', 'background', 'codebase', 'dynsrc', 'lowsrc', 'formaction'-- You can disallow additional tags and attributes by adding to the Filter Tags and Filter Attributes fields, separating each tag or attribute name with a comma.-- Custom DisallowList allows you to override the Default DisallowList. Add the tags and attributes to be disallowed in the Filter Tags and Filter Attributes fields.
Please note that these settings work regardless of the editor that you are using. Even if you are using a WYSIWYG editor, the filtering settings may strip additional tags and attributes prior to saving information in the database." JGLOBAL_FILTER_TYPE_LABEL="Filter Type1" JGLOBAL_FILTERED_BY="Filtered by:" JGLOBAL_FULL_TEXT="Full Text" @@ -1006,10 +1006,10 @@ JWARNING_UNPUBLISH_MUST_SELECT="You must select at least one item to unpublish." JWORKFLOW="Workflow: %s" JWORKFLOW_ENABLED_LABEL="Enable Workflow" JWORKFLOW_EXECUTE_TRANSITION="Select the transition to execute on this item." -JWORKFLOW_EXTENSION_BLACKLIST_DESCRIPTION="Disable this plugin for listed extensions." -JWORKFLOW_EXTENSION_BLACKLIST_LABEL="Extension Blacklist" -JWORKFLOW_EXTENSION_WHITELIST_DESCRIPTION="Activate this plugin only for listed extensions. If used all other extensions are disabled." -JWORKFLOW_EXTENSION_WHITELIST_LABEL="Extension Whitelist" +JWORKFLOW_EXTENSION_DISALLOW_LIST_DESCRIPTION="Disable this plugin for listed extensions." +JWORKFLOW_EXTENSION_DISALLOW_LIST_LABEL="Extension DisallowList" +JWORKFLOW_EXTENSION_ALLOW_LIST_DESCRIPTION="Activate this plugin only for listed extensions. If used all other extensions are disabled." +JWORKFLOW_EXTENSION_ALLOW_LIST_LABEL="Extension AllowList" JWORKFLOW_FIELD_COMPONENT_SECTIONS_TEXT="%1$s: %2$s" JWORKFLOW_SHOW_TRANSITIONS_FOR_THIS_ITEM="Show the transition selection to execute a transition on this item." JWORKFLOW_TITLE="Workflow" diff --git a/language/en-GB/com_media.ini b/language/en-GB/com_media.ini index 61a1fa3dd278e..0f448d4db6f85 100644 --- a/language/en-GB/com_media.ini +++ b/language/en-GB/com_media.ini @@ -54,7 +54,7 @@ COM_MEDIA_FIELD_CHECK_MIME_DESC="Use MIME Magic or Fileinfo to try to verify fil COM_MEDIA_FIELD_CHECK_MIME_LABEL="Check MIME Types" COM_MEDIA_FIELD_IGNORED_EXTENSIONS_DESC="Ignored file extensions for MIME type checking and restricted uploads." COM_MEDIA_FIELD_IGNORED_EXTENSIONS_LABEL="Ignored Extensions" -COM_MEDIA_FIELD_ILLEGAL_MIME_TYPES_DESC="A comma separated list of illegal MIME types to upload (blacklist)." +COM_MEDIA_FIELD_ILLEGAL_MIME_TYPES_DESC="A comma separated list of illegal MIME types to upload." COM_MEDIA_FIELD_ILLEGAL_MIME_TYPES_LABEL="Illegal MIME Types" COM_MEDIA_FIELD_LEGAL_EXTENSIONS_DESC="Extensions (file types) you are allowed to upload (comma separated)." COM_MEDIA_FIELD_LEGAL_EXTENSIONS_LABEL="Legal Extensions (File Types)" diff --git a/libraries/src/Component/ComponentHelper.php b/libraries/src/Component/ComponentHelper.php index 298649dd6ff49..68d1e48f35ab8 100644 --- a/libraries/src/Component/ComponentHelper.php +++ b/libraries/src/Component/ComponentHelper.php @@ -133,17 +133,17 @@ public static function filterText($text) $filters = $config->get('filters'); - $blackListTags = array(); - $blackListAttributes = array(); + $disallowedTags = array(); + $disallowedAttributes = array(); $customListTags = array(); $customListAttributes = array(); - $whiteListTags = array(); - $whiteListAttributes = array(); + $allowedTags = array(); + $allowedAttributes = array(); - $whiteList = false; - $blackList = false; + $allowList = false; + $disallowList = false; $customList = false; $unfiltered = false; @@ -172,7 +172,7 @@ public static function filterText($text) } else { - // Blacklist or whitelist. + // DisallowList or AllowList. // Preprocess the tags and attributes. $tags = explode(',', $filterData->filter_tags); $attributes = explode(',', $filterData->filter_attributes); @@ -199,15 +199,18 @@ public static function filterText($text) } } - // Collect the blacklist or whitelist tags and attributes. + // Collect the disallowList or allowlist tags and attributes. // Each list is cumulative. - if ($filterType === 'BL') + + // "BL" is deprecated in Joomla! 4, will be removed in Joomla! 5 + if (in_array($filterType, ['BL', 'DL'])) { - $blackList = true; - $blackListTags = array_merge($blackListTags, $tempTags); - $blackListAttributes = array_merge($blackListAttributes, $tempAttributes); + $disallowList = true; + $disallowedTags = array_merge($disallowedTags, $tempTags); + $disallowedAttributes = array_merge($disallowedAttributes, $tempAttributes); } - elseif ($filterType === 'CBL') + // "CBL" is deprecated in Joomla! 4, will be removed in Joomla! 5 + elseif (in_array($filterType, ['CBL', 'CAL'])) { // Only set to true if Tags or Attributes were added if ($tempTags || $tempAttributes) @@ -217,31 +220,32 @@ public static function filterText($text) $customListAttributes = array_merge($customListAttributes, $tempAttributes); } } - elseif ($filterType === 'WL') + // "WL" is deprecated in Joomla! 4, will be removed in Joomla! 5 + elseif (in_array($filterType, ['WL', 'AL'])) { - $whiteList = true; - $whiteListTags = array_merge($whiteListTags, $tempTags); - $whiteListAttributes = array_merge($whiteListAttributes, $tempAttributes); + $allowList = true; + $allowedTags = array_merge($allowedTags, $tempTags); + $allowedAttributes = array_merge($allowedAttributes, $tempAttributes); } } } - // Remove duplicates before processing (because the blacklist uses both sets of arrays). - $blackListTags = array_unique($blackListTags); - $blackListAttributes = array_unique($blackListAttributes); + // Remove duplicates before processing (because the disallowlist uses both sets of arrays). + $disallowedTags = array_unique($disallowedTags); + $disallowedAttributes = array_unique($disallowedAttributes); $customListTags = array_unique($customListTags); $customListAttributes = array_unique($customListAttributes); - $whiteListTags = array_unique($whiteListTags); - $whiteListAttributes = array_unique($whiteListAttributes); + $allowedTags = array_unique($allowedTags); + $allowedAttributes = array_unique($allowedAttributes); if (!$unfiltered) { - // Custom blacklist precedes Default blacklist + // Custom disallowlist precedes Default disallowlist if ($customList) { $filter = InputFilter::getInstance(array(), array(), 1, 1); - // Override filter's default blacklist tags and attributes + // Override filter's default disallowlist tags and attributes if ($customListTags) { $filter->blockedTags = $customListTags; @@ -252,37 +256,37 @@ public static function filterText($text) $filter->blockedAttributes = $customListAttributes; } } - // Blacklists take second precedence. - elseif ($blackList) + // DisallowList take second precedence. + elseif ($disallowList) { - // Remove the whitelisted tags and attributes from the black-list. - $blackListTags = array_diff($blackListTags, $whiteListTags); - $blackListAttributes = array_diff($blackListAttributes, $whiteListAttributes); + // Remove the allowed tags and attributes from the disallowList. + $disallowedTags = array_diff($disallowedTags, $allowedTags); + $disallowedAttributes = array_diff($disallowedAttributes, $allowedAttributes); $filter = InputFilter::getInstance( - $blackListTags, - $blackListAttributes, + $disallowedTags, + $disallowedAttributes, InputFilter::ONLY_BLOCK_DEFINED_TAGS, InputFilter::ONLY_BLOCK_DEFINED_ATTRIBUTES ); - // Remove whitelisted tags from filter's default blacklist - if ($whiteListTags) + // Remove allowed tags from filter's default disallowList + if ($allowedTags) { - $filter->blockedTags = array_diff($filter->blockedTags, $whiteListTags); + $filter->blockedTags = array_diff($filter->blockedTags, $allowedTags); } - // Remove whitelisted attributes from filter's default blacklist - if ($whiteListAttributes) + // Remove allowed attributes from filter's default disallowList + if ($allowedAttributes) { - $filter->blockedAttributes = array_diff($filter->blockedAttributes, $whiteListAttributes); + $filter->blockedAttributes = array_diff($filter->blockedAttributes, $allowedAttributes); } } - // Whitelists take third precedence. - elseif ($whiteList) + // AllowLists take third precedence. + elseif ($allowList) { // Turn off XSS auto clean - $filter = InputFilter::getInstance($whiteListTags, $whiteListAttributes, 0, 0, 0); + $filter = InputFilter::getInstance($allowedTags, $allowedAttributes, 0, 0, 0); } // No HTML takes last place. else diff --git a/libraries/src/MVC/Model/ListModel.php b/libraries/src/MVC/Model/ListModel.php index e03de8bf7eaec..ded4e29b31b72 100644 --- a/libraries/src/MVC/Model/ListModel.php +++ b/libraries/src/MVC/Model/ListModel.php @@ -78,21 +78,39 @@ class ListModel extends BaseDatabaseModel implements ListModelInterface protected $htmlFormName = 'adminForm'; /** - * A blacklist of filter variables to not merge into the model's state + * A list of filter variables to not merge into the model's state * - * @var array - * @since 3.4.5 + * @var array + * @since 3.4.5 + * @deprecated 4.0.0 use $filterDisallowList instead */ protected $filterBlacklist = array(); /** - * A blacklist of list variables to not merge into the model's state + * A list of filter variables to not merge into the model's state + * + * @var array + * @since 3.4.5 + */ + protected $filterDisallowList = array(); + + /** + * A list of variables to not merge into the model's state * * @var array * @since 3.4.5 + * @deprecated 4.0.0 use $listDisallowList instead */ protected $listBlacklist = array('select'); + /** + * A list of variables to not merge into the model's state + * + * @var array + * @since 3.4.5 + */ + protected $listDisallowList = array('select'); + /** * Constructor * @@ -117,6 +135,18 @@ public function __construct($config = array(), MVCFactoryInterface $factory = nu { $this->context = strtolower($this->option . '.' . $this->getName()); } + + // @deprecated in 4.0 remove in Joomla 5.0 + if (!empty($this->filterBlacklist)) + { + $this->filterDisallowList = array_merge($this->filterBlacklist, $this->filterDisallowList); + } + + // @deprecated in 4.0 remove in Joomla 5.0 + if (!empty($this->listBlacklist)) + { + $this->listDisallowList = array_merge($this->listBlacklist, $this->listDisallowList); + } } /** @@ -426,8 +456,8 @@ protected function populateState($ordering = null, $direction = null) { foreach ($filters as $name => $value) { - // Exclude if blacklisted - if (!\in_array($name, $this->filterBlacklist)) + // Exclude if disallowed + if (!\in_array($name, $this->filterDisallowList)) { $this->setState('filter.' . $name, $value); } @@ -441,8 +471,8 @@ protected function populateState($ordering = null, $direction = null) { foreach ($list as $name => $value) { - // Exclude if blacklisted - if (!\in_array($name, $this->listBlacklist)) + // Exclude if disallowed + if (!\in_array($name, $this->listDisallowList)) { // Extra validations switch ($name) diff --git a/libraries/src/Workflow/WorkflowPluginTrait.php b/libraries/src/Workflow/WorkflowPluginTrait.php index 38199dbf5fcbe..48046691cf8b9 100644 --- a/libraries/src/Workflow/WorkflowPluginTrait.php +++ b/libraries/src/Workflow/WorkflowPluginTrait.php @@ -92,20 +92,20 @@ protected function isSupported($context) } /** - * Check if the context is listed in the whitelist or in the blacklist and return the result + * Check if the context is listed in the AllowedList or in the DisallowedList and return the result * * @param string $context Context to check * * @return boolean */ - protected function checkWhiteAndBlacklist($context) + protected function checkAllowAndDisallow($context) { - $whitelist = \array_filter((array) $this->params->get('whitelist', [])); - $blacklist = \array_filter((array) $this->params->get('blacklist', [])); + $allowList = \array_filter((array) $this->params->get('allowlist', [])); + $disallowList = \array_filter((array) $this->params->get('disallowlist', [])); - if (!empty($whitelist)) + if (!empty($allowList)) { - foreach ($whitelist as $allowed) + foreach ($allowList as $allowed) { if ($context === $allowed) { @@ -116,7 +116,7 @@ protected function checkWhiteAndBlacklist($context) return false; } - foreach ($blacklist as $forbidden) + foreach ($disallowList as $forbidden) { if ($context === $forbidden) { @@ -128,7 +128,7 @@ protected function checkWhiteAndBlacklist($context) } /** - * Check if the context is listed in the whitelist or in the blacklist and return the result + * Check if the context supports a specific functionality * * @param string $context Context to check * @param string $functionality The functionality diff --git a/plugins/editors/tinymce/tinymce.php b/plugins/editors/tinymce/tinymce.php index d89a0a3f608fa..ce0cab8e83891 100644 --- a/plugins/editors/tinymce/tinymce.php +++ b/plugins/editors/tinymce/tinymce.php @@ -358,7 +358,7 @@ public function onDisplay( $invalid_elements = implode(',', array_merge($blockedTags, $blockedAttributes, $tagArray, $attrArray)); - // Valid elements are all whitelist entries in com_config, which are now missing in the filter blocked properties + // Valid elements are all allowed entries in com_config, which are now missing in the filter blocked properties $default_filter = InputFilter::getInstance(); $valid_elements = implode(',', array_diff($default_filter->blockedTags, $blockedTags)); @@ -740,19 +740,19 @@ protected static function getGlobalFilters() $filters = $config->get('filters'); - $blackListTags = array(); - $blackListAttributes = array(); + $disallowListTags = array(); + $disallowListAttributes = array(); $customListTags = array(); $customListAttributes = array(); - $whiteListTags = array(); - $whiteListAttributes = array(); + $allowListTags = array(); + $allowListAttributes = array(); - $whiteList = false; - $blackList = false; - $customList = false; - $unfiltered = false; + $allowList = false; + $disallowList = false; + $customList = false; + $unfiltered = false; // Cycle through each of the user groups the user is in. // Remember they are included in the public group as well. @@ -779,7 +779,7 @@ protected static function getGlobalFilters() } else { - // Blacklist or whitelist. + // DisallowList or AllowList. // Preprocess the tags and attributes. $tags = explode(',', $filterData->filter_tags); $attributes = explode(',', $filterData->filter_attributes); @@ -806,15 +806,17 @@ protected static function getGlobalFilters() } } - // Collect the blacklist or whitelist tags and attributes. + // Collect the disallowed or allowed tags and attributes. // Each list is cumulative. - if ($filterType === 'BL') + // "BL" is deprecated in Joomla! 4, will be removed in Joomla! 5 + if (in_array($filterType, ['BL', 'DL'])) { - $blackList = true; - $blackListTags = array_merge($blackListTags, $tempTags); - $blackListAttributes = array_merge($blackListAttributes, $tempAttributes); + $disallowList = true; + $disallowListTags = array_merge($disallowListTags, $tempTags); + $disallowListAttributes = array_merge($disallowListAttributes, $tempAttributes); } - elseif ($filterType === 'CBL') + // "CBL" is deprecated in Joomla! 4, will be removed in Joomla! 5 + elseif (in_array($filterType, ['CBL', 'CDL'])) { // Only set to true if Tags or Attributes were added if ($tempTags || $tempAttributes) @@ -824,22 +826,22 @@ protected static function getGlobalFilters() $customListAttributes = array_merge($customListAttributes, $tempAttributes); } } - elseif ($filterType === 'WL') + elseif (in_array($filterType, ['WL', 'AL'])) { - $whiteList = true; - $whiteListTags = array_merge($whiteListTags, $tempTags); - $whiteListAttributes = array_merge($whiteListAttributes, $tempAttributes); + $allowList = true; + $allowListTags = array_merge($allowListTags, $tempTags); + $allowListAttributes = array_merge($allowListAttributes, $tempAttributes); } } } - // Remove duplicates before processing (because the blacklist uses both sets of arrays). - $blackListTags = array_unique($blackListTags); - $blackListAttributes = array_unique($blackListAttributes); - $customListTags = array_unique($customListTags); - $customListAttributes = array_unique($customListAttributes); - $whiteListTags = array_unique($whiteListTags); - $whiteListAttributes = array_unique($whiteListAttributes); + // Remove duplicates before processing (because the disallowList uses both sets of arrays). + $disallowListTags = array_unique($disallowListTags); + $disallowListAttributes = array_unique($disallowListAttributes); + $customListTags = array_unique($customListTags); + $customListAttributes = array_unique($customListAttributes); + $allowListTags = array_unique($allowListTags); + $allowListAttributes = array_unique($allowListAttributes); // Unfiltered assumes first priority. if ($unfiltered) @@ -849,12 +851,12 @@ protected static function getGlobalFilters() } else { - // Custom blacklist precedes Default blacklist + // Custom disallowList precedes Default disallowList if ($customList) { $filter = InputFilter::getInstance([], [], 1, 1); - // Override filter's default blacklist tags and attributes + // Override filter's default disallowList tags and attributes if ($customListTags) { $filter->blockedTags = $customListTags; @@ -865,32 +867,32 @@ protected static function getGlobalFilters() $filter->blockedAttributes = $customListAttributes; } } - // Blacklists take second precedence. - elseif ($blackList) + // DisallowList take second precedence. + elseif ($disallowList) { - // Remove the white-listed tags and attributes from the black-list. - $blackListTags = array_diff($blackListTags, $whiteListTags); - $blackListAttributes = array_diff($blackListAttributes, $whiteListAttributes); + // Remove the allowed tags and attributes from the disallowList. + $disallowListTags = array_diff($disallowListTags, $allowListTags); + $disallowListAttributes = array_diff($disallowListAttributes, $allowListAttributes); - $filter = InputFilter::getInstance($blackListTags, $blackListAttributes, 1, 1); + $filter = InputFilter::getInstance($disallowListTags, $disallowListAttributes, 1, 1); - // Remove whitelisted tags from filter's default blacklist - if ($whiteListTags) + // Remove allowed tags from filter's default disallowList + if ($allowListTags) { - $filter->blockedTags = array_diff($filter->blockedTags, $whiteListTags); + $filter->blockedTags = array_diff($filter->blockedTags, $allowListTags); } - // Remove whitelisted attributes from filter's default blacklist - if ($whiteListAttributes) + // Remove allowed attributes from filter's default disallowList + if ($allowListAttributes) { - $filter->blockedAttributes = array_diff($filter->blockedAttributes, $whiteListAttributes); + $filter->blockedAttributes = array_diff($filter->blockedAttributes, $allowListAttributes); } } - // Whitelists take third precedence. - elseif ($whiteList) + // AlloedList take third precedence. + elseif ($allowList) { // Turn off XSS auto clean - $filter = InputFilter::getInstance($whiteListTags, $whiteListAttributes, 0, 0, 0); + $filter = InputFilter::getInstance($allowListTags, $allowListAttributes, 0, 0, 0); } // No HTML takes last place. else diff --git a/plugins/workflow/featuring/featuring.php b/plugins/workflow/featuring/featuring.php index 7584f243a0240..0ef62bb648cfe 100644 --- a/plugins/workflow/featuring/featuring.php +++ b/plugins/workflow/featuring/featuring.php @@ -293,7 +293,7 @@ public function onWorkflowBeforeTransition(WorkflowTransitionEvent $event) ) ); - // Release whitelist, the job is done + // Release allowed pks, the job is done $this->app->set('plgWorkflowFeaturing.' . $context, []); if ($eventResult->getArgument('abort')) @@ -367,7 +367,7 @@ public function onContentBeforeChangeFeatured(FeatureEvent $event) return true; } - // We have whitelisted the pks, so we're the one who triggered + // We have allowed the pks, so we're the one who triggered // With onWorkflowBeforeTransition => free pass if ($this->app->get('plgWorkflowFeaturing.' . $extension) === $pks) { @@ -432,7 +432,7 @@ public function onContentBeforeSave(EventInterface $event) */ protected function isSupported($context) { - if (!$this->checkWhiteAndBlacklist($context) || !$this->checkExtensionSupport($context, $this->supportFunctionality)) + if (!$this->checkAllowAndDisallow($context) || !$this->checkExtensionSupport($context, $this->supportFunctionality)) { return false; } diff --git a/plugins/workflow/featuring/featuring.xml b/plugins/workflow/featuring/featuring.xml index 21351c753ecd8..25f2a0822f2f7 100644 --- a/plugins/workflow/featuring/featuring.xml +++ b/plugins/workflow/featuring/featuring.xml @@ -21,18 +21,18 @@ diff --git a/plugins/workflow/notification/notification.php b/plugins/workflow/notification/notification.php index bdffc297fcb08..57c038370ff85 100644 --- a/plugins/workflow/notification/notification.php +++ b/plugins/workflow/notification/notification.php @@ -288,7 +288,7 @@ private function getUsersFromGroup($data): Array */ protected function isSupported($context) { - if (!$this->checkWhiteAndBlacklist($context)) + if (!$this->checkAllowAndDisallow($context)) { return false; } diff --git a/plugins/workflow/notification/notification.xml b/plugins/workflow/notification/notification.xml index 02ad291341448..16b72eb41df72 100644 --- a/plugins/workflow/notification/notification.xml +++ b/plugins/workflow/notification/notification.xml @@ -21,18 +21,18 @@ diff --git a/plugins/workflow/publishing/publishing.php b/plugins/workflow/publishing/publishing.php index 2cb03d3427b66..47cfb158a635a 100644 --- a/plugins/workflow/publishing/publishing.php +++ b/plugins/workflow/publishing/publishing.php @@ -304,7 +304,7 @@ public function onWorkflowBeforeTransition(WorkflowTransitionEvent $event) ] ); - // Release whitelist, the job is done + // Release allowed pks, the job is done $this->app->set('plgWorkflowPublishing.' . $context, []); if (\in_array(false, $result, true)) @@ -378,7 +378,7 @@ public function onContentBeforeChangeState(EventInterface $event) return true; } - // We have whitelisted the pks, so we're the one who triggered + // We have allowed the pks, so we're the one who triggered // With onWorkflowBeforeTransition => free pass if ($this->app->get('plgWorkflowPublishing.' . $context) === $pks) { @@ -443,7 +443,7 @@ public function onContentBeforeSave(EventInterface $event) */ protected function isSupported($context) { - if (!$this->checkWhiteAndBlacklist($context) || !$this->checkExtensionSupport($context, $this->supportFunctionality)) + if (!$this->checkAllowAndDisallow($context) || !$this->checkExtensionSupport($context, $this->supportFunctionality)) { return false; } diff --git a/plugins/workflow/publishing/publishing.xml b/plugins/workflow/publishing/publishing.xml index e2ec06451f3df..9ced9f9a355ca 100644 --- a/plugins/workflow/publishing/publishing.xml +++ b/plugins/workflow/publishing/publishing.xml @@ -21,18 +21,18 @@