rendered paste bodydiff -ur joomla-cms-3.4.5/administrator/components/com_templates/controllers/template.php joomla-cms-3.4.6/administrator/components/com_templates/controllers/template.php--- joomla-cms-3.4.5/administrator/components/com_templates/controllers/template.php 2015-10-21 23:48:15.000000000 +0200+++ joomla-cms-3.4.6/administrator/components/com_templates/controllers/template.php 2015-12-14 14:42:11.000000000 +0100@@ -376,6 +376,9 @@ */ public function delete() {+ // Check for request forgeries+ JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN'));+ $app = JFactory::getApplication(); $model = $this->getModel(); $id = $app->input->get('id');@@ -412,6 +415,9 @@ */ public function createFile() {+ // Check for request forgeries+ JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN'));+ $app = JFactory::getApplication(); $model = $this->getModel(); $id = $app->input->get('id');@@ -456,6 +462,9 @@ */ public function uploadFile() {+ // Check for request forgeries+ JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN'));+ $app = JFactory::getApplication(); $model = $this->getModel(); $id = $app->input->get('id');@@ -487,6 +496,9 @@ */ public function createFolder() {+ // Check for request forgeries+ JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN'));+ $app = JFactory::getApplication(); $model = $this->getModel(); $id = $app->input->get('id');@@ -523,6 +535,9 @@ */ public function deleteFolder() {+ // Check for request forgeries+ JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN'));+ $app = JFactory::getApplication(); $model = $this->getModel(); $id = $app->input->get('id');@@ -564,6 +579,9 @@ */ public function renameFile() {+ // Check for request forgeries+ JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN'));+ $app = JFactory::getApplication(); $model = $this->getModel(); $id = $app->input->get('id');@@ -673,6 +691,9 @@ */ public function copyFile() {+ // Check for request forgeries+ JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN'));+ $app = JFactory::getApplication(); $id = $app->input->get('id'); $file = $app->input->get('file');@@ -708,6 +729,9 @@ */ public function extractArchive() {+ // Check for request forgeries+ JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN'));+ $app = JFactory::getApplication(); $id = $app->input->get('id'); $file = $app->input->get('file');diff -ur joomla-cms-3.4.5/administrator/components/com_templates/models/template.php joomla-cms-3.4.6/administrator/components/com_templates/models/template.php--- joomla-cms-3.4.5/administrator/components/com_templates/models/template.php 2015-10-21 23:48:15.000000000 +0200+++ joomla-cms-3.4.6/administrator/components/com_templates/models/template.php 2015-12-14 14:42:11.000000000 +0100@@ -439,7 +439,17 @@ $input = JFactory::getApplication()->input; $fileName = base64_decode($input->get('file')); $client = JApplicationHelper::getClientInfo($this->template->client_id);- $filePath = JPath::clean($client->path . '/templates/' . $this->template->element . '/' . $fileName);+++ try+ {+ $filePath = JPath::check($client->path . '/templates/' . $this->template->element . '/' . $fileName);+ }+ catch (Exception $e)+ {+ $app->enqueueMessage(JText::_('COM_TEMPLATES_ERROR_SOURCE_FILE_NOT_FOUND'), 'error');+ return;+ } if (file_exists($filePath)) {diff -ur joomla-cms-3.4.5/administrator/components/com_templates/views/template/tmpl/default.php joomla-cms-3.4.6/administrator/components/com_templates/views/template/tmpl/default.php--- joomla-cms-3.4.5/administrator/components/com_templates/views/template/tmpl/default.php 2015-10-21 23:48:15.000000000 +0200+++ joomla-cms-3.4.6/administrator/components/com_templates/views/template/tmpl/default.php 2015-12-14 14:42:11.000000000 +0100@@ -145,7 +145,7 @@ if($this->type == 'font') { JFactory::getDocument()->addStyleDeclaration(- "/* Styles for font preview */+ "/* Styles for font preview */ @font-face { font-family: previewFont;@@ -159,99 +159,103 @@ } ?> <?php echo JHtml::_('bootstrap.startTabSet', 'myTab', array('active' => 'editor')); ?>- <?php echo JHtml::_('bootstrap.addTab', 'myTab', 'editor', JText::_('COM_TEMPLATES_TAB_EDITOR', true)); ?>- <div class="row-fluid">- <div class="span12">- <?php if($this->type == 'file'): ?>- <p class="well well-small lead"><?php echo JText::sprintf('COM_TEMPLATES_TEMPLATE_FILENAME', $this->source->filename, $this->template->element); ?></p>- <?php endif; ?>- <?php if($this->type == 'image'): ?>- <p class="well well-small lead"><?php echo JText::sprintf('COM_TEMPLATES_TEMPLATE_FILENAME', $this->image['path'], $this->template->element); ?></p>- <?php endif; ?>- <?php if($this->type == 'font'): ?>- <p class="well well-small lead"><?php echo JText::sprintf('COM_TEMPLATES_TEMPLATE_FILENAME', $this->font['rel_path'], $this->template->element); ?></p>- <?php endif; ?>- </div>- </div>- <div class="row-fluid">- <div class="span3 tree-holder">- <?php echo $this->loadTemplate('tree');?>- </div>- <div class="span9">- <?php if($this->type == 'home'): ?>- <form action="<?php echo JRoute::_('index.php?option=com_templates&view=template&id=' . $input->getInt('id') . '&file=' . $this->file); ?>" method="post" name="adminForm" id="adminForm" class="form-horizontal">- <input type="hidden" name="task" value="" />- <?php echo JHtml::_('form.token'); ?>- <div class="hero-unit" style="text-align: justify;">- <h2><?php echo JText::_('COM_TEMPLATES_HOME_HEADING'); ?></h2>- <p><?php echo JText::_('COM_TEMPLATES_HOME_TEXT'); ?></p>- <p>- <a href="https://docs.joomla.org/J3.2:How_to_use_the_Template_Manager" target="_blank" class="btn btn-primary btn-large">- <?php echo JText::_('COM_TEMPLATES_HOME_BUTTON'); ?>- </a>- </p>- </div>- </form>- <?php endif; ?>- <?php if($this->type == 'file'): ?>- <form action="<?php echo JRoute::_('index.php?option=com_templates&view=template&id=' . $input->getInt('id') . '&file=' . $this->file); ?>" method="post" name="adminForm" id="adminForm" class="form-horizontal">+<?php echo JHtml::_('bootstrap.addTab', 'myTab', 'editor', JText::_('COM_TEMPLATES_TAB_EDITOR', true)); ?>+<div class="row-fluid">+ <div class="span12">+ <?php if($this->type == 'file'): ?>+ <p class="well well-small lead"><?php echo JText::sprintf('COM_TEMPLATES_TEMPLATE_FILENAME', $this->source->filename, $this->template->element); ?></p>+ <?php endif; ?>+ <?php if($this->type == 'image'): ?>+ <p class="well well-small lead"><?php echo JText::sprintf('COM_TEMPLATES_TEMPLATE_FILENAME', $this->image['path'], $this->template->element); ?></p>+ <?php endif; ?>+ <?php if($this->type == 'font'): ?>+ <p class="well well-small lead"><?php echo JText::sprintf('COM_TEMPLATES_TEMPLATE_FILENAME', $this->font['rel_path'], $this->template->element); ?></p>+ <?php endif; ?>+ </div>+</div>+<div class="row-fluid">+ <div class="span3 tree-holder">+ <?php echo $this->loadTemplate('tree');?>+ </div>+ <div class="span9">+ <?php if($this->type == 'home'): ?>+ <form action="<?php echo JRoute::_('index.php?option=com_templates&view=template&id=' . $input->getInt('id') . '&file=' . $this->file); ?>" method="post" name="adminForm" id="adminForm" class="form-horizontal">+ <input type="hidden" name="task" value="" />+ <?php echo JHtml::_('form.token'); ?>+ <div class="hero-unit" style="text-align: justify;">+ <h2><?php echo JText::_('COM_TEMPLATES_HOME_HEADING'); ?></h2>+ <p><?php echo JText::_('COM_TEMPLATES_HOME_TEXT'); ?></p>+ <p>+ <a href="https://docs.joomla.org/J3.2:How_to_use_the_Template_Manager" target="_blank" class="btn btn-primary btn-large">+ <?php echo JText::_('COM_TEMPLATES_HOME_BUTTON'); ?>+ </a>+ </p>+ </div>+ </form>+ <?php endif; ?>+ <?php if($this->type == 'file'): ?>+ <form action="<?php echo JRoute::_('index.php?option=com_templates&view=template&id=' . $input->getInt('id') . '&file=' . $this->file); ?>" method="post" name="adminForm" id="adminForm" class="form-horizontal"> - <div class="editor-border">- <?php echo $this->form->getInput('source'); ?>- </div>- <input type="hidden" name="task" value="" />- <?php echo JHtml::_('form.token'); ?>- <?php echo $this->form->getInput('extension_id'); ?>- <?php echo $this->form->getInput('filename'); ?>+ <div class="editor-border">+ <?php echo $this->form->getInput('source'); ?>+ </div>+ <input type="hidden" name="task" value="" />+ <?php echo JHtml::_('form.token'); ?>+ <?php echo $this->form->getInput('extension_id'); ?>+ <?php echo $this->form->getInput('filename'); ?> - </form>- <?php endif; ?>- <?php if($this->type == 'archive'): ?>- <legend><?php echo JText::_('COM_TEMPLATES_FILE_CONTENT_PREVIEW'); ?></legend>- <form action="<?php echo JRoute::_('index.php?option=com_templates&view=template&id=' . $input->getInt('id') . '&file=' . $this->file); ?>" method="post" name="adminForm" id="adminForm" class="form-horizontal">- <ul class="nav nav-stacked nav-list well">- <?php foreach ($this->archive as $file): ?>- <li>- <?php if (substr($file, -1) === DIRECTORY_SEPARATOR): ?>- <span class="icon-folder"></span> <?php echo $file; ?>- <?php endif; ?>- <?php if (substr($file, -1) != DIRECTORY_SEPARATOR): ?>- <span class="icon-file"></span> <?php echo $file; ?>- <?php endif; ?>- </li>- <?php endforeach; ?>- </ul>- <input type="hidden" name="task" value="" />- <?php echo JHtml::_('form.token'); ?>+ </form>+ <?php endif; ?>+ <?php if($this->type == 'archive'): ?>+ <legend><?php echo JText::_('COM_TEMPLATES_FILE_CONTENT_PREVIEW'); ?></legend>+ <form action="<?php echo JRoute::_('index.php?option=com_templates&view=template&id=' . $input->getInt('id') . '&file=' . $this->file); ?>" method="post" name="adminForm" id="adminForm" class="form-horizontal">+ <ul class="nav nav-stacked nav-list well">+ <?php foreach ($this->archive as $file): ?>+ <li>+ <?php if (substr($file, -1) === DIRECTORY_SEPARATOR): ?>+ <span class="icon-folder"></span> <?php echo $file; ?>+ <?php endif; ?>+ <?php if (substr($file, -1) != DIRECTORY_SEPARATOR): ?>+ <span class="icon-file"></span> <?php echo $file; ?>+ <?php endif; ?>+ </li>+ <?php endforeach; ?>+ </ul>+ <input type="hidden" name="task" value="" />+ <?php echo JHtml::_('form.token'); ?> - </form>- <?php endif; ?>- <?php if($this->type == 'image'): ?>- <img id="image-crop" src="<?php echo $this->image['address'] . '?' . time(); ?>" />- <form action="<?php echo JRoute::_('index.php?option=com_templates&view=template&id=' . $input->getInt('id') . '&file=' . $this->file); ?>" method="post" name="adminForm" id="adminForm" class="form-horizontal">- <fieldset class="adminform">- <input type ="hidden" id="x" name="x" />- <input type ="hidden" id="y" name="y" />- <input type ="hidden" id="h" name="h" />- <input type ="hidden" id="w" name="w" />- <input type="hidden" name="task" value="" />- <?php echo JHtml::_('form.token'); ?>- </fieldset>- </form>- <?php endif; ?>- <?php if($this->type == 'font'): ?>- <div class="font-preview">- <form action="<?php echo JRoute::_('index.php?option=com_templates&view=template&id=' . $input->getInt('id') . '&file=' . $this->file); ?>" method="post" name="adminForm" id="adminForm" class="form-horizontal">- <fieldset class="adminform">- <p class="lead">H1</p><h1>Quickly gaze at Joomla! views from HTML, CSS, JavaScript and XML </h1>- <p class="lead">H2</p><h2>Quickly gaze at Joomla! views from HTML, CSS, JavaScript and XML </h2>- <p class="lead">H3</p><h3>Quickly gaze at Joomla! views from HTML, CSS, JavaScript and XML </h3>- <p class="lead">H4</p><h4>Quickly gaze at Joomla! views from HTML, CSS, JavaScript and XML </h4>- <p class="lead">H5</p><h5>Quickly gaze at Joomla! views from HTML, CSS, JavaScript and XML </h5>- <p class="lead">H6</p> <h6>Quickly gaze at Joomla! views from HTML, CSS, JavaScript and XML </h6>- <p class="lead">Bold</p><b>Quickly gaze at Joomla! views from HTML, CSS, JavaScript and XML </b>- <p class="lead">Italics</p><i>Quickly gaze at Joomla! views from HTML, CSS, JavaScript and XML </i>- <p class="lead">Unordered List</p>+ </form>+ <?php endif; ?>+ <?php if($this->type == 'image'): ?>+ <img id="image-crop" src="<?php echo $this->image['address'] . '?' . time(); ?>" />+ <form action="<?php echo JRoute::_('index.php?option=com_templates&view=template&id=' . $input->getInt('id') . '&file=' . $this->file); ?>" method="post" name="adminForm" id="adminForm" class="form-horizontal">+ <fieldset class="adminform">+ <input type ="hidden" id="x" name="x" />+ <input type ="hidden" id="y" name="y" />+ <input type ="hidden" id="h" name="h" />+ <input type ="hidden" id="w" name="w" />+ <input type="hidden" name="task" value="" />+ <?php echo JHtml::_('form.token'); ?>+ </fieldset>+ </form>+ <?php endif; ?>+ <?php if($this->type == 'font'): ?>+ <div class="font-preview">+ <form action="<?php echo JRoute::_('index.php?option=com_templates&view=template&id=' . $input->getInt('id') . '&file=' . $this->file); ?>" method="post" name="adminForm" id="adminForm" class="form-horizontal">+ <fieldset class="adminform">+ <p class="lead">H1</p><h1>Quickly gaze at Joomla! views from HTML, CSS, JavaScript and XML </h1>+ <p class="lead">H2</p><h2>Quickly gaze at Joomla! views from HTML, CSS, JavaScript and XML </h2>+ <p class="lead">H3</p><h3>Quickly gaze at Joomla! views from HTML, CSS, JavaScript and XML </h3>+ <p class="lead">H4</p><h4>Quickly gaze at Joomla! views from HTML, CSS, JavaScript and XML </h4>+ <p class="lead">H5</p><h5>Quickly gaze at Joomla! views from HTML, CSS, JavaScript and XML </h5>+ <p class="lead">H6</p> <h6>Quickly gaze at Joomla! views from HTML, CSS, JavaScript and XML </h6>+ <p class="lead">Bold</p><b>Quickly gaze at Joomla! views from HTML, CSS, JavaScript and XML </b>+ <p class="lead">Italics</p><i>Quickly gaze at Joomla! views from HTML, CSS, JavaScript and XML </i>+ <p class="lead">Unordered List</p>+ <ul>+ <li>Item</li>+ <li>Item</li>+ <li>Item<br /> <ul> <li>Item</li> <li>Item</li>@@ -259,116 +263,112 @@ <ul> <li>Item</li> <li>Item</li>- <li>Item<br />- <ul>- <li>Item</li>- <li>Item</li>- <li>Item</li>- </ul>- </li>+ <li>Item</li> </ul> </li> </ul>- <p class="lead">Ordered List</p>- <ol>+ </li>+ </ul>+ <p class="lead">Ordered List</p>+ <ol>+ <li>Item</li>+ <li>Item</li>+ <li>Item<br />+ <ul> <li>Item</li> <li>Item</li> <li>Item<br /> <ul> <li>Item</li> <li>Item</li>- <li>Item<br />- <ul>- <li>Item</li>- <li>Item</li>- <li>Item</li>- </ul>- </li>+ <li>Item</li> </ul> </li>- </ol>- <input type="hidden" name="task" value="" />- <?php echo JHtml::_('form.token'); ?>- </fieldset>- </form>- </div>- <?php endif; ?>+ </ul>+ </li>+ </ol>+ <input type="hidden" name="task" value="" />+ <?php echo JHtml::_('form.token'); ?>+ </fieldset>+ </form> </div>- </div>- <?php echo JHtml::_('bootstrap.endTab'); ?>+ <?php endif; ?>+ </div>+</div>+<?php echo JHtml::_('bootstrap.endTab'); ?> - <?php echo JHtml::_('bootstrap.addTab', 'myTab', 'overrides', JText::_('COM_TEMPLATES_TAB_OVERRIDES', true)); ?>- <div class="row-fluid">- <div class="span4">- <legend><?php echo JText::_('COM_TEMPLATES_OVERRIDES_MODULES');?></legend>- <ul class="nav nav-list">- <?php $token = JSession::getFormToken() . '=' . 1; ?>- <?php foreach($this->overridesList['modules'] as $module): ?>- <li>- <?php- $overrideLinkUrl = 'index.php?option=com_templates&view=template&task=template.overrides&folder=' . $module->path- . '&id=' . $input->getInt('id') . '&file=' . $this->file . '&' . $token;- ?>- <a href="<?php echo JRoute::_($overrideLinkUrl); ?>">- <span class="icon-copy"></span> <?php echo $module->name; ?>- </a>- </li>- <?php endforeach; ?>- </ul>- </div>- <div class="span4">- <legend><?php echo JText::_('COM_TEMPLATES_OVERRIDES_COMPONENTS');?></legend>- <ul class="nav nav-list">- <?php $token = JSession::getFormToken() . '=' . 1; ?>- <?php foreach ($this->overridesList['components'] as $key => $value): ?>- <li class="component-folder">- <a href="#" class="component-folder-url">- <span class="icon-folder"></span> <?php echo $key; ?>- </a>- <ul class="nav nav-list">- <?php foreach ($value as $view): ?>- <li>- <?php- $overrideLinkUrl = 'index.php?option=com_templates&view=template&task=template.overrides&folder=' . $view->path- . '&id=' . $input->getInt('id') . '&file=' . $this->file . '&' . $token;- ?>- <a class="component-file-url" href="<?php echo JRoute::_($overrideLinkUrl); ?>">- <span class="icon-copy"></span> <?php echo $view->name; ?>- </a>- </li>- <?php endforeach; ?>- </ul>- </li>- <?php endforeach; ?>- </ul>- </div>- <div class="span4">- <legend><?php echo JText::_('COM_TEMPLATES_OVERRIDES_LAYOUTS');?></legend>- <ul class="nav nav-list">- <?php $token = JSession::getFormToken() . '=' . 1; ?>- <?php foreach($this->overridesList['layouts'] as $layout): ?>- <li>- <?php- $overrideLinkUrl = 'index.php?option=com_templates&view=template&task=template.overrides&folder=' . $layout->path- . '&id=' . $input->getInt('id') . '&file=' . $this->file . '&' . $token;- ?>- <a href="<?php echo JRoute::_($overrideLinkUrl); ?>">- <span class="icon-copy"></span> <?php echo $layout->name; ?>- </a>- </li>- <?php endforeach; ?>- </ul>- </div>- </div>- <?php echo JHtml::_('bootstrap.endTab'); ?>+<?php echo JHtml::_('bootstrap.addTab', 'myTab', 'overrides', JText::_('COM_TEMPLATES_TAB_OVERRIDES', true)); ?>+<div class="row-fluid">+ <div class="span4">+ <legend><?php echo JText::_('COM_TEMPLATES_OVERRIDES_MODULES');?></legend>+ <ul class="nav nav-list">+ <?php $token = JSession::getFormToken() . '=' . 1; ?>+ <?php foreach($this->overridesList['modules'] as $module): ?>+ <li>+ <?php+ $overrideLinkUrl = 'index.php?option=com_templates&view=template&task=template.overrides&folder=' . $module->path+ . '&id=' . $input->getInt('id') . '&file=' . $this->file . '&' . $token;+ ?>+ <a href="<?php echo JRoute::_($overrideLinkUrl); ?>">+ <span class="icon-copy"></span> <?php echo $module->name; ?>+ </a>+ </li>+ <?php endforeach; ?>+ </ul>+ </div>+ <div class="span4">+ <legend><?php echo JText::_('COM_TEMPLATES_OVERRIDES_COMPONENTS');?></legend>+ <ul class="nav nav-list">+ <?php $token = JSession::getFormToken() . '=' . 1; ?>+ <?php foreach ($this->overridesList['components'] as $key => $value): ?>+ <li class="component-folder">+ <a href="#" class="component-folder-url">+ <span class="icon-folder"></span> <?php echo $key; ?>+ </a>+ <ul class="nav nav-list">+ <?php foreach ($value as $view): ?>+ <li>+ <?php+ $overrideLinkUrl = 'index.php?option=com_templates&view=template&task=template.overrides&folder=' . $view->path+ . '&id=' . $input->getInt('id') . '&file=' . $this->file . '&' . $token;+ ?>+ <a class="component-file-url" href="<?php echo JRoute::_($overrideLinkUrl); ?>">+ <span class="icon-copy"></span> <?php echo $view->name; ?>+ </a>+ </li>+ <?php endforeach; ?>+ </ul>+ </li>+ <?php endforeach; ?>+ </ul>+ </div>+ <div class="span4">+ <legend><?php echo JText::_('COM_TEMPLATES_OVERRIDES_LAYOUTS');?></legend>+ <ul class="nav nav-list">+ <?php $token = JSession::getFormToken() . '=' . 1; ?>+ <?php foreach($this->overridesList['layouts'] as $layout): ?>+ <li>+ <?php+ $overrideLinkUrl = 'index.php?option=com_templates&view=template&task=template.overrides&folder=' . $layout->path+ . '&id=' . $input->getInt('id') . '&file=' . $this->file . '&' . $token;+ ?>+ <a href="<?php echo JRoute::_($overrideLinkUrl); ?>">+ <span class="icon-copy"></span> <?php echo $layout->name; ?>+ </a>+ </li>+ <?php endforeach; ?>+ </ul>+ </div>+</div>+<?php echo JHtml::_('bootstrap.endTab'); ?> - <?php echo JHtml::_('bootstrap.addTab', 'myTab', 'description', JText::_('COM_TEMPLATES_TAB_DESCRIPTION', true)); ?>- <?php echo $this->loadTemplate('description');?>- <?php echo JHtml::_('bootstrap.endTab'); ?>+<?php echo JHtml::_('bootstrap.addTab', 'myTab', 'description', JText::_('COM_TEMPLATES_TAB_DESCRIPTION', true)); ?>+<?php echo $this->loadTemplate('description');?>+<?php echo JHtml::_('bootstrap.endTab'); ?> <?php echo JHtml::_('bootstrap.endTabSet'); ?> <form action="<?php echo JRoute::_('index.php?option=com_templates&task=template.copy&id=' . $input->getInt('id') . '&file=' . $this->file); ?>"- method="post" name="adminForm" id="adminForm">+ method="post" name="adminForm" id="adminForm"> <div id="collapseModal" class="modal hide fade"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>@@ -427,14 +427,15 @@ <p><?php echo JText::sprintf('COM_TEMPLATES_MODAL_FILE_DELETE', $this->fileName); ?></p> </div> <div class="modal-footer">- <a href="#" class="btn" data-dismiss="modal"><?php echo JText::_('COM_TEMPLATES_TEMPLATE_CLOSE'); ?></a>- <?php- $token = JSession::getFormToken() . '=1';- $deleteLinkUrl = 'index.php?option=com_templates&task=template.delete'- . '&id=' . $input->getInt('id') . '&file=' . $this->file . '&' . $token;- $deleteLink = JRoute::_($deleteLinkUrl);- ?>- <a href="<?php echo $deleteLink; ?>" class="btn btn-danger"><?php echo JText::_('COM_TEMPLATES_BUTTON_DELETE');?></a>+ <form method="post" action="">+ <input type="hidden" name="option" value="com_templates" />+ <input type="hidden" name="task" value="template.delete" />+ <input type="hidden" name="id" value="<? echo $input->getInt('id'); ?>" />+ <input type="hidden" name="file" value="<? echo $this->file; ?>" />+ <?php echo JHtml::_( 'form.token' ); ?>+ <a href="#" class="btn" data-dismiss="modal"><?php echo JText::_('COM_TEMPLATES_TEMPLATE_CLOSE'); ?></a>+ <button type="submit" class="btn btn-danger"><?php echo JText::_('COM_TEMPLATES_BUTTON_DELETE');?></button>+ </form> </div> </div> <?php endif; ?>@@ -450,7 +451,7 @@ </div> <div class="column"> <form method="post" action="<?php echo JRoute::_('index.php?option=com_templates&task=template.createFile&id=' . $input->getInt('id') . '&file=' . $this->file); ?>"- class="well" >+ class="well" > <fieldset> <label><?php echo JText::_('COM_TEMPLATES_NEW_FILE_TYPE');?></label> <select name="type" required >@@ -471,7 +472,7 @@ </fieldset> </form> <form method="post" action="<?php echo JRoute::_('index.php?option=com_templates&task=template.uploadFile&id=' . $input->getInt('id') . '&file=' . $this->file); ?>"- class="well" enctype="multipart/form-data" >+ class="well" enctype="multipart/form-data" > <fieldset> <input type="hidden" class="address" name="address" /> <input type="file" name="files" required />diff -ur joomla-cms-3.4.5/administrator/manifests/files/joomla.xml joomla-cms-3.4.6/administrator/manifests/files/joomla.xml--- joomla-cms-3.4.5/administrator/manifests/files/joomla.xml 2015-10-21 23:48:15.000000000 +0200+++ joomla-cms-3.4.6/administrator/manifests/files/joomla.xml 2015-12-14 14:42:11.000000000 +0100@@ -6,8 +6,8 @@ <authorUrl>www.joomla.org</authorUrl> <copyright>(C) 2005 - 2015 Open Source Matters. All rights reserved</copyright> <license>GNU General Public License version 2 or later; see LICENSE.txt</license>- <version>3.4.5</version>- <creationDate>October 2015</creationDate>+ <version>3.4.6</version>+ <creationDate>December 2015</creationDate> <description>FILES_JOOMLA_XML_DESCRIPTION</description> <scriptfile>administrator/components/com_admin/script.php</scriptfile>diff -ur joomla-cms-3.4.5/administrator/templates/hathor/html/com_templates/template/default.php joomla-cms-3.4.6/administrator/templates/hathor/html/com_templates/template/default.php--- joomla-cms-3.4.5/administrator/templates/hathor/html/com_templates/template/default.php 2015-10-21 23:48:15.000000000 +0200+++ joomla-cms-3.4.6/administrator/templates/hathor/html/com_templates/template/default.php 2015-12-14 14:42:11.000000000 +0100@@ -116,7 +116,7 @@ if($this->type == 'font') { JFactory::getDocument()->addStyleDeclaration(- "/* Styles for font preview */+ "/* Styles for font preview */ @font-face { font-family: previewFont;@@ -141,8 +141,15 @@ <p><?php echo JText::sprintf('COM_TEMPLATES_MODAL_FILE_DELETE', $this->fileName); ?></p> </div> <div class="modal-footer">- <a href="#" data-dismiss="modal"><?php echo JText::_('COM_TEMPLATES_TEMPLATE_CLOSE'); ?></a>- <a href="<?php echo JRoute::_('index.php?option=com_templates&task=template.delete&id=' . $input->getInt('id') . '&file=' . $this->file); ?>"><?php echo JText::_('COM_TEMPLATES_BUTTON_DELETE');?></a>+ <form method="post" action="">+ <input type="hidden" name="option" value="com_templates" />+ <input type="hidden" name="task" value="template.delete" />+ <input type="hidden" name="id" value="<? echo $input->getInt('id'); ?>" />+ <input type="hidden" name="file" value="<? echo $this->file; ?>" />+ <?php echo JHtml::_( 'form.token' ); ?>+ <a href="#" class="btn" data-dismiss="modal"><?php echo JText::_('COM_TEMPLATES_TEMPLATE_CLOSE'); ?></a>+ <button type="submit"><?php echo JText::_('COM_TEMPLATES_BUTTON_DELETE');?></button>+ </form> </div> </fieldset> </div>@@ -427,72 +434,72 @@ </fieldset> <?php echo JHtml::_('sliders.start', 'content-sliders', array('useCookie' => 1)); ?>- <?php echo JHtml::_('sliders.panel', JText::_('COM_TEMPLATES_TEMPLATE_COPY'), 'template-copy'); ?>- <form action="<?php echo JRoute::_('index.php?option=com_templates&task=template.copy&id=' . $input->getInt('id') . '&file=' . $this->file); ?>"- method="post" name="adminForm" id="adminForm">- <fieldset class="panelform">- <label id="new_name" class="hasTooltip" title="<?php echo JHtml::tooltipText('COM_TEMPLATES_TEMPLATE_NEW_NAME_DESC'); ?>"><?php echo JText::_('COM_TEMPLATES_TEMPLATE_NEW_NAME_LABEL')?></label>- <input type="text" id="new_name" name="new_name" />- <button type="submit"><?php echo JText::_('COM_TEMPLATES_TEMPLATE_COPY'); ?></button>- </fieldset>- <?php echo JHtml::_('form.token'); ?>- </form>- <?php if ($this->type != 'home'): ?>- <?php echo JHtml::_('sliders.panel', JText::_('COM_TEMPLATES_BUTTON_RENAME'), 'file-rename'); ?>- <form action="<?php echo JRoute::_('index.php?option=com_templates&task=template.renameFile&id=' . $input->getInt('id') . '&file=' . $this->file); ?>"- method="post" name="adminForm" id="adminForm">- <fieldset class="panelform">- <label id="new_name" class="hasTooltip" title="<?php echo JHtml::tooltipText(JText::_('COM_TEMPLATES_NEW_FILE_NAME')); ?>"><?php echo JText::_('COM_TEMPLATES_NEW_FILE_NAME')?></label>- <input type="text" name="new_name" />- <button type="submit"><?php echo JText::_('COM_TEMPLATES_BUTTON_RENAME'); ?></button>- </fieldset>- <?php echo JHtml::_('form.token'); ?>- </form>- <?php endif; ?>- <?php echo JHtml::_('sliders.panel', JText::_('COM_TEMPLATES_OVERRIDES_MODULES'), 'override-module'); ?>+ <?php echo JHtml::_('sliders.panel', JText::_('COM_TEMPLATES_TEMPLATE_COPY'), 'template-copy'); ?>+ <form action="<?php echo JRoute::_('index.php?option=com_templates&task=template.copy&id=' . $input->getInt('id') . '&file=' . $this->file); ?>"+ method="post" name="adminForm" id="adminForm"> <fieldset class="panelform">- <ul class="adminformlist">- <?php foreach($this->overridesList['modules'] as $module): ?>- <li>- <a href="<?php echo JRoute::_('index.php?option=com_templates&view=template&task=template.overrides&folder=' . $module->path . '&id=' . $input->getInt('id') . '&file=' . $this->file); ?>">- <span class="icon-copy"></span> <?php echo $module->name; ?>- </a>- </li>- <?php endforeach; ?>- </ul>+ <label id="new_name" class="hasTooltip" title="<?php echo JHtml::tooltipText('COM_TEMPLATES_TEMPLATE_NEW_NAME_DESC'); ?>"><?php echo JText::_('COM_TEMPLATES_TEMPLATE_NEW_NAME_LABEL')?></label>+ <input type="text" id="new_name" name="new_name" />+ <button type="submit"><?php echo JText::_('COM_TEMPLATES_TEMPLATE_COPY'); ?></button> </fieldset>+ <?php echo JHtml::_('form.token'); ?>+ </form>+ <?php if ($this->type != 'home'): ?>+ <?php echo JHtml::_('sliders.panel', JText::_('COM_TEMPLATES_BUTTON_RENAME'), 'file-rename'); ?>+ <form action="<?php echo JRoute::_('index.php?option=com_templates&task=template.renameFile&id=' . $input->getInt('id') . '&file=' . $this->file); ?>"+ method="post" name="adminForm" id="adminForm">+ <fieldset class="panelform">+ <label id="new_name" class="hasTooltip" title="<?php echo JHtml::tooltipText(JText::_('COM_TEMPLATES_NEW_FILE_NAME')); ?>"><?php echo JText::_('COM_TEMPLATES_NEW_FILE_NAME')?></label>+ <input type="text" name="new_name" />+ <button type="submit"><?php echo JText::_('COM_TEMPLATES_BUTTON_RENAME'); ?></button>+ </fieldset>+ <?php echo JHtml::_('form.token'); ?>+ </form>+ <?php endif; ?>+ <?php echo JHtml::_('sliders.panel', JText::_('COM_TEMPLATES_OVERRIDES_MODULES'), 'override-module'); ?>+ <fieldset class="panelform">+ <ul class="adminformlist">+ <?php foreach($this->overridesList['modules'] as $module): ?>+ <li>+ <a href="<?php echo JRoute::_('index.php?option=com_templates&view=template&task=template.overrides&folder=' . $module->path . '&id=' . $input->getInt('id') . '&file=' . $this->file); ?>">+ <span class="icon-copy"></span> <?php echo $module->name; ?>+ </a>+ </li>+ <?php endforeach; ?>+ </ul>+ </fieldset> <?php echo JHtml::_('sliders.panel', JText::_('COM_TEMPLATES_OVERRIDES_COMPONENTS'), 'override-component'); ?>- <fieldset class="panelform">- <ul class="adminformlist">- <?php foreach ($this->overridesList['components'] as $key => $value): ?>- <li class="component-folder">- <a href="#" class="component-folder-url">- <span class="icon-folder"></span> <?php echo $key; ?>- </a>- <ul class="adminformList">- <?php foreach ($value as $view): ?>- <li>- <a class="component-file-url" href="<?php echo JRoute::_('index.php?option=com_templates&view=template&task=template.overrides&folder=' . $view->path . '&id=' . $input->getInt('id') . '&file=' . $this->file); ?>">- <span class="icon-copy"></span> <?php echo $view->name; ?>- </a>- </li>- <?php endforeach; ?>- </ul>- </li>- <?php endforeach; ?>- </ul>- </fieldset>+ <fieldset class="panelform">+ <ul class="adminformlist">+ <?php foreach ($this->overridesList['components'] as $key => $value): ?>+ <li class="component-folder">+ <a href="#" class="component-folder-url">+ <span class="icon-folder"></span> <?php echo $key; ?>+ </a>+ <ul class="adminformList">+ <?php foreach ($value as $view): ?>+ <li>+ <a class="component-file-url" href="<?php echo JRoute::_('index.php?option=com_templates&view=template&task=template.overrides&folder=' . $view->path . '&id=' . $input->getInt('id') . '&file=' . $this->file); ?>">+ <span class="icon-copy"></span> <?php echo $view->name; ?>+ </a>+ </li>+ <?php endforeach; ?>+ </ul>+ </li>+ <?php endforeach; ?>+ </ul>+ </fieldset> <?php echo JHtml::_('sliders.panel', JText::_('COM_TEMPLATES_OVERRIDES_LAYOUTS'), 'override-layout'); ?>- <fieldset class="panelform">- <ul class="adminformlist">- <?php foreach($this->overridesList['layouts'] as $layout): ?>- <li>- <a href="<?php echo JRoute::_('index.php?option=com_templates&view=template&task=template.overrides&folder=' . $layout->path . '&id=' . $input->getInt('id') . '&file=' . $this->file); ?>">- <span class="icon-copy"></span> <?php echo $layout->name; ?>- </a>- </li>- <?php endforeach; ?>- </ul>- </fieldset>+ <fieldset class="panelform">+ <ul class="adminformlist">+ <?php foreach($this->overridesList['layouts'] as $layout): ?>+ <li>+ <a href="<?php echo JRoute::_('index.php?option=com_templates&view=template&task=template.overrides&folder=' . $layout->path . '&id=' . $input->getInt('id') . '&file=' . $this->file); ?>">+ <span class="icon-copy"></span> <?php echo $layout->name; ?>+ </a>+ </li>+ <?php endforeach; ?>+ </ul>+ </fieldset> <?php echo JHtml::_('sliders.end'); ?> </div>diff -ur joomla-cms-3.4.5/components/com_users/models/reset.php joomla-cms-3.4.6/components/com_users/models/reset.php--- joomla-cms-3.4.5/components/com_users/models/reset.php 2015-10-21 23:48:15.000000000 +0200+++ joomla-cms-3.4.6/components/com_users/models/reset.php 2015-12-14 14:42:11.000000000 +0100@@ -299,21 +299,15 @@ return false; } - $parts = explode(':', $user->activation);- $crypt = $parts[0];-- if (!isset($parts[1]))+ if (!$user->activation) { $this->setError(JText::_('COM_USERS_USER_NOT_FOUND')); return false; } - $salt = $parts[1];- $testcrypt = JUserHelper::getCryptedPassword($data['token'], $salt, 'md5-hex');- // Verify the token- if (!($crypt == $testcrypt))+ if (!(JUserHelper::verifyPassword($data['token'], $user->activation))) { $this->setError(JText::_('COM_USERS_USER_NOT_FOUND')); @@ -330,7 +324,7 @@ // Push the user data into the session. $app = JFactory::getApplication();- $app->setUserState('com_users.reset.token', $crypt . ':' . $salt);+ $app->setUserState('com_users.reset.token', $user->activation); $app->setUserState('com_users.reset.user', $user->id); return true;@@ -441,8 +435,8 @@ // Set the confirmation token. $token = JApplicationHelper::getHash(JUserHelper::genRandomPassword());- $salt = JUserHelper::getSalt('crypt-md5');- $hashedToken = md5($token . $salt) . ':' . $salt;+ $hashedToken = JUserHelper::hashPassword($token);+ $user->activation = $hashedToken; // Save the user to the database.diff -ur joomla-cms-3.4.5/libraries/cms/installer/installer.php joomla-cms-3.4.6/libraries/cms/installer/installer.php--- joomla-cms-3.4.5/libraries/cms/installer/installer.php 2015-10-21 23:48:15.000000000 +0200+++ joomla-cms-3.4.6/libraries/cms/installer/installer.php 2015-12-14 14:42:11.000000000 +0100@@ -2206,6 +2206,7 @@ /** * Fetches an adapter and adds it to the internal storage if an instance is not set+ * while also ensuring its a valid adapter name * * @param string $name Name of adapter to return * @param array $options Adapter options@@ -2218,17 +2219,14 @@ */ public function getAdapter($name, $options = array()) {- $adapter = $this->loadAdapter($name, $options);+ $this->getAdapters($options); - if (!array_key_exists($name, $this->_adapters))+ if (!$this->setAdapter($name, $this->_adapters[$name])) {- if (!$this->setAdapter($name, $adapter))- {- return false;- }+ return false; } - return $adapter;+ return $this->_adapters[$name]; } /**diff -ur joomla-cms-3.4.5/libraries/cms/version/version.php joomla-cms-3.4.6/libraries/cms/version/version.php--- joomla-cms-3.4.5/libraries/cms/version/version.php 2015-10-21 23:48:15.000000000 +0200+++ joomla-cms-3.4.6/libraries/cms/version/version.php 2015-12-14 14:42:11.000000000 +0100@@ -23,7 +23,7 @@ public $RELEASE = '3.4'; /** @var string Maintenance version. */- public $DEV_LEVEL = '5';+ public $DEV_LEVEL = '6'; /** @var string Development STATUS. */ public $DEV_STATUS = 'Stable';@@ -35,10 +35,10 @@ public $CODENAME = 'Ember'; /** @var string Release date. */- public $RELDATE = '22-October-2015';+ public $RELDATE = '15-December-2015'; /** @var string Release time. */- public $RELTIME = '21:30';+ public $RELTIME = '11:11'; /** @var string Release timezone. */ public $RELTZ = 'GMT';diff -ur joomla-cms-3.4.5/libraries/joomla/session/session.php joomla-cms-3.4.6/libraries/joomla/session/session.php--- joomla-cms-3.4.5/libraries/joomla/session/session.php 2015-10-21 23:48:15.000000000 +0200+++ joomla-cms-3.4.6/libraries/joomla/session/session.php 2015-12-14 14:42:11.000000000 +0100@@ -6,9 +6,7 @@ * @copyright Copyright (C) 2005 - 2015 Open Source Matters, Inc. All rights reserved. * @license GNU General Public License version 2 or later; see LICENSE */- defined('JPATH_PLATFORM') or die;- /** * Class for managing HTTP sessions *@@ -30,7 +28,6 @@ * @since 11.1 */ protected $_state = 'inactive';- /** * Maximum age of unused session in minutes *@@ -38,7 +35,6 @@ * @since 11.1 */ protected $_expire = 15;- /** * The session store object. *@@ -46,7 +42,6 @@ * @since 11.1 */ protected $_store = null;- /** * Security policy. * List of checks that will be done.@@ -59,7 +54,6 @@ * @since 11.1 */ protected $_security = array('fix_browser');- /** * Force cookies to be SSL only * Default false@@ -68,7 +62,6 @@ * @since 11.1 */ protected $_force_ssl = false;- /** * JSession instances container. *@@ -76,7 +69,6 @@ * @since 11.3 */ protected static $instance;- /** * The type of storage for the session. *@@ -84,7 +76,6 @@ * @since 12.2 */ protected $storeName;- /** * Holds the JInput object *@@ -92,7 +83,6 @@ * @since 12.2 */ private $_input = null;- /** * Holds the event dispatcher object *@@ -100,7 +90,6 @@ * @since 12.2 */ private $_dispatcher = null;- /** * Constructor *@@ -117,26 +106,18 @@ session_unset(); session_destroy(); }- // Disable transparent sid support ini_set('session.use_trans_sid', '0');- // Only allow the session ID to come from cookies and nothing else. ini_set('session.use_only_cookies', '1');- // Create handler $this->_store = JSessionStorage::getInstance($store, $options);- $this->storeName = $store;- // Set options $this->_setOptions($options);- $this->_setCookieParams();- $this->_state = 'inactive'; }- /** * Magic method to get read-only access to properties. *@@ -152,15 +133,12 @@ { return $this->$name; }- if ($name === 'state' || $name === 'expire') { $property = '_' . $name;- return $this->$property; } }- /** * Returns the global Session object, only creating it * if it doesn't already exist.@@ -178,10 +156,8 @@ { self::$instance = new JSession($handler, $options); }- return self::$instance; }- /** * Get current state of session *@@ -193,7 +169,6 @@ { return $this->_state; }- /** * Get expiration time in minutes *@@ -205,7 +180,6 @@ { return $this->_expire; }- /** * Get a session token, if a token isn't set yet one will be generated. *@@ -222,17 +196,14 @@ public function getToken($forceNew = false) { $token = $this->get('session.token');- // Create a token if ($token === null || $forceNew) { $token = $this->_createToken(12); $this->set('session.token', $token); }- return $token; }- /** * Method to determine if a token exists in the session. If not the * session will be set to expired@@ -248,7 +219,6 @@ { // Check if a token exists in the session $tStored = $this->get('session.token');- // Check token if (($tStored !== $tCheck)) {@@ -256,13 +226,10 @@ { $this->_state = 'expired'; }- return false; }- return true; }- /** * Method to determine a hash for anti-spoofing variable names *@@ -276,7 +243,6 @@ { $user = JFactory::getUser(); $session = JFactory::getSession();- // TODO: Decouple from legacy JApplication class. if (is_callable(array('JApplication', 'getHash'))) {@@ -286,10 +252,8 @@ { $hash = md5(JFactory::getApplication()->get('secret') . $user->get('id', 0) . $session->getToken($forceNew)); }- return $hash; }- /** * Retrieve an external iterator. *@@ -301,7 +265,6 @@ { return new ArrayIterator($_SESSION); }- /** * Checks for a form token in the request. *@@ -317,11 +280,9 @@ { $token = self::getFormToken(); $app = JFactory::getApplication();- if (!$app->input->$method->get($token, '', 'alnum')) { $session = JFactory::getSession();- if ($session->isNew()) { // Redirect to login screen.@@ -338,7 +299,6 @@ return true; } }- /** * Get session name *@@ -353,10 +313,8 @@ // @TODO : raise error return null; }- return session_name(); }- /** * Get session id *@@ -371,10 +329,8 @@ // @TODO : raise error return null; }- return session_id(); }- /** * Get the session handlers *@@ -385,30 +341,24 @@ public static function getStores() { $connectors = array();- // Get an iterator and loop trough the driver classes. $iterator = new DirectoryIterator(__DIR__ . '/storage');- /* @type $file DirectoryIterator */ foreach ($iterator as $file) { $fileName = $file->getFilename();- // Only load for php files. if (!$file->isFile() || $file->getExtension() != 'php') { continue; }- // Derive the class name from the type. $class = str_ireplace('.php', '', 'JSessionStorage' . ucfirst(trim($fileName)));- // If the class doesn't exist we have nothing left to do but look at the next type. We did our best. if (!class_exists($class)) { continue; }- // Sweet! Our class exists, so now we just need to know if it passes its test method. if ($class::isSupported()) {@@ -416,10 +366,8 @@ $connectors[] = str_ireplace('.php', '', $fileName); } }- return $connectors; }- /** * Shorthand to check if the session is active *@@ -431,7 +379,6 @@ { return (bool) ($this->_state == 'active'); }- /** * Check whether this session is currently created *@@ -442,10 +389,8 @@ public function isNew() { $counter = $this->get('session.counter');- return (bool) ($counter === 1); }- /** * Check whether this session is currently created *@@ -461,7 +406,6 @@ $this->_input = $input; $this->_dispatcher = $dispatcher; }- /** * Get data from the session store *@@ -477,23 +421,18 @@ { // Add prefix to namespace to avoid collisions $namespace = '__' . $namespace;- if ($this->_state === 'destroyed') { // @TODO :: generated error here $error = null;- return $error; }- if (isset($_SESSION[$namespace][$name])) { return $_SESSION[$namespace][$name]; }- return $default; }- /** * Set data into the session store. *@@ -509,15 +448,12 @@ { // Add prefix to namespace to avoid collisions $namespace = '__' . $namespace;- if ($this->_state !== 'active') { // @TODO :: generated error here return null; }- $old = isset($_SESSION[$namespace][$name]) ? $_SESSION[$namespace][$name] : null;- if (null === $value) { unset($_SESSION[$namespace][$name]);@@ -526,10 +462,8 @@ { $_SESSION[$namespace][$name] = $value; }- return $old; }- /** * Check whether data exists in the session store *@@ -544,16 +478,13 @@ { // Add prefix to namespace to avoid collisions. $namespace = '__' . $namespace;- if ($this->_state !== 'active') { // @TODO :: generated error here return null; }- return isset($_SESSION[$namespace][$name]); }- /** * Unset data from the session store *@@ -568,24 +499,19 @@ { // Add prefix to namespace to avoid collisions $namespace = '__' . $namespace;- if ($this->_state !== 'active') { // @TODO :: generated error here return null; }- $value = null;- if (isset($_SESSION[$namespace][$name])) { $value = $_SESSION[$namespace][$name]; unset($_SESSION[$namespace][$name]); }- return $value; }- /** * Start a session. *@@ -599,24 +525,18 @@ { return; }- $this->_start();- $this->_state = 'active';- // Initialise the session $this->_setCounter(); $this->_setTimers();- // Perform security checks $this->_validate();- if ($this->_dispatcher instanceof JEventDispatcher) { $this->_dispatcher->trigger('onAfterSessionStart'); } }- /** * Start a session. *@@ -636,14 +556,11 @@ else { $session_name = session_name();- // Get the JInputCookie object $cookie = $this->_input->cookie;- if (is_null($cookie->get($session_name))) { $session_clean = $this->_input->get($session_name, false, 'string');- if ($session_clean) { session_id($session_clean);@@ -651,7 +568,6 @@ } } }- /** * Write and Close handlers are called after destructing objects since PHP 5.0.5. * Thus destructors can use sessions but session handler can't use objects.@@ -660,13 +576,10 @@ * Replace with session_register_shutdown() when dropping compatibility with PHP 5.3 */ register_shutdown_function('session_write_close');- session_cache_limiter('none'); session_start();- return true; }- /** * Frees all session variables and destroys all data registered to a session *@@ -687,7 +600,6 @@ { return true; }- /* * In order to kill the session altogether, such as to log the user out, the session id * must also be unset. If a cookie is used to propagate the session id (default behavior),@@ -700,15 +612,11 @@ $cookie_path = $config->get('cookie_path', '/'); setcookie(session_name(), '', time() - 42000, $cookie_path, $cookie_domain); }- session_unset(); session_destroy();- $this->_state = 'destroyed';- return true; }- /** * Restart an expired or locked session. *@@ -720,29 +628,22 @@ public function restart() { $this->destroy();- if ($this->_state !== 'destroyed') { // @TODO :: generated error here return false; }- // Re-register the session handler after a session has been destroyed, to avoid PHP bug $this->_store->register();- $this->_state = 'restart';- // Regenerate session id session_regenerate_id(true); $this->_start(); $this->_state = 'active';- $this->_validate(); $this->_setCounter();- return true; }- /** * Create a new session and copy variables from the old one *@@ -757,26 +658,19 @@ // @TODO :: generated error here return false; }- // Keep session config $cookie = session_get_cookie_params();- // Kill session session_destroy();- // Re-register the session store after a session has been destroyed, to avoid PHP bug $this->_store->register();- // Restore config session_set_cookie_params($cookie['lifetime'], $cookie['path'], $cookie['domain'], $cookie['secure'], true);- // Restart session with new id session_regenerate_id(true); session_start();- return true; }- /** * Writes session data and ends session *@@ -797,7 +691,6 @@ { session_write_close(); }- /** * Set session cookie parameters *@@ -808,27 +701,21 @@ protected function _setCookieParams() { $cookie = session_get_cookie_params();- if ($this->_force_ssl) { $cookie['secure'] = true; }- $config = JFactory::getConfig();- if ($config->get('cookie_domain', '') != '') { $cookie['domain'] = $config->get('cookie_domain'); }- if ($config->get('cookie_path', '') != '') { $cookie['path'] = $config->get('cookie_path'); }- session_set_cookie_params($cookie['lifetime'], $cookie['path'], $cookie['domain'], $cookie['secure'], true); }- /** * Create a token-string *@@ -844,15 +731,12 @@ $max = strlen($chars) - 1; $token = ''; $name = session_name();- for ($i = 0; $i < $length; ++$i) { $token .= $chars[(rand(0, $max))]; }- return md5($token . $name); }- /** * Set counter of session usage *@@ -864,12 +748,9 @@ { $counter = $this->get('session.counter', 0); ++$counter;- $this->set('session.counter', $counter);- return true; }- /** * Set the session timers *@@ -882,18 +763,14 @@ if (!$this->has('session.timer.start')) { $start = time();- $this->set('session.timer.start', $start); $this->set('session.timer.last', $start); $this->set('session.timer.now', $start); }- $this->set('session.timer.last', $this->get('session.timer.now')); $this->set('session.timer.now', time());- return true; }- /** * Set additional session options *@@ -910,36 +787,29 @@ { session_name(md5($options['name'])); }- // Set id if (isset($options['id'])) { session_id($options['id']); }- // Set expire time if (isset($options['expire'])) { $this->_expire = $options['expire']; }- // Get security options if (isset($options['security'])) { $this->_security = explode(',', $options['security']); }- if (isset($options['force_ssl'])) { $this->_force_ssl = (bool) $options['force_ssl']; }- // Sync the session maxlifetime ini_set('session.gc_maxlifetime', $this->_expire);- return true; }- /** * Do some checks for security reason *@@ -962,39 +832,29 @@ if ($restart) { $this->_state = 'active';- $this->set('session.client.address', null); $this->set('session.client.forwarded', null); $this->set('session.client.browser', null); $this->set('session.token', null); }- // Check if session has expired if ($this->_expire) { $curTime = $this->get('session.timer.now', 0); $maxTime = $this->get('session.timer.last', 0) + $this->_expire;- // Empty session variables if ($maxTime < $curTime) { $this->_state = 'expired';- return false; } }-- // Record proxy forwarded for in the session in case we need it later- if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))- {- $this->set('session.client.forwarded', $_SERVER['HTTP_X_FORWARDED_FOR']);- }- // Check for client address- if (in_array('fix_adress', $this->_security) && isset($_SERVER['REMOTE_ADDR']))+ if (in_array('fix_adress', $this->_security)+ && isset($_SERVER['REMOTE_ADDR'])+ && filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP) !== false) { $ip = $this->get('session.client.address');- if ($ip === null) { $this->set('session.client.address', $_SERVER['REMOTE_ADDR']);@@ -1002,27 +862,14 @@ elseif ($_SERVER['REMOTE_ADDR'] !== $ip) { $this->_state = 'error';- return false; } }-- // Check for clients browser- if (in_array('fix_browser', $this->_security) && isset($_SERVER['HTTP_USER_AGENT']))- {- $browser = $this->get('session.client.browser');-- if ($browser === null)- {- $this->set('session.client.browser', $_SERVER['HTTP_USER_AGENT']);- }- elseif ($_SERVER['HTTP_USER_AGENT'] !== $browser)- {- // @todo remove code: $this->_state = 'error';- // @todo remove code: return false;- }+ // Record proxy forwarded for in the session in case we need it later+ if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && filter_var($_SERVER['HTTP_X_FORWARDED_FOR'], FILTER_VALIDATE_IP) !== false)+ {+ $this->set('session.client.forwarded', $_SERVER['HTTP_X_FORWARDED_FOR']); }- return true; }-}+}\ No newline at end of filediff -ur joomla-cms-3.4.5/libraries/joomla/uri/uri.php joomla-cms-3.4.6/libraries/joomla/uri/uri.php--- joomla-cms-3.4.5/libraries/joomla/uri/uri.php 2015-10-21 23:48:15.000000000 +0200+++ joomla-cms-3.4.6/libraries/joomla/uri/uri.php 2015-12-14 14:42:11.000000000 +0100@@ -268,12 +268,16 @@ $base = $uri->toString(array('scheme', 'host', 'port', 'path')); $host = $uri->toString(array('scheme', 'host', 'port')); - if (stripos($base, static::base()) !== 0 && !empty($host))+ // @see JURITest+ if (empty($host) && strpos($uri->path, 'index.php') === 0+ || !empty($host) && preg_match('#' . preg_quote(static::base(), '#') . '#', $base)+ || !empty($host) && $host === static::getInstance(static::base())->host && strpos($uri->path, 'index.php') !== false+ || !empty($host) && $base === $host && preg_match('#' . preg_quote($base, '#') . '#', static::base())) {- return false;+ return true; } - return true;+ return false; } /**diff -ur joomla-cms-3.4.5/tests/unit/suites/libraries/joomla/uri/JURITest.php joomla-cms-3.4.6/tests/unit/suites/libraries/joomla/uri/JURITest.php--- joomla-cms-3.4.5/tests/unit/suites/libraries/joomla/uri/JURITest.php 2015-10-21 23:48:15.000000000 +0200+++ joomla-cms-3.4.6/tests/unit/suites/libraries/joomla/uri/JURITest.php 2015-12-14 14:42:11.000000000 +0100@@ -23,28 +23,6 @@ protected $object; /**- * Sets up the fixture, for example, opens a network connection.- * This method is called before a test is executed.- *- * @return void- *- * @since 11.1- */- protected function setUp()- {- parent::setUp();-- JUri::reset();-- $_SERVER['HTTP_HOST'] = 'www.example.com:80';- $_SERVER['SCRIPT_NAME'] = '/joomla/index.php';- $_SERVER['PHP_SELF'] = '/joomla/index.php';- $_SERVER['REQUEST_URI'] = '/joomla/index.php?var=value 10';-- $this->object = new JUri;- }-- /** * Test the __toString method. * * @return void@@ -635,4 +613,256 @@ $this->equalTo(false) ); }++ /**+ * Test hardening of JUri::isInternal against non internal links+ *+ * @return void+ *+ * @covers JUri::isInternal+ */+ public function testparsewhennoschemegiven()+ {+ $this->object->parse('www.myotherexample.com');+ $this->assertFalse($this->object->isInternal('www.myotherexample.com'));+ }++ /**+ * Test hardening of JUri::isInternal against non internal links+ *+ * @return void+ *+ * @covers JUri::isInternal+ */+ public function testsefurl()+ {+ $this->object->parse('/login');+ $this->assertFalse($this->object->isInternal('/login'));+ }++ /**+ * Test hardening of JUri::isInternal against non internal links+ *+ * @return void+ *+ * @covers JUri::isInternal+ */+ public function testisInternalWithNoSchemeAndNotInternal()+ {+ $this->assertFalse(+ $this->object->isInternal('www.myotherexample.com'),+ 'www.myotherexample.com should NOT be resolved as internal'+ );+ }++ /**+ * Test hardening of JUri::isInternal against non internal links+ *+ * @return void+ *+ * @covers JUri::isInternal+ */+ public function testisInternalWithNoSchemeAndNoHostnameAndNotInternal()+ {+ $this->assertFalse(+ $this->object->isInternal('myotherexample.com'),+ 'myotherexample.com should NOT be resolved as internal'+ );+ }++ /**+ * Test hardening of JUri::isInternal against non internal links+ *+ * @return void+ *+ * @covers JUri::isInternal+ */+ public function testisInternalWithSchemeAndNotInternal()+ {+ $this->assertFalse(+ $this->object->isInternal('http://www.myotherexample.com'),+ 'http://www.myotherexample.com should NOT be resolved as internal'+ );+ }++ /**+ * Test hardening of JUri::isInternal against non internal links+ *+ * @return void+ *+ * @covers JUri::isInternal+ */+ public function testisInternalWhenInternalWithNoDomainOrScheme()+ {+ $this->assertTrue(+ $this->object->isInternal('index.php?option=com_something'),+ 'index.php?option=com_something should be internal'+ );+ }++ /**+ * Test hardening of JUri::isInternal against non internal links+ *+ * @return void+ *+ * @covers JUri::isInternal+ */+ public function testisInternalWhenInternalWithDomainAndSchemeAndPort()+ {+ $this->assertTrue(+ $this->object->isInternal(JUri::base() . 'index.php?option=com_something'),+ JUri::base() . 'index.php?option=com_something should be internal'+ );+ }++ /**+ * Test hardening of JUri::isInternal against non internal links+ *+ * @return void+ *+ * @covers JUri::isInternal+ */+ public function testisInternalWhenInternalWithDomainAndSchemeAndPortNoSubFolder()+ {+ JUri::reset();++ $_SERVER['HTTP_HOST'] = 'www.example.com:80';+ $_SERVER['SCRIPT_NAME'] = '/index.php';+ $_SERVER['PHP_SELF'] = '/index.php';+ $_SERVER['REQUEST_URI'] = '/index.php?var=value 10';++ $this->object = new JUri;++ $this->assertTrue(+ $this->object->isInternal(JUri::base() . 'index.php?option=com_something'),+ JUri::base() . 'index.php?option=com_something should be internal'+ );+ }++ /**+ * Test hardening of JUri::isInternal against non internal links+ *+ * @return void+ *+ * @covers JUri::isInternal+ */+ public function testisInternalWhenNOTInternalWithDomainAndSchemeAndPortAndIndex()+ {+ $this->assertFalse(+ $this->object->isInternal('http://www.myotherexample.com/index.php?option=com_something'),+ 'http://www.myotherexample.com/index.php?option=com_something should NOT be internal'+ );+ }++ /**+ * Test hardening of JUri::isInternal against non internal links+ *+ * @return void+ *+ * @covers JUri::isInternal+ */+ public function testisInternalWhenNOTInternalWithDomainAndNoSchemeAndPortAndIndex()+ {+ $this->assertFalse(+ $this->object->isInternal('www.myotherexample.com/index.php?option=com_something'),+ 'www.myotherexample.comindex.php?option=com_something should NOT be internal'+ );+ }++ /**+ * Test hardening of JUri::isInternal against non internal links+ *+ * @return void+ *+ * @covers JUri::isInternal+ */+ public function testisInternal3rdPartyDevs()+ {+ $this->assertFalse(+ $this->object->isInternal('/customDevScript.php'),+ '/customDevScript.php should NOT be internal'+ );+ }++ /**+ * Test hardening of JUri::isInternal against non internal links+ *+ * @return void+ *+ * @covers JUri::isInternal+ */+ public function testAppendingOfBaseToTheEndOfTheUrl()+ {+ $this->assertFalse(+ $this->object->isInternal('/customDevScript.php?www.example.com'),+ '/customDevScript.php?www.example.com should NOT be internal'+ );+ }++ /**+ * Test hardening of JUri::isInternal against non internal links+ *+ * @return void+ *+ * @covers JUri::isInternal+ */+ public function testAppendingOfBaseToTheEndOfTheUrl2()+ {+ $this->assertFalse(+ $this->object->isInternal('www.otherexample.com/www.example.com'),+ 'www.otherexample.com/www.example.com should NOT be internal'+ );+ }++ /**+ * Test hardening of JUri::isInternal against non internal links+ *+ * @return void+ *+ * @covers JUri::isInternal+ */+ public function testSchemeEmptyButHostAndPortMatch()+ {+ $this->assertTrue(+ $this->object->isInternal('www.example.com:80'),+ 'www.example.com:80 should be internal'+ );+ }++ /**+ * Test hardening of JUri::isInternal against non internal links+ *+ * @return void+ *+ * @covers JUri::isInternal+ */+ public function testPregMatch()+ {+ $this->assertFalse(+ $this->object->isInternal('wwwhexample.com'),+ 'wwwhexample.com should NOT be internal'+ );+ }++ /**+ * Sets up the fixture, for example, opens a network connection.+ * This method is called before a test is executed.+ *+ * @return void+ *+ * @since 11.1+ */+ protected function setUp()+ {+ parent::setUp();++ JUri::reset();++ $_SERVER['HTTP_HOST'] = 'www.example.com:80';+ $_SERVER['SCRIPT_NAME'] = '/joomla/index.php';+ $_SERVER['PHP_SELF'] = '/joomla/index.php';+ $_SERVER['REQUEST_URI'] = '/joomla/index.php?var=value 10';++ $this->object = new JUri;+ } }