Merge remote-tracking branch 'upstream/4.2-dev' into 4.2-dev-move-deleted-files-and-folders-outside-script-2022-06

Author: richard67

administrator/components/com_admin/src/View/Sysinfo/HtmlView.php

@@ -12,7 +12,6 @@
 
 use Exception;
 use Joomla\CMS\Access\Exception\NotAllowed;
-use Joomla\CMS\Factory;
 use Joomla\CMS\Language\Text;
 use Joomla\CMS\MVC\View\HtmlView as BaseHtmlView;
 use Joomla\CMS\Router\Route;

administrator/components/com_languages/src/View/Overrides/HtmlView.php

@@ -10,7 +10,6 @@
 
 namespace Joomla\Component\Languages\Administrator\View\Overrides;
 
-use Joomla\CMS\Factory;
 use Joomla\CMS\Helper\ContentHelper;
 use Joomla\CMS\Language\Text;
 use Joomla\CMS\MVC\View\GenericDataException;

administrator/components/com_templates/src/Helper/TemplateHelper.php

@@ -133,7 +133,7 @@ public static function canUpload($file, $err = '')
             }
         }
 
-        // Max upload size set to 2 MB for Template Manager
+        // Max upload size set to 10 MB for Template Manager
         $maxSize = (int) ($params->get('upload_limit') * 1024 * 1024);
 
         if ($maxSize > 0 && (int) $file['size'] > $maxSize) {

administrator/components/com_templates/src/View/Template/HtmlView.php

@@ -14,6 +14,7 @@
 use Joomla\CMS\Factory;
 use Joomla\CMS\Filter\InputFilter;
 use Joomla\CMS\Form\Form;
+use Joomla\CMS\HTML\HTMLHelper;
 use Joomla\CMS\Language\Text;
 use Joomla\CMS\MVC\View\HtmlView as BaseHtmlView;
 use Joomla\CMS\Object\CMSObject;
@@ -295,7 +296,28 @@ protected function addToolbar()
         }
 
         if (count($this->updatedList) !== 0 && $this->pluginState) {
-            ToolbarHelper::custom('template.deleteOverrideHistory', 'times', '', 'COM_TEMPLATES_BUTTON_DELETE_LIST_ENTRY', true, 'updateForm');
+            $dropdown = $bar->dropdownButton('override-group')
+                ->text('COM_TEMPLATES_BUTTON_CHECK')
+                ->toggleSplit(false)
+                ->icon('icon-ellipsis-h')
+                ->buttonClass('btn btn-action')
+                ->form('updateForm')
+                ->listCheck(true);
+
+            $childBar = $dropdown->getChildToolbar();
+
+            $childBar->publish('template.publish')
+                ->text('COM_TEMPLATES_BUTTON_CHECK_LIST_ENTRY')
+                ->form('updateForm')
+                ->listCheck(true);
+            $childBar->unpublish('template.unpublish')
+                ->text('COM_TEMPLATES_BUTTON_UNCHECK_LIST_ENTRY')
+                ->form('updateForm')
+                ->listCheck(true);
+            $childBar->unpublish('template.deleteOverrideHistory')
+                ->text('COM_TEMPLATES_BUTTON_DELETE_LIST_ENTRY')
+                ->form('updateForm')
+                ->listCheck(true);
         }
 
         if ($this->type === 'home') {

administrator/components/com_templates/tmpl/template/default_updated_files.php

@@ -15,13 +15,24 @@
 use Joomla\CMS\Language\Text;
 use Joomla\CMS\Router\Route;
 
+HTMLHelper::_('bootstrap.dropdown', '.dropdown-toggle');
+
 $input = Factory::getApplication()->input;
 ?>
 
-<form action="<?php echo Route::_('index.php?option=com_templates&view=template&id=' . $input->getInt('id') . '&file=' . $this->file); ?>" method="post" name="updateForm" id="updateForm">
-    <div class="row mt-2">
-        <div class="col-md-12">
-            <?php if (count($this->updatedList) !== 0) : ?>
+<?php if (count($this->updatedList) === 0) : ?>
+    <div class="alert alert-success">
+        <span class="icon-check-circle" aria-hidden="true"></span><span class="visually-hidden"><?php echo Text::_('NOTICE'); ?></span>
+        <?php echo Text::_('COM_TEMPLATES_OVERRIDE_UPTODATE'); ?>
+    </div>
+<?php else : ?>
+    <div class="alert alert-info">
+        <span class="icon-info-circle" aria-hidden="true"></span><span class="visually-hidden"><?php echo Text::_('INFO'); ?></span>
+        <?php echo Text::_('COM_TEMPLATES_OVERRIDE_NOT_UPTODATE'); ?>
+    </div>
+    <form action="<?php echo Route::_('index.php?option=com_templates&view=template&id=' . $input->getInt('id') . '&file=' . $this->file); ?>" method="post" name="updateForm" id="updateForm">
+        <div class="row mt-2">
+            <div class="col-md-12">
                 <table class="table">
                     <thead>
                         <tr>
@@ -78,12 +89,7 @@
                 <input type="hidden" name="task" value="">
                 <input type="hidden" name="boxchecked" value="0">
                 <?php echo HTMLHelper::_('form.token'); ?>
-            <?php else : ?>
-                <div class="alert alert-success">
-                    <span class="icon-check-circle" aria-hidden="true"></span><span class="visually-hidden"><?php echo Text::_('NOTICE'); ?></span>
-                    <?php echo Text::_('COM_TEMPLATES_OVERRIDE_UPTODATE'); ?>
-                </div>
-            <?php endif; ?>
+            </div>
         </div>
-    </div>
-</form>
+    </form>
+<?php endif; ?>

administrator/components/com_templates/tmpl/templates/default.php

@@ -118,7 +118,9 @@
                                 <?php if ($this->pluginState) : ?>
                                     <td class="d-none d-md-table-cell text-center">
                                         <?php if (!empty($item->updated)) : ?>
-                                            <span class="badge bg-warning text-dark"><?php echo Text::plural('COM_TEMPLATES_N_CONFLICT', $item->updated); ?></span>
+                                            <a href="<?php echo Route::_('index.php?option=com_templates&view=template&id=' . (int) $item->extension_id . '#files'); ?>">
+                                                <span class="badge bg-warning text-dark"><?php echo Text::plural('COM_TEMPLATES_N_CONFLICT', $item->updated); ?></span>
+                                            </a>
                                         <?php else : ?>
                                             <span class="badge bg-success"><?php echo Text::_('COM_TEMPLATES_UPTODATE'); ?></span>
                                         <?php endif; ?>

administrator/components/com_users/forms/group.xml

@@ -21,7 +21,9 @@
 			type="groupparent"
 			label="COM_USERS_GROUP_FIELD_PARENT_LABEL"
 			validate="options"
-		/>
+			>
+			<option value="0" disabled="disabled">COM_USERS_GROUP_FIELD_PARENT_SELECT</option>
+		</field>
 
 		<field
 			name="actions"

administrator/components/com_users/tmpl/method/edit.php

@@ -25,9 +25,9 @@
     $cancelURL = $this->escape(base64_decode($this->returnURL));
 }
 
-$recordId     = (int)$this->record->id ?? 0;
+$recordId     = (int) $this->record->id ?? 0;
 $method       = $this->record->method ?? $this->getModel()->getState('method');
-$userId       = (int)$this->user->id ?? 0;
+$userId       = (int) $this->user->id ?? 0;
 $headingLevel = 2;
 $hideSubmit   = !$this->renderOptions['show_submit'] && !$this->isEditExisting
 ?>

administrator/language/en-GB/com_cpanel.ini

@@ -15,7 +15,7 @@ COM_CPANEL_MESSAGES_BODY_NOCLOSE="There are important post-installation messages
 COM_CPANEL_MESSAGES_BODYMORE_NOCLOSE="This information area won't appear when you have hidden all the messages."
 COM_CPANEL_MESSAGES_REVIEW="Read Messages"
 COM_CPANEL_MESSAGES_TITLE="You have post-installation messages"
-COM_CPANEL_MSG_ADDNOSNIFF_BODY="<p>Joomla is now shipped with additional security hardenings in the default htaccess.txt and web.config.txt files. These hardenings disable the so called MIME-type sniffing feature in web browsers. The sniffing leads to specific attack vectors, where scripts in normally harmless file formats (eg images) will be executed, leading to Cross-Site-Scripting vulnerabilities.</p><p>The security team recommends to manually apply the necessary changes to existing .htaccess or web.config files, as those files can not be updated automatically.</p><p><strong>Changes for .htaccess</strong><br>Add the following lines before \"## Mod_rewrite in use.\":</p><pre>&lt;IfModule mod_headers.c&gt;\nHeader always set X-Content-Type-Options \"nosniff\"\n&lt;/IfModule&gt;</pre><p><strong>Changes for web.config</strong><br>Add the following lines right after \"&lt;/rewrite&gt;\":</p><pre>&lt;httpProtocol&gt;\n  &lt;customHeaders&gt;\n    &lt;add name=\"X-Content-Type-Options\" value=\"nosniff\" /&gt;\n  &lt;/customHeaders&gt;\n&lt;/httpProtocol&gt;</pre>" ; Translators: Don't touch the code part in the message, Starting with ## Mod_rewrite ...
+COM_CPANEL_MSG_ADDNOSNIFF_BODY="<p>Joomla is now shipped with additional security hardenings in the default htaccess.txt and web.config.txt files. These hardenings disable the so called MIME-type sniffing feature in web browsers. The sniffing leads to specific attack vectors, where scripts in normally harmless file formats (eg images) will be executed, leading to Cross-Site-Scripting vulnerabilities.</p><p>The security team recommends to manually apply the necessary changes to existing .htaccess or web.config files, as those files can not be updated automatically.</p><p><strong>Changes for .htaccess</strong><br>Add the following lines before \"## Mod_rewrite in use.\":</p><pre>&lt;IfModule mod_headers.c&gt;\nHeader always set X-Content-Type-Options \"nosniff\"\n&lt;/IfModule&gt;</pre><p><strong>Changes for web.config</strong><br>Add the following lines right after \"&lt;/rewrite&gt;\":</p><pre>&lt;httpProtocol&gt;\n  &lt;customHeaders&gt;\n    &lt;add name=\"X-Content-Type-Options\" value=\"nosniff\" /&gt;\n  &lt;/customHeaders&gt;\n&lt;/httpProtocol&gt;</pre>" ; Translators: Don't touch the code part in the message, Starting with ## Mod_rewrite &hellip;
 COM_CPANEL_MSG_ADDNOSNIFF_TITLE=".htaccess & web.config Security Update"
 COM_CPANEL_MSG_HTACCESSSVG_BODY="<p>Since 3.9.21 Joomla is shipped with an additional security rule in the default htaccess.txt. This rule will protect users of svg files from potential Cross-Site-Scripting (XSS) vulnerabilities.<br>The security team recommends to manually apply the necessary changes to any existing .htaccess file, as this file can not be updated automatically.</p><p><strong>Changes for .htaccess</strong></p><pre>&lt;FilesMatch \"\.svg$\"&gt;\n  &lt;IfModule mod_headers.c&gt;\n    Header always set Content-Security-Policy \"script-src 'none'\"\n  &lt;/IfModule&gt;\n&lt;/FilesMatch&gt;</pre><p>Currently we are not aware of a method to conditionally configure this on IIS web servers, please contact your hosting provider for further assistance.</p>"
 COM_CPANEL_MSG_HTACCESSSVG_TITLE="Additional XSS protection for the usage of SVG files"

administrator/language/en-GB/com_joomlaupdate.ini

@@ -93,7 +93,7 @@ COM_JOOMLAUPDATE_VIEW_DEFAULT_DESCRIPTION_BREAK="Extensions marked with <span cl
 COM_JOOMLAUPDATE_VIEW_DEFAULT_DESCRIPTION_MISSING_TAG="Extensions marked with <span class='badge bg-secondary'>Missing Compatibility Tag</span> indicate the developer has not included <a href='https://docs.joomla.org/Special:MyLanguage/Deploying_an_Update_Server' target='_blank' rel='noopener noreferrer'>compatibility information.</a>"
 COM_JOOMLAUPDATE_VIEW_DEFAULT_DESCRIPTION_UPDATE_REQUIRED="Extensions marked with <span class='badge bg-warning text-dark'>Yes (X.X.X)</span> might require an update."
 COM_JOOMLAUPDATE_VIEW_DEFAULT_DIRECTIVE="Directive"
-COM_JOOMLAUPDATE_VIEW_DEFAULT_DOWNLOAD_IN_PROGRESS="Downloading update file. Please wait ..."
+COM_JOOMLAUPDATE_VIEW_DEFAULT_DOWNLOAD_IN_PROGRESS="Downloading update file. Please wait &hellip;"
 COM_JOOMLAUPDATE_VIEW_DEFAULT_EXPLANATION_AND_LINK_TO_DOCS="The pre-update check provides you with information about the readiness of your server, settings and installed extensions for the update.<br>You can find more information about this page and how to prepare for updating Joomla in the <a class='pre-update-docs' href='https://docs.joomla.org/Special:MyLanguage/Pre-Update_Check' target='_blank' rel='noopener noreferrer'>pre-update check documentation</a>."
 COM_JOOMLAUPDATE_VIEW_DEFAULT_EXTENSION_COMPATIBLE="Compatible"
 COM_JOOMLAUPDATE_VIEW_DEFAULT_EXTENSION_COMPATIBLE_WITH_JOOMLA_VERSION="%s Compatible"