Skip to content

Commit

Permalink
Merge branch 'main' into media-files
Browse files Browse the repository at this point in the history
  • Loading branch information
@HLeithner
HLeithner authored Nov 21, 2024
2 parents 9529b81 + 85a485d commit 8b2a5c5
Show file tree
Hide file tree
Showing 41 changed files with 136 additions and 63 deletions.
2 changes: 1 addition & 1 deletion docs/building-extensions/components/component-examples/ajaxdemo.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ Path: components/com_ajaxdemo/tmpl/ajaxdemo/default.php

This uses the [Web Asset Manager](../../../general-concepts/web-asset-manager.md) to attach the JavaScript divide.js which initiates the Ajax call.

It passes the root URL of your Joomla instance to the JavaScript code using [passing variables to Javascript](../../../general-concepts/javascript/adding-javascript#passing-variables-to-javascript)
It passes the root URL of your Joomla instance to the JavaScript code using [passing variables to Javascript](../../../general-concepts/javascript/adding-javascript.md#passing-variables-to-javascript)
as this makes the job of forming the URLs easier.

Then it outputs the `<form>` html, including the button with the onclick listener to run the divide.js code.
Expand Down
2 changes: 1 addition & 1 deletion docs/building-extensions/plugins/basic-content-plugin.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,7 @@ Ensure that this matches your class in your `src/Extension` directory.
## Extension Class
This is the main code of the plugin. Hopefully the comments in the code explain what is going on.

As explained in [Joomla 4 and 5 changes](./joomla-4-and-5-changes), code which triggers the Events can use a `GenericEvent` or a concrete Event, eg `ContentPrepareEvent`. In both these cases you can get the arguments using
As explained in [Joomla 4 and 5 changes](./joomla-4-and-5-changes.md), code which triggers the Events can use a `GenericEvent` or a concrete Event, eg `ContentPrepareEvent`. In both these cases you can get the arguments using

```php
[$context, $article, $params, $page] = array_values($event->getArguments());
Expand Down
10 changes: 5 additions & 5 deletions docs/general-concepts/forms-fields/standard-fields/index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@ To try out a standard form field you can download the `com_exampleform` componen
## List of Standard Form Fields
The following is a full list of all supplied form fields available in this release.

| Type | Description |
|-------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Type | Description |
|-------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [Accessible Media](./accessiblemedia.md) | Provides modal access to the media manager for insertion of images with upload for users with appropriate permissions and a text field for adding a alternative text. |
| [Access Level](./accesslevel.md) | Provides a drop down list of viewing access levels. |
| [Alias Tag](./aliastag.md) | Provides a list box containing specific language definitions. |
Expand Down Expand Up @@ -54,14 +54,14 @@ The following is a full list of all supplied form fields available in this relea
| [Menu](./menu.md) | Provides a drop down list of the available menus from your Joomla site. |
| [Menu Item](./menuitem.md) | Provides a drop down list of the available menu items from your Joomla site. |
| [Meter](./meter.md) | Provides a meter to show value in a range. |
| [ModalSelect](./modalselect.md) | Provides a field to allow the user to select an item within a modal. |
| [ModalSelect](./modalselect.md) | Provides a field to allow the user to select an item within a modal. |
| [Module Layout](./modulelayout.md) | Provides a list of alternative layout for a module grouped by core and template. |
| [Module Order](./moduleorder.md) | Provides a drop down to set the ordering of module in a given position |
| [Module Position](./moduleposition.md) | Provides a text input to set the position of a module. |
| [Module Tag](./moduletag.md) | Provides a list of html5 elements (used to wrap a module in). |
| [Note](./note.md) | Provides a one line text field. |
| [Number](./number.md) | Provides a one line text box with up-down handles to set a number in the field. |
| [Order](./ordering) | Provides a dropdown list of entries within a specified table along with `-First-` and `-Last-`. |
| [Order](./ordering.md) | Provides a dropdown list of entries within a specified table along with `-First-` and `-Last-`. |
| [Password](./password.md) | Provides a text box for entry of a password. The password characters will be obscured as they are entered. |
| [Plugins](./plugins.md) | Provides a list of plugins from a given folder. |
| [Plugin Status](./pluginstatus.md) | Provides a list box of statuses. |
Expand All @@ -83,7 +83,7 @@ The following is a full list of all supplied form fields available in this relea
| [Template Style](./templatestyle.md) | Provides a drop down list of template styles. |
| [Text Area](./textarea.md) | Provides a text area for entry of multi-line text. |
| [Text](./text.md) | Provides a text box for data entry. |
| [Time](./time) | Provides a select list of integers with specified first, last and step values. |
| [Time](./time.md) | Provides a select list of integers with specified first, last and step values. |
| [Timezone](./timezone.md) | Provides a drop down list of time zones. |
| [Transition](./transition.md) | Provides a grouped list of all work flow transitions from one stage to the next grouped by stage title |
| [Url](./url.md) | Provides a URL text input field. |
Expand Down
38 changes: 38 additions & 0 deletions docs/general-concepts/forms/manipulating-forms.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,44 @@ You can thus set the default attribute using `setFieldAttribute()`, but to set t
### Removing Fields
You can remove fields from the Form definition by calling `removeField()` to remove a specific field or `removeGroup()` to remove all the fields within a specified field group.

## Control fields
While the form fields used for data handling in the Model, the Controller also requires a few fields, like `task`, `return`, and CSRF token.
Previously these fields were coded directly in to the form layout.

Form class provides a methods to manage these control fields programmatically:
- `addControlField()` add control field to the form;
- `removeControlField()` remove control field from the form;
- `getControlFields()` get list of control fields in the form;
- `renderControlFields()` render the control fields;

While rendering the control fields the CSRF token will always be rendered, no need to add it to list of control fields.
The name `joomla.form.token` is reserved in the control fields list for Joomla default CSRF token field.
When in some reason need to remove default CSRF token then use `$form->removeControlField('joomla.form.token');` to remove it.

### Use of control fields example

Before:
```html
<input type="hidden" name="task" value="">
<input type="hidden" name="foo" value="bar">
<input type="hidden" name="return" value="<?php echo $input->getBase64('return'); ?>">
<?php echo HTMLHelper::_('form.token'); ?>
```

With control fields:
```php
// Code in Controller/View
$this->form
->addControlField('task', '')
->addControlField('foo', 'bar')
->addControlField('return', $input->getBase64('return', ''));

// Code in the form layout
echo $this->form->renderControlFields();
```



## Reflection Methods
There are a number of methods which allow you to access various aspects of the Form instance data. Mostly these are fairly straightforward to understand, and only cases where it may not be totally clear are explained below.

Expand Down
2 changes: 1 addition & 1 deletion docs/general-concepts/javascript/ajax.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ Within your component you should use the [MVC approach](../../building-extension
and split your functionality into different Controllers, Models and Views.

The default Joomla [Extension/Dispatcher](../extension-and-dispatcher/index.md) code uses the URL
[`task` parameter](../../building-extensions/components/mvc/mvc-overview#the-http-request-task-parameter)
[`task` parameter](../../building-extensions/components/mvc/mvc-overview.md#the-http-request-task-parameter)
to determine the Controller class to instantiate and the method within that Controller to call.

For example, if you set the `task` parameter to "ajax.divide" then the default Dispatcher code will instantiate your AjaxController and call its `divide` instance method.
Expand Down
2 changes: 1 addition & 1 deletion docs/general-concepts/javascript/js-library/joomla-dialog.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ Joomla Dialog (popup) script

Joomla Dialog module provides a functionality which allows to display various Dialogs (popup) windows.

To add Joomla Dialog module to the page use [WebAssetManager](../../web-asset-manager) `$wa->useScript('joomla.dialog')`,
To add Joomla Dialog module to the page use [WebAssetManager](../../web-asset-manager.md) `$wa->useScript('joomla.dialog')`,
and to enable auto binding of the buttons on the page use `$wa->useScript('joomla.dialog-autocreate')`.

Joomla Dialog allows to display dialogs with following content:
Expand Down
6 changes: 3 additions & 3 deletions docs/security/common-vulnerabilities.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ With the output template given above, the JS provided by the user will be output
### Prevention
#### Filter/validate the user input
In the example above, the provided subject should be filtered and/or validated to only allow required characters - and it should disallow characters that are needed to create HTML tags, i.e. the `<` and `>` characters.
If the user input can contain HTML markup, the markup itself has to be filtered to make sure it only contains safe markup. See [the chapter about input handling](input-handling) for more information.
If the user input can contain HTML markup, the markup itself has to be filtered to make sure it only contains safe markup. See [the chapter about input handling](input-handling.md) for more information.

#### Escape the output
Unless user generated markup is specifically needed (i.e. because the user can use a WYSIWYG editor) it's highly recommended to escape each and every snippet of user provided content.
Expand All @@ -36,7 +36,7 @@ To escape user content in Joomla, use the ```echo $this->escape($evilString)```
## SQL injections / SQLi
A SQL injection attack is a type of vulnerability where an attacker is able to manipulate a SQL query by injecting user controlled content.

Learn more about this attack scenario and the prevention in [the chapter about secure DB queries](secure-db-queries).
Learn more about this attack scenario and the prevention in [the chapter about secure DB queries](secure-db-queries.md).

## Unrestricted file uploads
Uploading user provided files to a webservers is a potentially dangerous task as it exposes multiple attack vectors at once:
Expand All @@ -50,4 +50,4 @@ Therefore file uploads must be very carefully implemented. Check the ```canUploa
CSRF is an attack type where an HTML form on an external, attacker-controlled site is used to perform an attack against a target site.

### Prevention
Learn more about this in the [CSRF chapter](csrf-protection) of this manual.
Learn more about this in the [CSRF chapter](csrf-protection.md) of this manual.
2 changes: 1 addition & 1 deletion docs/security/forms.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,4 @@ sidebar_position: 6

Forms & Validations
======================
See the [form validation chapter for further information](../general-concepts/forms/server-side-validation).
See the [form validation chapter for further information](../general-concepts/forms/server-side-validation.md).
2 changes: 1 addition & 1 deletion docs/security/input-handling.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ sidebar_position: 3
Input Handling
======================

See the [Input chapter for further information](../general-concepts/input).
See the [Input chapter for further information](../general-concepts/input.md).
14 changes: 10 additions & 4 deletions docusaurus.config.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ const config = {
organizationName: 'joomla',
projectName: 'joomla-cms',
url: 'https://manual.joomla.org',
trailingSlash: true,
baseUrl: '/',
onBrokenLinks: 'throw',
onBrokenMarkdownLinks: 'warn',
Expand All @@ -88,22 +89,27 @@ const config = {
versions: {
'current': {
label: '5.3 (Upcoming)',
banner: 'unreleased'
banner: 'unreleased',
noIndex: false,
},
'5.2': {
label: '5.2 (Current)',
noIndex: false,
},
'5.1': {
label: '5.1 (Archived)',
banner: 'unmaintained'
banner: 'unmaintained',
noIndex: true,
},
'5.0': {
label: '5.0 (Archived)',
banner: 'unmaintained'
banner: 'unmaintained',
noIndex: true,
},
'4.4': {
label: '4.4 (Security)',
banner: 'none'
banner: 'none',
noIndex: false,
},
},
/* onlyIncludeVersions: ['current', '5.2', '4.4'], */
Expand Down
29 changes: 29 additions & 0 deletions migrations/52-53/new-features.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,32 @@ To add it to existing installation, need to:


PR: https://github.com/joomla/joomla-cms/pull/43532

#### Form control fields

New methods to manage form control fields.
More detail at [Form Control fields](../../docs/general-concepts/forms/manipulating-forms#control-fields)

PR: https://github.com/joomla/joomla-cms/pull/43857

**Example**

Before:
```html
<input type="hidden" name="task" value="">
<input type="hidden" name="foo" value="bar">
<input type="hidden" name="return" value="<?php echo $input->getBase64('return'); ?>">
<?php echo HTMLHelper::_('form.token'); ?>
```

After:
```php
// Code in Controller/View
$this->form
->addControlField('task', '')
->addControlField('foo', 'bar')
->addControlField('return', $input->getBase64('return', ''));

// Code in the form layout
echo $this->form->renderControlFields();
```
2 changes: 1 addition & 1 deletion ..._docs/version-4.4/building-extensions/components/component-examples/ajaxdemo.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ Path: components/com_ajaxdemo/tmpl/ajaxdemo/default.php

This uses the [Web Asset Manager](../../../general-concepts/web-asset-manager.md) to attach the JavaScript divide.js which initiates the Ajax call.

It passes the root URL of your Joomla instance to the JavaScript code using [passing variables to Javascript](../../../general-concepts/javascript/adding-javascript#passing-variables-to-javascript)
It passes the root URL of your Joomla instance to the JavaScript code using [passing variables to Javascript](../../../general-concepts/javascript/adding-javascript.md#passing-variables-to-javascript)
as this makes the job of forming the URLs easier.

Then it outputs the `<form>` html, including the button with the onclick listener to run the divide.js code.
Expand Down
2 changes: 1 addition & 1 deletion versioned_docs/version-4.4/building-extensions/plugins/basic-content-plugin.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,7 @@ Ensure that this matches your class in your `src/Extension` directory.
## Extension Class
This is the main code of the plugin. Hopefully the comments in the code explain what is going on.

As explained in [Joomla 4 and 5 changes](./joomla-4-and-5-changes), code which triggers the Events can use a `GenericEvent` or a concrete Event, eg `ContentPrepareEvent`. In both these cases you can get the arguments using
As explained in [Joomla 4 and 5 changes](./joomla-4-and-5-changes.md), code which triggers the Events can use a `GenericEvent` or a concrete Event, eg `ContentPrepareEvent`. In both these cases you can get the arguments using

```php
[$context, $article, $params, $page] = array_values($event->getArguments());
Expand Down
Loading

0 comments on commit 8b2a5c5

Please sign in to comment.