Merge branch 'staging' of https://github.com/joomla/joomla-cms into s…

…taging

.travis.yml

@@ -56,7 +56,7 @@ services:
 
 before_script:
   # JavaScript tests
-  - if [[ $RUN_JAVASCRIPT_TESTS == "yes" ]]; then export DISPLAY=:99.0; bash tests/javascript/travis-tests.sh $PWD; fi
+  - if [[ $RUN_JAVASCRIPT_TESTS == "yes" ]]; then export DISPLAY=:99.0; bash build/travis/javascript-tests.sh $PWD; fi
   # Make sure all dev dependencies are installed
   - if [[ $RUN_UNIT_TESTS == "yes" ]]; then bash build/travis/unit-tests.sh $PWD; fi
 

README.md

@@ -53,7 +53,7 @@ Ready to install Joomla?
 * Check the [minimum requirements](https://www.joomla.org/about-joomla/technical-requirements.html). 
 * How do you [install Joomla](https://docs.joomla.org/J3.x:Installing_Joomla)?
 * You could start your Joomla! experience by [building your site on a local test server](https://docs.joomla.org/Installing_Joomla_locally).
-When ready, it can be moved to an on-line hosting account of your choice.
+When ready, it can be moved to an online hosting account of your choice.
 
 Updates are free!
 ---------------------

README.txt

@@ -38,7 +38,7 @@
 	* Check the minimum requirements here: https://www.joomla.org/about-joomla/technical-requirements.html
 	* How do you install Joomla - hhttps://docs.joomla.org/J3.x:Installing_Joomla
 	* You could start your Joomla! experience building your site on a local test server.
-	When ready it can be moved to an on-line hosting account of your choice.
+	When ready it can be moved to an online hosting account of your choice.
 	See the tutorial: https://docs.joomla.org/Installing_Joomla_locally
 
 9- Updates are free!

administrator/components/com_banners/banners.php

@@ -12,7 +12,7 @@
 
 if (!JFactory::getUser()->authorise('core.manage', 'com_banners'))
 {
-	return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
+	throw new JControllerExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
 }
 
 // Execute the task.

administrator/components/com_content/controllers/article.php

@@ -84,45 +84,32 @@ protected function allowEdit($data = array(), $key = 'id')
 	{
 		$recordId = (int) isset($data[$key]) ? $data[$key] : 0;
 		$user = JFactory::getUser();
-		$userId = $user->get('id');
 
-		// If we get a deny at the component level, we cannot override here.
-		if (!parent::allowEdit($data, $key))
+		// Zero record (id:0), return component edit permission by calling parent controller method
+		if (!$recordId)
 		{
-			return false;
+			return parent::allowEdit($data, $key);
 		}
 
-		// Check general edit permission first.
+		// Check edit on the record asset (explicit or inherited)
 		if ($user->authorise('core.edit', 'com_content.article.' . $recordId))
 		{
 			return true;
 		}
 
-		// Fallback on edit.own.
-		// First test if the permission is available.
+		// Check edit own on the record asset (explicit or inherited)
 		if ($user->authorise('core.edit.own', 'com_content.article.' . $recordId))
 		{
-			// Now test the owner is the user.
-			$ownerId = (int) isset($data['created_by']) ? $data['created_by'] : 0;
+			// Existing record already has an owner, get it
+			$record = $this->getModel()->getItem($recordId);
 
-			if (empty($ownerId) && $recordId)
+			if (empty($record))
 			{
-				// Need to do a lookup from the model.
-				$record = $this->getModel()->getItem($recordId);
-
-				if (empty($record))
-				{
-					return false;
-				}
-
-				$ownerId = $record->created_by;
+				return false;
 			}
 
-			// If the owner matches 'me' then permission is granted.
-			if ($ownerId == $userId)
-			{
-				return true;
-			}
+			// Grant if current user is owner of the record
+			return $user->get('id') == $record->created_by;
 		}
 
 		return false;

administrator/components/com_contenthistory/helpers/contenthistory.php

@@ -260,7 +260,7 @@ public static function loadLanguageFiles($typeAlias)
 			$lang->load($component, JPATH_ADMINISTRATOR, null, false, true)
 			|| $lang->load($component, JPath::clean(JPATH_ADMINISTRATOR . '/components/' . $component), null, false, true);
 
-			// Force loading of back-end global language file
+			// Force loading of backend global language file
 			$lang->load('joomla', JPath::clean(JPATH_ADMINISTRATOR), null, false, true);
 		}
 	}

administrator/components/com_finder/helpers/language.php

@@ -95,7 +95,7 @@ public static function loadComponentLanguage()
 	}
 
 	/**
-	 * Method to load Smart Search plug-in language files.
+	 * Method to load Smart Search plugin language files.
 	 *
 	 * @return  void
 	 *
@@ -113,7 +113,7 @@ public static function loadPluginLanguage()
 
 		$loaded = true;
 
-		// Get array of all the enabled Smart Search plug-in names.
+		// Get array of all the enabled Smart Search plugin names.
 		$db = JFactory::getDbo();
 		$query = $db->getQuery(true)
 			->select('name')
@@ -133,7 +133,7 @@ public static function loadPluginLanguage()
 		$lang = JFactory::getLanguage();
 		$lang->load('plg_content_finder', JPATH_ADMINISTRATOR);
 
-		// Load language file for each plug-in.
+		// Load language file for each plugin.
 		foreach ($plugins as $plugin)
 		{
 			$lang->load($plugin->name, JPATH_ADMINISTRATOR);

administrator/components/com_finder/models/index.php

@@ -240,9 +240,9 @@ protected function getListQuery()
 	}
 
 	/**
-	 * Method to get the state of the Smart Search plug-ins.
+	 * Method to get the state of the Smart Search Plugins.
 	 *
-	 * @return  array  Array of relevant plug-ins and whether they are enabled or not.
+	 * @return  array  Array of relevant plugins and whether they are enabled or not.
 	 *
 	 * @since   2.5
 	 */

administrator/components/com_finder/views/index/view.html.php

@@ -71,7 +71,7 @@ class FinderViewIndex extends JViewLegacy
 	 */
 	public function display($tpl = null)
 	{
-		// Load plug-in language files.
+		// Load plugin language files.
 		FinderHelperLanguage::loadPluginLanguage();
 
 		$this->items         = $this->get('Items');

administrator/components/com_finder/views/maps/view.html.php

@@ -64,7 +64,7 @@ class FinderViewMaps extends JViewLegacy
 	 */
 	public function display($tpl = null)
 	{
-		// Load plug-in language files.
+		// Load plugin language files.
 		FinderHelperLanguage::loadPluginLanguage();
 
 		// Load the view data.

administrator/components/com_installer/models/install.php

@@ -193,7 +193,7 @@ public function install()
 		}
 		else
 		{
-			// Package installed sucessfully.
+			// Package installed successfully.
 			$msg = JText::sprintf('COM_INSTALLER_INSTALL_SUCCESS', JText::_('COM_INSTALLER_TYPE_TYPE_' . strtoupper($package['type'])));
 			$result = true;
 			$msgType = 'message';

administrator/components/com_installer/models/manage.php

@@ -243,7 +243,7 @@ public function remove($eid = array())
 					continue;
 				}
 
-				// Package uninstalled sucessfully
+				// Package uninstalled successfully
 				$msgs[] = JText::sprintf('COM_INSTALLER_UNINSTALL_SUCCESS', $rowtype);
 				$result = true;
 

administrator/components/com_joomlaupdate/restore.php

@@ -6205,8 +6205,8 @@ class AKText extends AKAbstractObject
 		'RESTACLEANUP' => 'Restoration and Clean Up',
 		'BTN_RUNINSTALLER' => 'Run the Installer',
 		'BTN_CLEANUP' => 'Clean Up',
-		'BTN_SITEFE' => 'Visit your site\'s front-end',
-		'BTN_SITEBE' => 'Visit your site\'s back-end',
+		'BTN_SITEFE' => 'Visit your site\'s frontend',
+		'BTN_SITEBE' => 'Visit your site\'s backend',
 		'WARNINGS' => 'Extraction Warnings',
 		'ERROR_OCCURED' => 'An error occurred',
 		'STEALTH_MODE' => 'Stealth mode',

administrator/components/com_media/models/manager.php

@@ -106,7 +106,7 @@ public function getFolderList($base = null)
 
 		$author = $input->get('author', 0, 'integer');
 
-		// Create the drop-down folder select list
+		// Create the dropdown folder select list
 		$attribs = 'size="1" onchange="ImageManager.setFolder(this.options[this.selectedIndex].value, ' . $asset . ', ' . $author . ')" ';
 		$list = JHtml::_('select.genericlist', $options, 'folderlist', $attribs, 'value', 'text', $base);
 

administrator/components/com_menus/controllers/menu.php

@@ -63,7 +63,7 @@ public function save($key = null, $urlVar = null)
 			return false;
 		}
 
-		// Prevent using 'menu' or 'main' as menutype as this is reserved for back-end menus
+		// Prevent using 'menu' or 'main' as menutype as this is reserved for backend menus
 		if (strtolower($data['menutype']) == 'menu' || strtolower($data['menutype']) == 'main')
 		{
 			$msg = JText::_('COM_MENUS_ERROR_MENUTYPE');

administrator/components/com_newsfeeds/controllers/newsfeed.php

@@ -60,25 +60,30 @@ protected function allowAdd($data = array())
 	 */
 	protected function allowEdit($data = array(), $key = 'id')
 	{
-		$user = JFactory::getUser();
 		$recordId = (int) isset($data[$key]) ? $data[$key] : 0;
-		$categoryId = 0;
 
-		if ($recordId)
+		// Since there is no asset tracking, fallback to the component permissions.
+		if (!$recordId)
 		{
-			$categoryId = (int) $this->getModel()->getItem($recordId)->catid;
+			return parent::allowEdit($data, $key);
 		}
 
-		if ($categoryId)
-		{
-			// The category has been set. Check the category permissions.
-			return $user->authorise('core.edit', $this->option . '.category.' . $categoryId);
-		}
-		else
+		// Get the item.
+		$item = $this->getModel()->getItem($recordId);
+
+		// Since there is no item, return false.
+		if (empty($item))
 		{
-			// Since there is no asset tracking, revert to the component permissions.
-			return parent::allowEdit($data, $key);
+			return false;
 		}
+
+		$user = JFactory::getUser();
+
+		// Check if can edit own core.edit.own.
+		$canEditOwn = $user->authorise('core.edit.own', $this->option . '.category.' . (int) $item->catid) && $item->created_by == $user->id;
+
+		// Check the category core.edit permissions.
+		return $canEditOwn || $user->authorise('core.edit', $this->option . '.category.' . (int) $item->catid);
 	}
 
 	/**

administrator/components/com_newsfeeds/models/newsfeeds.php

@@ -144,46 +144,47 @@ protected function getStoreId($id = '')
 	protected function getListQuery()
 	{
 		// Create a new query object.
-		$db = $this->getDbo();
+		$db    = $this->getDbo();
 		$query = $db->getQuery(true);
-		$user = JFactory::getUser();
-		$app = JFactory::getApplication();
+		$user  = JFactory::getUser();
+		$app   = JFactory::getApplication();
 
 		// Select the required fields from the table.
 		$query->select(
 			$this->getState(
 				'list.select',
 				'a.id, a.name, a.alias, a.checked_out, a.checked_out_time, a.catid,' .
-					' a.numarticles, a.cache_time,' .
+					' a.numarticles, a.cache_time, a.created_by,' .
 					' a.published, a.access, a.ordering, a.language, a.publish_up, a.publish_down'
 			)
 		);
 		$query->from($db->quoteName('#__newsfeeds', 'a'));
 
 		// Join over the language
-		$query->select('l.title AS language_title, l.image AS language_image')
-			->join('LEFT', $db->quoteName('#__languages', 'l') . ' ON l.lang_code = a.language');
+		$query->select($db->quoteName('l.title', 'language_title'))
+			->select($db->quoteName('l.image', 'language_image'))
+			->join('LEFT', $db->quoteName('#__languages', 'l') . ' ON ' . $db->qn('l.lang_code') . ' = ' . $db->qn('a.language'));
 
 		// Join over the users for the checked out user.
-		$query->select('uc.name AS editor')
-			->join('LEFT', $db->quoteName('#__users', 'uc') . ' ON uc.id=a.checked_out');
+		$query->select($db->quoteName('uc.name', 'editor'))
+			->join('LEFT', $db->quoteName('#__users', 'uc') . ' ON ' . $db->qn('uc.id') . ' = ' . $db->qn('a.checked_out'));
 
 		// Join over the asset groups.
-		$query->select('ag.title AS access_level')
-			->join('LEFT', $db->quoteName('#__viewlevels', 'ag') . ' ON ag.id = a.access');
+		$query->select($db->quoteName('ag.title', 'access_level'))
+			->join('LEFT', $db->quoteName('#__viewlevels', 'ag') . ' ON ' . $db->qn('ag.id') . ' = ' . $db->qn('a.access'));
 
 		// Join over the categories.
-		$query->select('c.title AS category_title')
-			->join('LEFT', $db->quoteName('#__categories', 'c') . ' ON c.id = a.catid');
+		$query->select($db->quoteName('c.title', 'category_title'))
+			->join('LEFT', $db->quoteName('#__categories', 'c') . ' ON ' . $db->qn('c.id') . ' = ' . $db->qn('a.catid'));
 
 		// Join over the associations.
 		$assoc = JLanguageAssociations::isEnabled();
 
 		if ($assoc)
 		{
 			$query->select('COUNT(asso2.id)>1 AS association')
-				->join('LEFT', '#__associations AS asso ON asso.id = a.id AND asso.context=' . $db->quote('com_newsfeeds.item'))
-				->join('LEFT', '#__associations AS asso2 ON asso2.key = asso.key')
+				->join('LEFT', $db->quoteName('#__associations', 'asso') . ' ON asso.id = a.id AND asso.context = ' . $db->quote('com_newsfeeds.item'))
+				->join('LEFT', $db->quoteName('#__associations', 'asso2') . ' ON asso2.key = asso.key')
 				->group('a.id, l.title, l.image, uc.name, ag.title, c.title');
 		}
 
@@ -196,8 +197,7 @@ protected function getListQuery()
 		// Implement View Level Access
 		if (!$user->authorise('core.admin'))
 		{
-			$groups = implode(',', $user->getAuthorisedViewLevels());
-			$query->where($db->quoteName('a.access') . ' IN (' . $groups . ')');
+			$query->where($db->quoteName('a.access') . ' IN (' . implode(',', $user->getAuthorisedViewLevels()) . ')');
 		}
 
 		// Filter by published state.

administrator/components/com_newsfeeds/views/newsfeeds/tmpl/default.php

@@ -16,9 +16,7 @@
 JHtml::_('behavior.multiselect');
 JHtml::_('formbehavior.chosen', 'select');
 
-$app       = JFactory::getApplication();
 $user      = JFactory::getUser();
-$userId    = $user->get('id');
 $listOrder = $this->escape($this->state->get('list.ordering'));
 $listDirn  = $this->escape($this->state->get('list.direction'));
 $canOrder  = $user->authorise('core.edit.state', 'com_newsfeeds.category');
@@ -97,6 +95,7 @@
 					$canCreate  = $user->authorise('core.create',     'com_newsfeeds.category.' . $item->catid);
 					$canEdit    = $user->authorise('core.edit',       'com_newsfeeds.category.' . $item->catid);
 					$canCheckin = $user->authorise('core.manage',     'com_checkin') || $item->checked_out == $user->get('id') || $item->checked_out == 0;
+					$canEditOwn = $user->authorise('core.edit.own',   'com_newsfeeds.category.' . $item->catid) && $item->created_by == $user->id;
 					$canChange  = $user->authorise('core.edit.state', 'com_newsfeeds.category.' . $item->catid) && $canCheckin;
 					?>
 					<tr class="row<?php echo $i % 2; ?>" sortable-group-id="<?php echo $item->catid?>">
@@ -140,7 +139,7 @@
 								<?php if ($item->checked_out) : ?>
 									<?php echo JHtml::_('jgrid.checkedout', $i, $item->editor, $item->checked_out_time, 'newsfeeds.', $canCheckin); ?>
 								<?php endif; ?>
-								<?php if ($canEdit) : ?>
+								<?php if ($canEdit || $canEditOwn) : ?>
 									<a href="<?php echo JRoute::_('index.php?option=com_newsfeeds&task=newsfeed.edit&id=' . (int) $item->id); ?>">
 										<?php echo $this->escape($item->name); ?></a>
 								<?php else : ?>

administrator/components/com_newsfeeds/views/newsfeeds/view.html.php

@@ -119,7 +119,7 @@ protected function addToolbar()
 			JToolbarHelper::addNew('newsfeed.add');
 		}
 
-		if ($canDo->get('core.edit'))
+		if ($canDo->get('core.edit') || $canDo->get('core.edit.own'))
 		{
 			JToolbarHelper::editList('newsfeed.edit');
 		}

administrator/components/com_plugins/plugins.php

@@ -12,7 +12,7 @@
 
 if (!JFactory::getUser()->authorise('core.manage', 'com_plugins'))
 {
-	return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
+	throw new JControllerExceptionNotallowed(JText::_('JERROR_ALERTNOAUTHOR'), 403);
 }
 
 $controller = JControllerLegacy::getInstance('Plugins');

administrator/components/com_postinstall/models/messages.php

@@ -174,7 +174,7 @@ protected function onProcessList(&$resultArray)
 	}
 
 	/**
-	 * Get the drop-down options for the list of component with post-installation messages
+	 * Get the dropdown options for the list of component with post-installation messages
 	 *
 	 * @since 3.4
 	 *
@@ -236,7 +236,7 @@ public function getComponentOptions()
 	 * language_extension  The extension name which holds the language keys used above.
 	 *                     For example, com_foobar, mod_something, plg_system_whatever, tpl_mytemplate
 	 *
-	 * language_client_id  Should we load the front-end (0) or back-end (1) language keys?
+	 * language_client_id  Should we load the frontend (0) or backend (1) language keys?
 	 *
 	 * version_introduced  Which was the version of your extension where this message appeared for the first time?
 	 *                     Example: 3.2.1

administrator/components/com_redirect/models/fields/redirect.php

@@ -12,7 +12,7 @@
 JFormHelper::loadFieldClass('list');
 
 /**
- * A drop down containing all valid HTTP 1.1 response codes.
+ * A dropdown containing all valid HTTP 1.1 response codes.
  *
  * @package     Joomla.Administrator
  * @subpackage  com_redirect

administrator/includes/framework.php

@@ -96,5 +96,6 @@
 // System profiler
 if (JDEBUG)
 {
+	// @deprecated 4.0 - The $_PROFILER global will be removed
 	$_PROFILER = JProfiler::getInstance('Application');
 }