joomla
diff --git a/‎.appveyor.yml‎
Lines changed: 2 additions & 2 deletions b/‎.appveyor.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.gitignore‎
Lines changed: 3 additions & 0 deletions b/‎.gitignore‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎administrator/components/com_actionlogs/helpers/actionlogs.php‎
Lines changed: 3 additions & 2 deletions b/‎administrator/components/com_actionlogs/helpers/actionlogs.php‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎administrator/components/com_admin/controller.php‎
Lines changed: 24 additions & 0 deletions b/‎administrator/components/com_admin/controller.php‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎administrator/components/com_admin/sql/updates/mysql/3.9.27-2021-04-20.sql‎
Lines changed: 3 additions & 0 deletions b/‎administrator/components/com_admin/sql/updates/mysql/3.9.27-2021-04-20.sql‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎administrator/components/com_admin/sql/updates/postgresql/3.9.27-2021-04-20.sql‎
Lines changed: 3 additions & 0 deletions b/‎administrator/components/com_admin/sql/updates/postgresql/3.9.27-2021-04-20.sql‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎administrator/components/com_admin/sql/updates/sqlazure/3.9.27-2021-04-20.sql‎
Lines changed: 3 additions & 0 deletions b/‎administrator/components/com_admin/sql/updates/sqlazure/3.9.27-2021-04-20.sql‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎administrator/components/com_admin/views/sysinfo/view.html.php‎
Lines changed: 8 additions & 2 deletions b/‎administrator/components/com_admin/views/sysinfo/view.html.php‎
Lines changed: 8 additions & 2 deletions
diff --git a/‎administrator/components/com_banners/controllers/tracks.raw.php‎
Lines changed: 3 additions & 0 deletions b/‎administrator/components/com_banners/controllers/tracks.raw.php‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎administrator/components/com_banners/views/download/tmpl/default.php‎
Lines changed: 1 addition & 1 deletion b/‎administrator/components/com_banners/views/download/tmpl/default.php‎
Lines changed: 1 addition & 1 deletion
@@ -126,8 +126,8 @@ install:
     - IF %PHP%==1 echo zend_extension=php_opcache.dll >> php.ini
     - IF %PHP%==1 echo opcache.enable_cli=1 >> php.ini
     - IF %PHP%==1 echo extension=php_ldap.dll >> php.ini
-    - IF %PHP%==1 echo @php %%~dp0composer-1.phar %%* > composer.bat
-    - IF %PHP%==1 appveyor-retry appveyor DownloadFile https://getcomposer.org/composer-1.phar
+    - IF %PHP%==1 echo @php %%~dp0composer.phar %%* > composer.bat
+    - IF %PHP%==1 appveyor-retry appveyor DownloadFile https://getcomposer.org/download/latest-1.x/composer.phar
     - cd C:\projects\joomla-cms
     - appveyor-retry composer install --no-progress --profile
 
 
@@ -158,6 +158,9 @@ Desktop.ini
 /libraries/vendor/phpmailer/phpmailer/examples
 /libraries/vendor/phpmailer/phpmailer/language
 /libraries/vendor/phpmailer/phpmailer/test
+/libraries/vendor/phpmailer/phpmailer/SECURITY.md
+/libraries/vendor/phpmailer/phpmailer/.github
+/libraries/vendor/phpmailer/phpmailer/.gitattributes
 /libraries/vendor/phpmailer/phpmailer/.gitignore
 /libraries/vendor/phpmailer/phpmailer/.scrutinizer.yml
 /libraries/vendor/phpmailer/phpmailer/.travis.yml
 
@@ -246,12 +246,13 @@ public static function getHumanReadableLogMessage($log, $generateLinks = true)
 	 * @param   string   $contentType
 	 * @param   integer  $id
 	 * @param   string   $urlVar
+	 * @param   JObject  $object
 	 *
 	 * @return  string  Link to the content item
 	 *
 	 * @since   3.9.0
 	 */
-	public static function getContentTypeLink($component, $contentType, $id, $urlVar = 'id')
+	public static function getContentTypeLink($component, $contentType, $id, $urlVar = 'id', $object = null)
 	{
 		// Try to find the component helper.
 		$eName = str_replace('com_', '', $component);
@@ -266,7 +267,7 @@ public static function getContentTypeLink($component, $contentType, $id, $urlVar
 
 			if (class_exists($cName) && is_callable(array($cName, 'getContentTypeLink')))
 			{
-				return $cName::getContentTypeLink($contentType, $id);
+				return $cName::getContentTypeLink($contentType, $id, $object);
 			}
 		}
 
 
@@ -16,4 +16,28 @@
  */
 class AdminController extends JControllerLegacy
 {
+	/**
+	 * View method
+	 *
+	 * @param   boolean  $cachable   If true, the view output will be cached
+	 * @param   array    $urlparams  An array of safe URL parameters and their variable types, for valid values see {@link \JFilterInput::clean()}.
+	 *
+	 * @return  \JControllerLegacy  A \JControllerLegacy object to support chaining.
+	 *
+	 * @since   3.9
+	 */
+	public function display($cachable = false, $urlparams = array())
+	{
+		$viewName = $this->input->get('view', $this->default_view);
+		$format = $this->input->get('format', 'html');
+
+		// Check CSRF token for sysinfo export views
+		if ($viewName === 'sysinfo' && ($format === 'text' || $format === 'json'))
+		{
+			// Check for request forgeries.
+			$this->checkToken('GET');
+		}
+
+		return parent::display($cachable, $urlparams);
+	}
 }
@@ -0,0 +1,3 @@
+INSERT INTO `#__postinstall_messages` (`extension_id`, `title_key`, `description_key`, `language_extension`, `language_client_id`, `type`, `version_introduced`, `enabled`)
+VALUES
+(700, 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_TITLE', 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_DESCRIPTION', 'com_admin', 1, 'message', '3.9.27', 1);
@@ -0,0 +1,3 @@
+INSERT INTO "#__postinstall_messages" ("extension_id", "title_key", "description_key", "language_extension", "language_client_id", "type", "version_introduced", "enabled")
+VALUES
+(700, 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_TITLE', 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_DESCRIPTION', 'com_admin', 1, 'message', '3.9.27', 1);
@@ -0,0 +1,3 @@
+INSERT INTO [#__postinstall_messages] ([extension_id], [title_key], [description_key], [language_extension], [language_client_id], [type], [version_introduced], [enabled])
+VALUES
+(700, 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_TITLE', 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_DESCRIPTION', 'com_admin', 1, 'message', '3.9.27', 1);
@@ -117,8 +117,14 @@ protected function _setSubMenu()
 	protected function addToolbar()
 	{
 		JToolbarHelper::title(JText::_('COM_ADMIN_SYSTEM_INFORMATION'), 'info-2 systeminfo');
-		JToolbarHelper::link(JRoute::_('index.php?option=com_admin&view=sysinfo&format=text'), 'COM_ADMIN_DOWNLOAD_SYSTEM_INFORMATION_TEXT', 'download');
-		JToolbarHelper::link(JRoute::_('index.php?option=com_admin&view=sysinfo&format=json'), 'COM_ADMIN_DOWNLOAD_SYSTEM_INFORMATION_JSON', 'download');
+		JToolbarHelper::link(
+			JRoute::_('index.php?option=com_admin&view=sysinfo&format=text&' . JSession::getFormToken() . '=1'),
+			'COM_ADMIN_DOWNLOAD_SYSTEM_INFORMATION_TEXT', 'download'
+		);
+		JToolbarHelper::link(
+			JRoute::_('index.php?option=com_admin&view=sysinfo&format=json&' . JSession::getFormToken() . '=1'),
+			'COM_ADMIN_DOWNLOAD_SYSTEM_INFORMATION_JSON', 'download'
+		);
 		JToolbarHelper::help('JHELP_SITE_SYSTEM_INFORMATION');
 	}
 }
@@ -53,6 +53,9 @@ public function getModel($name = 'Tracks', $prefix = 'BannersModel', $config = a
 	 */
 	public function display($cachable = false, $urlparams = array())
 	{
+		// Check for request forgeries.
+		$this->checkToken('GET');
+
 		// Get the document object.
 		$vName = 'tracks';
 
 
@@ -16,7 +16,7 @@
 		class="form-horizontal form-validate"
 		id="download-form"
 		name="adminForm"
-		action="<?php echo JRoute::_('index.php?option=com_banners&task=tracks.display&format=raw'); ?>"
+		action="<?php echo JRoute::_('index.php?option=com_banners&task=tracks.display&format=raw&' . JSession::getFormToken() . '=1'); ?>"
 		method="post">
 
 		<?php foreach ($this->form->getFieldset() as $field) : ?>
Original file line number	Diff line number	Diff line change
`@@ -246,12 +246,13 @@ public static function getHumanReadableLogMessage($log, $generateLinks = true)`
`246`	`246`	`* @param string $contentType`
`247`	`247`	`* @param integer $id`
`248`	`248`	`* @param string $urlVar`
	`249`	`+ * @param JObject $object`
`249`	`250`	`*`
`250`	`251`	`* @return string Link to the content item`
`251`	`252`	`*`
`252`	`253`	`* @since 3.9.0`
`253`	`254`	`*/`
`254`		`- public static function getContentTypeLink($component, $contentType, $id, $urlVar = 'id')`
	`255`	`+ public static function getContentTypeLink($component, $contentType, $id, $urlVar = 'id', $object = null)`
`255`	`256`	`{`
`256`	`257`	`// Try to find the component helper.`
`257`	`258`	`$eName = str_replace('com_', '', $component);`
`@@ -266,7 +267,7 @@ public static function getContentTypeLink($component, $contentType, $id, $urlVar`
`266`	`267`
`267`	`268`	`if (class_exists($cName) && is_callable(array($cName, 'getContentTypeLink')))`
`268`	`269`	`{`
`269`		`- return $cName::getContentTypeLink($contentType, $id);`
	`270`	`+ return $cName::getContentTypeLink($contentType, $id, $object);`
`270`	`271`	`}`
`271`	`272`	`}`
`272`	`273`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+INSERT INTO `#__postinstall_messages` (`extension_id`, `title_key`, `description_key`, `language_extension`, `language_client_id`, `type`, `version_introduced`, `enabled`)
	`2`	`+VALUES`
	`3`	`+(700, 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_TITLE', 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_DESCRIPTION', 'com_admin', 1, 'message', '3.9.27', 1);`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+INSERT INTO "#__postinstall_messages" ("extension_id", "title_key", "description_key", "language_extension", "language_client_id", "type", "version_introduced", "enabled")`
	`2`	`+VALUES`
	`3`	`+(700, 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_TITLE', 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_DESCRIPTION', 'com_admin', 1, 'message', '3.9.27', 1);`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+INSERT INTO [#__postinstall_messages] ([extension_id], [title_key], [description_key], [language_extension], [language_client_id], [type], [version_introduced], [enabled])`
	`2`	`+VALUES`
	`3`	`+(700, 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_TITLE', 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_DESCRIPTION', 'com_admin', 1, 'message', '3.9.27', 1);`
Original file line number	Diff line number	Diff line change
`@@ -117,8 +117,14 @@ protected function _setSubMenu()`
`117`	`117`	`protected function addToolbar()`
`118`	`118`	`{`
`119`	`119`	`JToolbarHelper::title(JText::_('COM_ADMIN_SYSTEM_INFORMATION'), 'info-2 systeminfo');`
`120`		`- JToolbarHelper::link(JRoute::_('index.php?option=com_admin&view=sysinfo&format=text'), 'COM_ADMIN_DOWNLOAD_SYSTEM_INFORMATION_TEXT', 'download');`
`121`		`- JToolbarHelper::link(JRoute::_('index.php?option=com_admin&view=sysinfo&format=json'), 'COM_ADMIN_DOWNLOAD_SYSTEM_INFORMATION_JSON', 'download');`
	`120`	`+ JToolbarHelper::link(`
	`121`	`+ JRoute::_('index.php?option=com_admin&view=sysinfo&format=text&' . JSession::getFormToken() . '=1'),`
	`122`	`+ 'COM_ADMIN_DOWNLOAD_SYSTEM_INFORMATION_TEXT', 'download'`
	`123`	`+ );`
	`124`	`+ JToolbarHelper::link(`
	`125`	`+ JRoute::_('index.php?option=com_admin&view=sysinfo&format=json&' . JSession::getFormToken() . '=1'),`
	`126`	`+ 'COM_ADMIN_DOWNLOAD_SYSTEM_INFORMATION_JSON', 'download'`
	`127`	`+ );`
`122`	`128`	`JToolbarHelper::help('JHELP_SITE_SYSTEM_INFORMATION');`
`123`	`129`	`}`
`124`	`130`	`}`
Original file line number	Diff line number	Diff line change
`@@ -53,6 +53,9 @@ public function getModel($name = 'Tracks', $prefix = 'BannersModel', $config = a`
`53`	`53`	`*/`
`54`	`54`	`public function display($cachable = false, $urlparams = array())`
`55`	`55`	`{`
	`56`	`+ // Check for request forgeries.`
	`57`	`+ $this->checkToken('GET');`
	`58`	`+`
`56`	`59`	`// Get the document object.`
`57`	`60`	`$vName = 'tracks';`
`58`	`61`