From 1aed565bc2bcf826e8bedcb8d810db4ff25db4b7 Mon Sep 17 00:00:00 2001
From: David Jardin <d.jardin@djumla.de>
Date: Wed, 20 Mar 2024 08:53:23 +0100
Subject: [PATCH 1/5] update punycode library to include security fix (#43092)

---
 composer.json |  2 +-
 composer.lock | 14 +++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/composer.json b/composer.json
index 2a11864f77c49..50eddd315e003 100644
--- a/composer.json
+++ b/composer.json
@@ -66,7 +66,7 @@
     "joomla/string": "^2.0.1",
     "joomla/uri": "^2.0.4",
     "joomla/utilities": "^2.0.1",
-    "algo26-matthias/idna-convert": "^3.1.0",
+    "algo26-matthias/idna-convert": "^3.1.1",
     "defuse/php-encryption": "^2.4.0",
     "doctrine/inflector": "^1.4.4",
     "fig/link-util": "^1.1.2",
diff --git a/composer.lock b/composer.lock
index d2913fd9d32d1..35e4e56471bbc 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,20 +4,20 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "8827e815417f1cda4554b7748d884cea",
+    "content-hash": "42465ec1c271f017d4e38a4f6ab0f2f9",
     "packages": [
         {
             "name": "algo26-matthias/idna-convert",
-            "version": "v3.1.0",
+            "version": "v3.1.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/algo26-matthias/idna-convert.git",
-                "reference": "340a4dc65f6b0d9884853a3d32895d82f0c1502a"
+                "reference": "d8dbf18599548b8460ab0c462f299a15cacf6e66"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/algo26-matthias/idna-convert/zipball/340a4dc65f6b0d9884853a3d32895d82f0c1502a",
-                "reference": "340a4dc65f6b0d9884853a3d32895d82f0c1502a",
+                "url": "https://api.github.com/repos/algo26-matthias/idna-convert/zipball/d8dbf18599548b8460ab0c462f299a15cacf6e66",
+                "reference": "d8dbf18599548b8460ab0c462f299a15cacf6e66",
                 "shasum": ""
             },
             "require": {
@@ -58,9 +58,9 @@
             ],
             "support": {
                 "issues": "https://github.com/algo26-matthias/idna-convert/issues",
-                "source": "https://github.com/algo26-matthias/idna-convert/tree/v3.1.0"
+                "source": "https://github.com/algo26-matthias/idna-convert/tree/v3.1.1"
             },
-            "time": "2023-02-17T10:08:02+00:00"
+            "time": "2024-03-18T16:24:08+00:00"
         },
         {
             "name": "beberlei/assert",

From 3db2bf32bf567679a5b41ae1382e38de62ddff3e Mon Sep 17 00:00:00 2001
From: Allon Moritz <allon.moritz@digital-peak.com>
Date: Wed, 20 Mar 2024 11:25:38 +0100
Subject: [PATCH 2/5] CMSObject should extend stdClass (#43020)

---
 libraries/src/Object/CMSObject.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/libraries/src/Object/CMSObject.php b/libraries/src/Object/CMSObject.php
index 4a13c2c8eb902..b830b3893ccf9 100644
--- a/libraries/src/Object/CMSObject.php
+++ b/libraries/src/Object/CMSObject.php
@@ -25,8 +25,7 @@
  *              Use \stdClass or \Joomla\Registry\Registry instead.
  *              Example: new \Joomla\Registry\Registry();
  */
-#[\AllowDynamicProperties]
-class CMSObject
+class CMSObject extends \stdClass
 {
     use LegacyErrorHandlingTrait;
     use LegacyPropertyManagementTrait;

From 0197d56ef138539a0d90d313dddb904c37364b90 Mon Sep 17 00:00:00 2001
From: Luca Racchetti <razzo1987@gmail.com>
Date: Thu, 21 Mar 2024 16:01:39 +0100
Subject: [PATCH 3/5] [4.x] Add support for brotli (#43055)

* Add support for brotli

Add support for brotli gzip compression in htaccess.txt

* fix description

fix description

Co-authored-by: Brian Teeman <brian@teeman.net>

---------

Co-authored-by: Brian Teeman <brian@teeman.net>
---
 htaccess.txt | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/htaccess.txt b/htaccess.txt
index a84c35c141453..34c08a2902a51 100644
--- a/htaccess.txt
+++ b/htaccess.txt
@@ -136,7 +136,7 @@ Options -Indexes
 	</IfModule>
 </IfModule>
 
-## GZIP
+## GZIP & BROTLI
 ## These directives are only enabled if the Apache mod_headers module is enabled.
 ## This section will check if a .gz file exists and if so will stream it
 ##     directly or fallback to gzip any asset on the fly
@@ -157,9 +157,9 @@ Options -Indexes
 	RewriteCond "%{REQUEST_FILENAME}\.gz" -s
 	RewriteRule "^(.*)\.js" "$1\.js\.gz" [QSA]
 
-	# Serve correct content types, and prevent mod_deflate double gzip.
-	RewriteRule "\.css\.gz$" "-" [T=text/css,E=no-gzip:1]
-	RewriteRule "\.js\.gz$" "-" [T=text/javascript,E=no-gzip:1]
+	# Serve correct content types, and prevent mod_deflate double compression.
+	RewriteRule "\.css\.gz$" "-" [T=text/css,E=no-gzip:1,E=no-brotli:1]
+	RewriteRule "\.js\.gz$" "-" [T=text/javascript,E=no-gzip:1,E=no-brotli:1]
 
 	<FilesMatch "(\.js\.gz|\.css\.gz)$">
 		# Serve correct encoding type.

From 8eefbf2375217f4ddaf7ddf3c5eba055b768f93e Mon Sep 17 00:00:00 2001
From: Harald Leithner <leithner@itronic.at>
Date: Fri, 22 Mar 2024 13:02:57 +0100
Subject: [PATCH 4/5] Allow to use filter.state for delete button in ListView
 (#38797)

---
 libraries/src/MVC/View/ListView.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libraries/src/MVC/View/ListView.php b/libraries/src/MVC/View/ListView.php
index 5e8bc25328dc3..b6c29be0f6fd6 100644
--- a/libraries/src/MVC/View/ListView.php
+++ b/libraries/src/MVC/View/ListView.php
@@ -250,7 +250,13 @@ protected function addToolbar()
             $bar->appendButton('Custom', $dhtml, 'batch');
         }
 
-        if ($this->state->get('filter.published') == -2 && $canDo->get('core.delete')) {
+        if (
+            $canDo->get('core.delete') &&
+            (
+                $this->state->get('filter.state') == -2 ||
+                $this->state->get('filter.published') == -2
+            )
+        ) {
             ToolbarHelper::deleteList('JGLOBAL_CONFIRM_DELETE', $viewName . '.delete', 'JTOOLBAR_EMPTY_TRASH');
         } elseif ($canDo->get('core.edit.state')) {
             ToolbarHelper::trash($viewName . '.trash');

From 9d5b5a2ddd685a36cd06929c26ac19f4f650bfd3 Mon Sep 17 00:00:00 2001
From: Hannes Papenberg <info@joomlager.de>
Date: Wed, 27 Mar 2024 06:55:39 +0100
Subject: [PATCH 5/5] User profile edit: No notice when no active menu item
 (#43140)

---
 components/com_users/src/View/Profile/HtmlView.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/components/com_users/src/View/Profile/HtmlView.php b/components/com_users/src/View/Profile/HtmlView.php
index 3d73ee6ebcbcb..4230c1eac741f 100644
--- a/components/com_users/src/View/Profile/HtmlView.php
+++ b/components/com_users/src/View/Profile/HtmlView.php
@@ -139,13 +139,14 @@ public function display($tpl = null)
         unset($this->data->text);
 
         // Check for layout from menu item.
-        $query = Factory::getApplication()->getMenu()->getActive()->query;
+        $active = Factory::getApplication()->getMenu()->getActive();
 
         if (
-            isset($query['layout']) && isset($query['option']) && $query['option'] === 'com_users'
-            && isset($query['view']) && $query['view'] === 'profile'
+            $active && isset($active->query['layout'])
+            && isset($active->query['option']) && $active->query['option'] === 'com_users'
+            && isset($active->query['view']) && $active->query['view'] === 'profile'
         ) {
-            $this->setLayout($query['layout']);
+            $this->setLayout($active->query['layout']);
         }
 
         // Escape strings for HTML output