внесены изменения: разница между 3.6.4 и 3.6.5
1.
/+//plugins/authentication/joomla/joomla.php
JUserHelper::hashPassword($credentials['password']);
2.
/+//libraries/cms/form/field/usergrouplist.php
$checkSuperUser = (int) $this->getAttribute('checksuperusergroup', 0);
$isSuperUser = JFactory::getUser()->authorise('core.admin');
if ($checkSuperUser && !$isSuperUser && JAccess::checkGroup($group->id, 'core.admin'))
{
continue;
3.
//libraries/joomla/access/access.php
return boolean|
/+/null / True if a
/-/uthorised
/+/llowed, false for an explicit deny, null for an implicit deny
4.
/+/ libraries/joomla/user/helper.php
* Check if there is a super user in the user ids.
* @param array $userIds An array of user IDs on which to operate
*
@return boolean True on success, false on failure
* @since 3.6.5
public static function checkSuperUserInUsers(array $userIds)
{
foreach ($userIds as $userId)
{
foreach (static::getUserGroups($userId) as $userGroupId)
{
if (JAccess::checkGroup($userGroupId, 'core.admin'))
{
return true;
}
}
}
return false;
5.
libraries/joomla/user/user.php
return $this->isRoot ? true :
/+/ (bool) /JAccess::check($this->id, $action, $assetname)
6.
/components/com_users/models/registration.php
/- /
foreach ($temp as $k => $v)
{
/+/
$form = $this->getForm(array(), false);
foreach ($temp as $k => $v)
{
// Only merge the field if it exists in the form.
if ($form->getField($k) !== false)
{
7.
/administrator/components/com_config/model/component.php
/+/
// Check super user group.
if (isset($data['params']) && !JFactory::getUser()->authorise('core.admin'))
{
$form = $this->getForm(array(), false);
foreach ($form->getFieldsets() as $fieldset)
{
foreach ($form->getFieldset($fieldset->name) as $field)
{
if ($field->type === 'UserGroupList' && isset($data['params'][$field->fieldname])
&& (int) $field->getAttribute('checksuperusergroup', 0) === 1
&& JAccess::checkGroup($data['params'][$field->fieldname], 'core.admin'))
{
throw new RuntimeException(JText::_('JLIB_APPLICATION_ERROR_ SAVE_NOT_PERMITTED'));
8.
/administrator/components/com_joomlaupdate/models/default.php
/-/ $basename = basename($packageURL)
/+/
;headers = get_headers($packageURL, 1);
// Follow the Location headers until the actual download URL is known
while (isset($headers['Location']))
{
$packageURL = $headers['Location'];
$headers = get_headers($packageURL, 1);
}
// Remove protocol, path and query string from URL
$basename = basename($packageURL);
if (strpos($basename, '?') !== false)
{
$basename = substr($basename, 0, strpos($basename, '?'));
}
9.
/administrator/components/com_users/models/user.php
/+/ use Joomla\Utilities\ArrayHelper;
/+/
$user_ids = ArrayHelper::toInteger($user_ids);
// Check if I am a Super Admin
$iAmSuperAdmin = JFactory::getUser()->authorise('core.admin');
// Non-super super user cannot work with super-admin user.
if (!$iAmSuperAdmin && JUserHelper::checkSuperUserInUsers($user_ids))
{
$this->setError(JText::_('COM_USERS_ERROR_CANNOT_BATCH_S UPERUSER'));
return false;
/-/JArrayHelper::toInteger($user_ids);
/-/
// Get the DB object
$db = $this->getDbo();
JArrayHelper::toInteg
/+/
JArrayHelper::toInteger($user_ids);
// Check if I am a Super Admin
$iAmSuperAdmin = JFactory::getUser()->authorise('core.admin');
// Non-super super user cannot work with super-admin user.
if (!$iAmSuperAdmin && JUserHelper::checkSuperUserInUsers($user_ids)
{
$this->setError(JText::_('COM_USERS_ERROR_CANNOT_BATCH_S UPERUSER'));
return false;
========
if ((
/-/!JFactory::getUser()->get('isRoot')
/+/$iAmSuperAdmin
/&& JAccess::checkGroup($group_id, 'core.admin')) || $group_id getDbo();
и в
/administrator/components/com_users/config.xml
добавлено
Похожие темы
Древовидный вид