Skip to content

Commit

Permalink
Joomla! 5.0.1 Stable
Browse files Browse the repository at this point in the history
  • Loading branch information
@bembelimen
bembelimen committed Nov 24, 2023
1 parent d34c9df commit 609cafc
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 7 deletions.
2 changes: 1 addition & 1 deletion administrator/manifests/files/joomla.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<authorUrl>www.joomla.org</authorUrl>
<copyright>(C) 2019 Open Source Matters, Inc.</copyright>
<license>GNU General Public License version 2 or later; see LICENSE.txt</license>
<version>5.0.1-rc3-dev</version>
<version>5.0.1</version>
<creationDate>2023-11</creationDate>
<description>FILES_JOOMLA_XML_DESCRIPTION</description>

Expand Down
7 changes: 5 additions & 2 deletions libraries/src/Language/LanguageHelper.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -423,9 +423,9 @@ public static function parseIniFile($fileName, $debug = false)
try {
if (!\function_exists('parse_ini_file') || $isParseIniFileDisabled) {
$contents = file_get_contents($fileName);
$strings = parse_ini_string($contents);
$strings = parse_ini_string($contents, false, INI_SCANNER_RAW);
} else {
$strings = parse_ini_file($fileName);
$strings = parse_ini_file($fileName, false, INI_SCANNER_RAW);
}
} catch (\Exception $e) {
if ($debug) {
Expand All @@ -437,6 +437,9 @@ public static function parseIniFile($fileName, $debug = false)
restore_error_handler();
}

// Ini files are processed in the "RAW" mode of parse_ini_string, leaving escaped quotes untouched - lets postprocess them
$strings = str_replace('\"', '"', $strings);

This comment has been minimized.

Sign in to view

Copy link
@dryabov

dryabov Dec 4, 2023

Contributor

  1. It's necessary to handle escaped backslashes as well.

  2. From a performance point of view it's better to unescape the whole file wth a single strtr and then parse it:

$contents = file_get_contents($fileName);
$contents = strtr($contents, array('\"' => '"', '\\\\' => '\\'));
$strings  = parse_ini_string($contents, false, INI_SCANNER_RAW);
  1. Where can I read more about the attack vector? It seems that website visitors can't affect ini files, and if an extension uses something like COM_A=JPATH_SITE, it's a vulnerability of the extension, not Joomla. What exactly are you trying to fix there?

return \is_array($strings) ? $strings : [];
}

Expand Down
8 changes: 4 additions & 4 deletions libraries/src/Version.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,15 +66,15 @@ final class Version
* @var string
* @since 3.8.0
*/
public const EXTRA_VERSION = 'rc3-dev';
public const EXTRA_VERSION = '';

/**
* Development status.
*
* @var string
* @since 3.5
*/
public const DEV_STATUS = 'Development';
public const DEV_STATUS = 'Stable';

/**
* Code name.
Expand All @@ -90,15 +90,15 @@ final class Version
* @var string
* @since 3.5
*/
public const RELDATE = '24-November-2023';
public const RELDATE = '28-November-2023';

/**
* Release time.
*
* @var string
* @since 3.5
*/
public const RELTIME = '09:15';
public const RELTIME = '16:00';

/**
* Release timezone.
Expand Down

0 comments on commit 609cafc

Please sign in to comment.