diff --git a/administrator/components/com_admin/forms/profile.xml b/administrator/components/com_admin/forms/profile.xml deleted file mode 100644 index 6d98d352d30b3..0000000000000 --- a/administrator/components/com_admin/forms/profile.xml +++ /dev/null @@ -1,200 +0,0 @@ - -
-
- - - - - - - - - - - - - - - - - - -
- - - -
- - - - - - - - - - - - - - - - - - - -
- -
- - - - - - - - - - - - - - - - -
- - - diff --git a/administrator/components/com_admin/src/Controller/ProfileController.php b/administrator/components/com_admin/src/Controller/ProfileController.php deleted file mode 100644 index 15002d7414d2b..0000000000000 --- a/administrator/components/com_admin/src/Controller/ProfileController.php +++ /dev/null @@ -1,102 +0,0 @@ - - * @license GNU General Public License version 2 or later; see LICENSE.txt - */ - -namespace Joomla\Component\Admin\Administrator\Controller; - -\defined('_JEXEC') or die; - -use Joomla\CMS\MVC\Controller\FormController; -use Joomla\CMS\Router\Route; -use Joomla\CMS\Uri\Uri; - -/** - * User profile controller class. - * - * @since 1.6 - */ -class ProfileController extends FormController -{ - /** - * Method to check if you can edit a record. - * - * Extended classes can override this if necessary. - * - * @param array $data An array of input data. - * @param string $key The name of the key for the primary key. - * - * @return boolean - * - * @since 1.6 - */ - protected function allowEdit($data = [], $key = 'id') - { - return isset($data['id']) && $data['id'] == $this->app->getIdentity()->id; - } - - /** - * Overrides parent save method to check the submitted passwords match. - * - * @param string $key The name of the primary key of the URL variable. - * @param string $urlVar The name of the URL variable if different from the primary key (sometimes required to avoid router collisions). - * - * @return boolean True if successful, false otherwise. - * - * @since 3.2 - */ - public function save($key = null, $urlVar = null) - { - $result = parent::save(); - - if ($this->getTask() !== 'apply') - { - $return = base64_decode($this->input->get('return', '', 'BASE64')); - - if ($return !== '' && Uri::isInternal($return)) - { - // Redirect to return URL. - $this->setRedirect(Route::_($return, false)); - } - else - { - // Redirect to the main page. - $this->setRedirect(Route::_('index.php', false)); - } - } - - return $result; - } - - /** - * Method to cancel an edit. - * - * @param string $key The name of the primary key of the URL variable. - * - * @return boolean True if access level checks pass, false otherwise. - * - * @since 1.6 - */ - public function cancel($key = null) - { - $result = parent::cancel($key); - $return = base64_decode($this->input->get('return', '', 'BASE64')); - - if ($return !== '' && Uri::isInternal($return)) - { - // Redirect to return URL. - $this->setRedirect(Route::_($return, false)); - } - else - { - // Redirect to the main page. - $this->setRedirect(Route::_('index.php', false)); - } - - return $result; - } -} diff --git a/administrator/components/com_admin/src/Model/ProfileModel.php b/administrator/components/com_admin/src/Model/ProfileModel.php deleted file mode 100644 index f245a48fd6243..0000000000000 --- a/administrator/components/com_admin/src/Model/ProfileModel.php +++ /dev/null @@ -1,161 +0,0 @@ - - * @license GNU General Public License version 2 or later; see LICENSE.txt - */ - -namespace Joomla\Component\Admin\Administrator\Model; - -\defined('_JEXEC') or die; - -use Joomla\CMS\Component\ComponentHelper; -use Joomla\CMS\Factory; -use Joomla\CMS\Form\Form; -use Joomla\CMS\Language\Multilanguage; -use Joomla\CMS\Plugin\PluginHelper; -use Joomla\Component\Users\Administrator\Model\UserModel; - -/** - * User model. - * - * @since 1.6 - */ -class ProfileModel extends UserModel -{ - /** - * Method to auto-populate the state. - * - * @return void - * - * @note Calling getState in this method will result in recursion. - * @since 4.0.0 - */ - protected function populateState() - { - parent::populateState(); - - $this->setState('user.id', Factory::getApplication()->getIdentity()->id); - } - - /** - * Method to get the record form. - * - * @param array $data An optional array of data for the form to interrogate. - * @param boolean $loadData True if the form is to load its own data (default case), false if not. - * - * @return Form A Form object on success, false on failure - * - * @since 1.6 - */ - public function getForm($data = [], $loadData = true) - { - // Get the form. - $form = $this->loadForm('com_admin.profile', 'profile', ['control' => 'jform', 'load_data' => $loadData]); - - if (empty($form)) - { - return false; - } - - // Check for username compliance and parameter set - $isUsernameCompliant = true; - - if ($this->loadFormData()->username) - { - $username = $this->loadFormData()->username; - $isUsernameCompliant = !(preg_match('#[<>"\'%;()&\\\\]|\\.\\./#', $username) || strlen(utf8_decode($username)) < 2 - || trim($username) != $username); - } - - $this->setState('user.username.compliant', $isUsernameCompliant); - - if (!ComponentHelper::getParams('com_users')->get('change_login_name') && $isUsernameCompliant) - { - $form->setFieldAttribute('username', 'required', 'false'); - $form->setFieldAttribute('username', 'readonly', 'true'); - $form->setFieldAttribute('username', 'description', 'COM_ADMIN_PROFILE_FIELD_NOCHANGE_USERNAME_DESC'); - } - - // When multilanguage is set, a user's default site language should also be a Content Language - if (Multilanguage::isEnabled()) - { - $form->setFieldAttribute('language', 'type', 'frontend_language', 'params'); - } - - // If the user needs to change their password, mark the password fields as required - if (Factory::getUser()->requireReset) - { - $form->setFieldAttribute('password', 'required', 'true'); - $form->setFieldAttribute('password2', 'required', 'true'); - } - - return $form; - } - - /** - * Method to get the data that should be injected in the form. - * - * @return mixed The data for the form. - * - * @since 1.6 - */ - protected function loadFormData() - { - // Check the session for previously entered form data. - $data = Factory::getApplication()->getUserState('com_users.edit.user.data', []); - - if (empty($data)) - { - $data = $this->getItem(); - } - - // Load the users plugins. - PluginHelper::importPlugin('user'); - - $this->preprocessData('com_admin.profile', $data); - - return $data; - } - - /** - * Method to get a single record. - * - * @param integer $pk The id of the primary key. - * - * @return mixed Object on success, false on failure. - * - * @since 1.6 - */ - public function getItem($pk = null) - { - return parent::getItem(Factory::getUser()->id); - } - - /** - * Method to save the form data. - * - * @param array $data The form data. - * - * @return boolean True on success. - * - * @since 1.6 - */ - public function save($data) - { - $user = Factory::getUser(); - $pk = $user->id; - $data['id'] = $pk; - $data['block'] = $user->block; - $iAmSuperAdmin = $user->authorise('core.admin'); - - if ($iAmSuperAdmin) - { - $data['groups'] = $user->groups; - } - - return parent::save($data); - } -} diff --git a/administrator/components/com_admin/src/View/Profile/HtmlView.php b/administrator/components/com_admin/src/View/Profile/HtmlView.php deleted file mode 100644 index 154419cb24023..0000000000000 --- a/administrator/components/com_admin/src/View/Profile/HtmlView.php +++ /dev/null @@ -1,122 +0,0 @@ - - * @license GNU General Public License version 2 or later; see LICENSE.txt - */ - -namespace Joomla\Component\Admin\Administrator\View\Profile; - -\defined('_JEXEC') or die; - -use Joomla\CMS\Factory; -use Joomla\CMS\Language\Text; -use Joomla\CMS\MVC\View\GenericDataException; -use Joomla\CMS\MVC\View\HtmlView as BaseHtmlView; -use Joomla\CMS\Toolbar\ToolbarHelper; - -/** - * View class to allow users edit their own profile. - * - * @since 1.6 - */ -class HtmlView extends BaseHtmlView -{ - /** - * The form object - * - * @var \Joomla\CMS\Form\Form - * @since 1.6 - */ - protected $form; - - /** - * The item being viewed - * - * @var \Joomla\CMS\Object\CMSObject - * @since 1.6 - */ - protected $item; - - /** - * The model state - * - * @var \Joomla\CMS\Object\CMSObject - * @since 1.6 - */ - protected $state; - - /** - * Configuration forms for all two-factor authentication methods - * - * @var array - * @since 3.10.0 - */ - protected $twofactorform; - - /** - * Returns the one time password (OTP) – a.k.a. two factor authentication – configuration for the user. - * - * @var \stdClass - * @since 4.0.0 - */ - protected $otpConfig; - - /** - * Execute and display a template script. - * - * @param string $tpl The name of the template file to parse; automatically searches through the template paths. - * - * @return mixed A string if successful, otherwise an Error object. - * - * @since 1.6 - */ - public function display($tpl = null) - { - /** @var \Joomla\Component\Admin\Administrator\Model\ProfileModel $model */ - $model = $this->getModel(); - - $this->form = $model->getForm(); - $this->item = $model->getItem(); - $this->state = $model->getState(); - $this->twofactorform = $model->getTwofactorform(); - $this->otpConfig = $model->getOtpConfig(); - - // Check for errors. - if ($errors = $model->getErrors()) - { - throw new GenericDataException(implode("\n", $errors), 500); - } - - $this->form->setValue('password', null); - $this->form->setValue('password2', null); - - $this->addToolbar(); - - return parent::display($tpl); - } - - /** - * Add the page title and toolbar. - * - * @return void - * - * @since 1.6 - */ - protected function addToolbar() - { - Factory::getApplication()->input->set('hidemainmenu', 1); - - ToolbarHelper::title(Text::_('COM_ADMIN_VIEW_PROFILE_TITLE'), 'user user-profile'); - - ToolbarHelper::apply('profile.apply'); - ToolbarHelper::divider(); - ToolbarHelper::save('profile.save'); - ToolbarHelper::divider(); - ToolbarHelper::cancel('profile.cancel', 'JTOOLBAR_CLOSE'); - ToolbarHelper::divider(); - ToolbarHelper::help('JHELP_ADMIN_USER_PROFILE_EDIT'); - } -} diff --git a/administrator/components/com_admin/tmpl/profile/edit.php b/administrator/components/com_admin/tmpl/profile/edit.php deleted file mode 100644 index c672d1e782462..0000000000000 --- a/administrator/components/com_admin/tmpl/profile/edit.php +++ /dev/null @@ -1,92 +0,0 @@ - - * @license GNU General Public License version 2 or later; see LICENSE.txt - */ - -defined('_JEXEC') or die; - -use Joomla\CMS\Factory; -use Joomla\CMS\HTML\HTMLHelper; -use Joomla\CMS\Language\Text; -use Joomla\CMS\Layout\LayoutHelper; -use Joomla\CMS\Router\Route; -use Joomla\Component\Users\Administrator\Helper\UsersHelper; - -HTMLHelper::_('behavior.formvalidator'); -HTMLHelper::_('behavior.keepalive'); -HTMLHelper::_('script', 'com_users/two-factor-switcher.min.js', ['version' => 'auto', 'relative' => true], ['type' => 'module']); -HTMLHelper::_('script', 'com_users/two-factor-switcher-es5.min.js', ['version' => 'auto', 'relative' => true], ['defer' => true, 'nomodule' => true]); - -$input = Factory::getApplication()->input; - -// Get the form fieldsets. -$fieldsets = $this->form->getFieldsets(); - -// Fieldsets to not automatically render by /layouts/joomla/edit/params.php -$this->useCoreUI = true; -?> -
- 'user_details']); ?> - - twofactorform) && $this->item->id) : ?> - -
-
- -
-
- 'Joomla.twoFactorMethodChange();', 'class' => 'form-select'], 'value', 'text', $this->otpConfig->method, 'jform_twofactor_method', false); ?> -
-
-
- twofactorform as $form) : ?> - otpConfig->method ? '' : ' class="hidden"'; ?> -
> - -
- -
- -
- - - -
- - -
- otpConfig->otep)) : ?> -
- - -
- - otpConfig->otep as $otep) : ?> - - --- - - - -
- - - - - - - - -
diff --git a/administrator/language/en-GB/com_admin.ini b/administrator/language/en-GB/com_admin.ini index 82f3853637d7d..8c630a1a48a5d 100644 --- a/administrator/language/en-GB/com_admin.ini +++ b/administrator/language/en-GB/com_admin.ini @@ -137,25 +137,6 @@ COM_ADMIN_PHPINFO_DISABLED="The built in phpinfo() function has been disabled by COM_ADMIN_POST_MAX_SIZE="Post Max Size" COM_ADMIN_POSTINSTALL_MSG_HTACCESS_AUTOINDEX_DESCRIPTION="

Before 3.9.22 the default htaccess.txt file contained erroneous code meant for disabling directory listings. The security team recommends to manually apply the necessary changes to any existing .htaccess file, as this file can not be updated automatically.

The old code:

<IfModule autoindex>\n  IndexIgnore *\n</IfModule>

The new code:

<IfModule mod_autoindex.c>\n  IndexIgnore *\n</IfModule>
" COM_ADMIN_POSTINSTALL_MSG_HTACCESS_AUTOINDEX_TITLE=".htaccess Update Concerning Directory Listings" -COM_ADMIN_PROFILE_FIELD_BACKEND_LANGUAGE_LABEL="Backend Language" -COM_ADMIN_PROFILE_FIELD_BACKEND_TEMPLATE_LABEL="Backend Template Style" -COM_ADMIN_PROFILE_FIELD_EDITOR_LABEL="Editor" -COM_ADMIN_PROFILE_FIELD_FRONTEND_LANGUAGE_LABEL="Frontend Language" -COM_ADMIN_PROFILE_FIELD_LASTVISIT_LABEL="Last Visit Date" -COM_ADMIN_PROFILE_FIELD_NOCHANGE_USERNAME_DESC="If you want to change your Username, please contact a site administrator." -COM_ADMIN_PROFILE_FIELD_PASSWORD1_MESSAGE="The passwords you entered do not match. Please enter your desired password in the password field and confirm your entry by entering it in the confirm password field." -COM_ADMIN_PROFILE_FIELD_PASSWORD2_LABEL="Confirm Password" -COM_ADMIN_PROFILE_FIELD_REGISTERDATE_LABEL="Registration Date" -COM_ADMIN_PROFILE_FIELD_TIMEZONE_LABEL="Time Zone" -COM_ADMIN_PROFILE_FIELD_TWOFACTOR_LABEL="Authentication Method" -COM_ADMIN_PROFILE_FIELD_USERNAME_LABEL="Login Name" -COM_ADMIN_PROFILE_FIELDSET_SETTINGS_LABEL="Basic Settings" -COM_ADMIN_PROFILE_FIELDSET_USER_DETAILS_LABEL="My Profile Details" -COM_ADMIN_PROFILE_HEADING_NAME="Name" -COM_ADMIN_PROFILE_OTEPS="One time emergency passwords" -COM_ADMIN_PROFILE_OTEPS_DESC="If you do not have access to your two factor authentication device you can use any of the following passwords instead of a regular security code. Each one of these emergency passwords is immediately destroyed upon use. We recommend printing these passwords out and keeping the printout in a safe and accessible location, eg your wallet or a safety deposit box." -COM_ADMIN_PROFILE_OTEPS_WAIT_DESC="There are no emergency one time passwords generated in your account. The passwords will be generated automatically and displayed here as soon as you activate two factor authentication." -COM_ADMIN_PROFILE_TWO_FACTOR_AUTH="Two Factor Authentication" COM_ADMIN_SAVE_SUCCESS="Profile saved." COM_ADMIN_SESSION_AUTO_START="Session Auto Start" COM_ADMIN_SESSION_SAVE_PATH="Session Save Path" @@ -169,7 +150,6 @@ COM_ADMIN_UNWRITABLE="Unwritable" COM_ADMIN_UPLOAD_MAX_FILESIZE="Upload Max Filesize" COM_ADMIN_USER_AGENT="User Agent" COM_ADMIN_VALUE="Value" -COM_ADMIN_VIEW_PROFILE_TITLE="My Profile" COM_ADMIN_WEB_SERVER="Web Server" COM_ADMIN_WEBSERVER_TO_PHP_INTERFACE="WebServer to PHP Interface" COM_ADMIN_WRITABLE="Writable" diff --git a/libraries/src/Application/CMSApplication.php b/libraries/src/Application/CMSApplication.php index 742b210719b40..ec93b9e8f8dc7 100644 --- a/libraries/src/Application/CMSApplication.php +++ b/libraries/src/Application/CMSApplication.php @@ -1309,9 +1309,7 @@ protected function redirectIfTwoFactorAuthenticationRequired(): void $this->redirect('index.php?option=com_users&view=profile&layout=edit'); } - if ($option === 'com_admin' && \in_array($task, ['profile.edit', 'profile.save', 'profile.apply'], true) - || ($option === 'com_admin' && $view === 'profile' && $layout === 'edit') - || ($option === 'com_users' && \in_array($task, ['user.save', 'user.edit', 'user.apply', 'user.logout', 'user.menulogout'], true)) + if (($option === 'com_users' && \in_array($task, ['user.save', 'user.edit', 'user.apply', 'user.logout', 'user.menulogout'], true)) || ($option === 'com_users' && $view === 'user' && $layout === 'edit') || ($option === 'com_login' && \in_array($task, ['save', 'edit', 'apply', 'logout', 'menulogout'], true))) { @@ -1320,7 +1318,7 @@ protected function redirectIfTwoFactorAuthenticationRequired(): void // Redirect to com_admin profile edit $this->enqueueMessage(Text::_('JENFORCE_2FA_REDIRECT_MESSAGE'), 'notice'); - $this->redirect('index.php?option=com_admin&task=profile.edit&id=' . $this->getIdentity()->id); + $this->redirect('index.php?option=com_user&task=user.edit&id=' . $this->getIdentity()->id); } /** diff --git a/plugins/system/actionlogs/actionlogs.php b/plugins/system/actionlogs/actionlogs.php index 4f93c0a79abf7..5a38008b16be2 100644 --- a/plugins/system/actionlogs/actionlogs.php +++ b/plugins/system/actionlogs/actionlogs.php @@ -92,7 +92,6 @@ public function onContentPrepareForm(Form $form, $data) $allowedFormNames = [ 'com_users.profile', 'com_users.user', - 'com_admin.profile', ]; if (!in_array($formName, $allowedFormNames, true)) @@ -159,7 +158,7 @@ public function onContentPrepareForm(Form $form, $data) */ public function onContentPrepareData($context, $data) { - if (!in_array($context, ['com_users.profile', 'com_admin.profile', 'com_users.user'])) + if (!in_array($context, ['com_users.profile', 'com_users.user'])) { return true; } diff --git a/plugins/system/fields/fields.php b/plugins/system/fields/fields.php index 8347e6b452ac2..82f0fd62c956f 100644 --- a/plugins/system/fields/fields.php +++ b/plugins/system/fields/fields.php @@ -273,11 +273,6 @@ public function onContentPrepareForm(Form $form, $data) } } - if ($context === 'com_admin.profile') - { - $context = 'com_users.user'; - } - $parts = FieldsHelper::extract($context, $form); if (!$parts) diff --git a/plugins/system/webauthn/src/PluginTraits/UserProfileFields.php b/plugins/system/webauthn/src/PluginTraits/UserProfileFields.php index ace46378d9da2..38392ffc2fd21 100644 --- a/plugins/system/webauthn/src/PluginTraits/UserProfileFields.php +++ b/plugins/system/webauthn/src/PluginTraits/UserProfileFields.php @@ -102,7 +102,7 @@ public function onContentPrepareForm(Form $form, $data) $name = $form->getName(); $allowedForms = [ - 'com_admin.profile', 'com_users.user', 'com_users.profile', 'com_users.registration' + 'com_users.user', 'com_users.profile', 'com_users.registration' ]; if (!in_array($name, $allowedForms)) @@ -187,7 +187,7 @@ private function getUserFromData($data): ?User */ public function onContentPrepareData(?string $context, $data): bool { - if (!in_array($context, ['com_users.profile', 'com_admin.profile', 'com_users.user'])) + if (!in_array($context, ['com_users.profile', 'com_users.user'])) { return true; } diff --git a/plugins/user/profile/profile.php b/plugins/user/profile/profile.php index ec8b3346ad4ee..bb57ac6842566 100644 --- a/plugins/user/profile/profile.php +++ b/plugins/user/profile/profile.php @@ -72,7 +72,7 @@ class PlgUserProfile extends CMSPlugin public function onContentPrepareData($context, $data) { // Check we are manipulating a valid form. - if (!in_array($context, ['com_users.profile', 'com_users.user', 'com_users.registration', 'com_admin.profile'])) + if (!in_array($context, ['com_users.profile', 'com_users.user', 'com_users.registration'])) { return true; } @@ -239,7 +239,7 @@ public function onContentPrepareForm(Form $form, $data) // Check we are manipulating a valid form. $name = $form->getName(); - if (!in_array($name, ['com_admin.profile', 'com_users.user', 'com_users.profile', 'com_users.registration'])) + if (!in_array($name, ['com_users.user', 'com_users.profile', 'com_users.registration'])) { return true; } @@ -310,7 +310,7 @@ public function onContentPrepareForm(Form $form, $data) } } // Case profile in site or admin - elseif ($name === 'com_users.profile' || $name === 'com_admin.profile') + elseif ($name === 'com_users.profile') { // Toggle whether the field is required. if ($this->params->get('profile-require_' . $field, 1) > 0) diff --git a/plugins/user/token/token.php b/plugins/user/token/token.php index 8dc6117c9cb01..aeef25d7a78fe 100644 --- a/plugins/user/token/token.php +++ b/plugins/user/token/token.php @@ -58,7 +58,6 @@ class PlgUserToken extends CMSPlugin private $allowedContexts = [ 'com_users.profile', 'com_users.user', - 'com_admin.profile', ]; /**