v1.2 Added

README.md

@@ -14,13 +14,13 @@
 ## Framework version info
 | Name         | Initial Version           | Current version  |
 | :------------ |:-----------| :-----|
-| Joomla        | 3.9.2      |  3.9.2    |
-| Astroid       | 2.0.2      |  2.0.2    |
+| Joomla        | 3.9.2      |  3.9.21    |
+| Astroid       | 2.0.2      |  2.4.1    |
 
 ## JoomDev Extensions List
 | Name            | Initial Version        | Current version  |
 | :-------------- |:-----------| :-----|
-| JD Simple Contactform | 1.1    | 1.1   |
+| JD Simple Contactform | 1.1    | 1.6   |
 | JD Services Showcase  | Beta    | Beta   |
 | JD Skilset            | 1.0    | 1.0   |
 | JD Testimonial        | Beta    | Beta   |
@@ -32,9 +32,9 @@
 ## 3rd Party Extensions List
 | Name            | Start Development        | Release version  |
 | :--------------- |:-----------| :-----|
-| Smart Slider 3          | 3.3.1      | 3.3.1 |
-| ACY Mailing             | 5.10.4     | 5.10.4|
-| TZ Portfolio Plus (C/M) | 2.1.2      | 2.1.2 |
+| Smart Slider 3          | 3.3.1      | 3.4.1.9 |
+| ACY Mailing             | 5.10.4     | 6.14.1|
+| TZ Portfolio Plus (C/M) | 2.1.2      | 2.4.2 |
 
 
 ## Overrides
@@ -43,10 +43,4 @@
 | mod_menu (For top bar menu)      |
 | footer.php (Path: html/frontend)            |
 | default.php (Path: html/mod_jdservices_showcase)          |
-| view2.php (Path: html/mod_jd testimonial) (slider-view) |
-
-
-
-
-
-
+| view2.php (Path: html/mod_jd testimonial) (slider-view) |

quickstart/README.txt

@@ -66,7 +66,6 @@
 	* Documentation for Web designers: https://docs.joomla.org/Special:MyLanguage/Web_designers
 
 Copyright:
-	* Copyright (C) 2005 - 2019 Open Source Matters. All rights reserved.
-	* Special Thanks: https://docs.joomla.org/Special:MyLanguage/Joomla!_Credits_and_Thanks
+	* Copyright (C) 2005 - 2020 Open Source Matters. All rights reserved.
 	* Distributed under the GNU General Public License version 2 or later
-	* See Licenses details at https://docs.joomla.org/Special:MyLanguage/Joomla_Licenses
+	* See License details at https://docs.joomla.org/Special:MyLanguage/Joomla_Licenses

quickstart/administrator/components/com_actionlogs/actionlogs.php

@@ -3,7 +3,7 @@
  * @package     Joomla.Administrator
  * @subpackage  com_actionlogs
  *
- * @copyright   Copyright (C) 2005 - 2019 Open Source Matters, Inc. All rights reserved.
+ * @copyright   Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved.
  * @license     GNU General Public License version 2 or later; see LICENSE.txt
  */
 

quickstart/administrator/components/com_actionlogs/actionlogs.xml

@@ -3,7 +3,7 @@
 	<name>com_actionlogs</name>
 	<author>Joomla! Project</author>
 	<creationDate>May 2018</creationDate>
-	<copyright>Copyright (C) 2005 - 2019 Open Source Matters. All rights reserved.</copyright>
+	<copyright>Copyright (C) 2005 - 2020 Open Source Matters. All rights reserved.</copyright>
 	<license>GNU General Public License version 2 or later; see LICENSE.txt</license>
 	<authorEmail>admin@joomla.org</authorEmail>
 	<authorUrl>www.joomla.org</authorUrl>

quickstart/administrator/components/com_actionlogs/config.xml

@@ -29,7 +29,7 @@
 			label="COM_ACTIONLOGS_LOG_EXTENSIONS_LABEL"
 			description="COM_ACTIONLOGS_LOG_EXTENSIONS_DESC"
 			multiple="true"
-			default="com_banners,com_cache,com_categories,com_config,com_contact,com_content,com_installer,com_media,com_menus,com_messages,com_modules,com_newsfeeds,com_plugins,com_redirect,com_tags,com_templates,com_users"
+			default="com_banners,com_cache,com_categories,com_checkin,com_config,com_contact,com_content,com_installer,com_media,com_menus,com_messages,com_modules,com_newsfeeds,com_plugins,com_redirect,com_tags,com_templates,com_users"
 		/>
 	</fieldset>
 </config>

quickstart/administrator/components/com_actionlogs/controller.php

@@ -3,7 +3,7 @@
  * @package     Joomla.Administrator
  * @subpackage  com_actionlogs
  *
- * @copyright   Copyright (C) 2005 - 2019 Open Source Matters, Inc. All rights reserved.
+ * @copyright   Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved.
  * @license     GNU General Public License version 2 or later; see LICENSE.txt
  */
 

quickstart/administrator/components/com_actionlogs/controllers/actionlogs.php

@@ -3,7 +3,7 @@
  * @package     Joomla.Administrator
  * @subpackage  com_actionlogs
  *
- * @copyright   Copyright (C) 2005 - 2019 Open Source Matters, Inc. All rights reserved.
+ * @copyright   Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved.
  * @license     GNU General Public License version 2 or later; see LICENSE.txt
  */
 
@@ -121,7 +121,7 @@ public function exportLogs()
 			}
 
 			fclose($output);
-
+			$app->triggerEvent('onAfterLogExport', array());
 			$app->close();
 		}
 		else

quickstart/administrator/components/com_actionlogs/helpers/actionlogs.php

@@ -3,7 +3,7 @@
  * @package     Joomla.Administrator
  * @subpackage  com_actionlogs
  *
- * @copyright   Copyright (C) 2005 - 2019 Open Source Matters, Inc. All rights reserved.
+ * @copyright   Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved.
  * @license     GNU General Public License version 2 or later; see LICENSE.txt
  */
 
@@ -23,6 +23,14 @@
  */
 class ActionlogsHelper
 {
+	/**
+	 * Array of characters starting a formula
+	 *
+	 * @var    array
+	 * @since  3.9.7
+	 */
+	private static $characters = array('=', '+', '-', '@');
+
 	/**
 	 * Method to convert logs objects array to an iterable type for use with a CSV export
 	 *
@@ -54,6 +62,8 @@ public static function getCsvData($data)
 			return ActionlogsHelperPhp55::getCsvAsGenerator($data);
 		}
 
+		$disabledText = Text::_('COM_ACTIONLOGS_DISABLED');
+
 		$rows = array();
 
 		// Header row
@@ -68,11 +78,11 @@ public static function getCsvData($data)
 
 			$rows[] = array(
 				'id'         => $log->id,
-				'message'    => strip_tags(static::getHumanReadableLogMessage($log, false)),
+				'message'    => self::escapeCsvFormula(strip_tags(static::getHumanReadableLogMessage($log, false))),
 				'date'       => $date->format('Y-m-d H:i:s T'),
-				'extension'  => Text::_($extension),
-				'name'       => $log->name,
-				'ip_address' => Text::_($log->ip_address),
+				'extension'  => self::escapeCsvFormula(Text::_($extension)),
+				'name'       => self::escapeCsvFormula($log->name),
+				'ip_address' => self::escapeCsvFormula($log->ip_address === 'COM_ACTIONLOGS_DISABLED' ? $disabledText : $log->ip_address)
 			);
 		}
 
@@ -193,22 +203,37 @@ public static function getHumanReadableLogMessage($log, $generateLinks = true)
 			$messageData['extension_name'] = Text::_($messageData['extension_name']);
 		}
 
-		$linkMode = Factory::getApplication()->get('force_ssl', 0) >= 1 ? 1 : -1;
+		// Translating application
+		if (isset($messageData['app']))
+		{
+			$messageData['app'] = Text::_($messageData['app']);
+		}
+
+		// Translating type
+		if (isset($messageData['type']))
+		{
+			$messageData['type'] = Text::_($messageData['type']);
+		}
+
+		$linkMode = Factory::getApplication()->get('force_ssl', 0) >= 1 ? Route::TLS_FORCE : Route::TLS_IGNORE;
 
 		foreach ($messageData as $key => $value)
 		{
+			// Escape any markup in the values to prevent XSS attacks
+			$value = htmlspecialchars($value, ENT_QUOTES, 'UTF-8');
+
 			// Convert relative url to absolute url so that it is clickable in action logs notification email
 			if ($generateLinks && StringHelper::strpos($value, 'index.php?') === 0)
 			{
 				if (!isset($links[$value]))
 				{
-					$links[$value] = Route::link('administrator', $value, false, $linkMode);
+					$links[$value] = Route::link('administrator', $value, false, $linkMode, true);
 				}
 
 				$value = $links[$value];
 			}
 
-			$message = str_replace('{' . $key . '}', Text::_($value), $message);
+			$message = str_replace('{' . $key . '}', $value, $message);
 		}
 
 		return $message;
@@ -327,4 +352,28 @@ public static function loadActionLogPluginsLanguage()
 		// Load com_privacy too.
 		$lang->load('com_privacy', JPATH_ADMINISTRATOR, null, false, true);
 	}
+
+	/**
+	 * Escapes potential characters that start a formula in a CSV value to prevent injection attacks
+	 *
+	 * @param   mixed  $value  csv field value
+	 *
+	 * @return  mixed
+	 *
+	 * @since   3.9.7
+	 */
+	protected static function escapeCsvFormula($value)
+	{
+		if ($value == '')
+		{
+			return $value;
+		}
+
+		if (in_array($value[0], self::$characters, true))
+		{
+			$value = ' ' . $value;
+		}
+
+		return $value;
+	}
 }

quickstart/administrator/components/com_actionlogs/helpers/actionlogsphp55.php

@@ -3,7 +3,7 @@
  * @package     Joomla.Administrator
  * @subpackage  com_actionlogs
  *
- * @copyright   Copyright (C) 2005 - 2019 Open Source Matters, Inc. All rights reserved.
+ * @copyright   Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved.
  * @license     GNU General Public License version 2 or later; see LICENSE.txt
  */
 
@@ -23,6 +23,14 @@
  */
 class ActionlogsHelperPhp55
 {
+	/**
+	 * Array of characters starting a formula
+	 *
+	 * @var    array
+	 * @since  3.9.7
+	 */
+	private static $characters = array('=', '+', '-', '@');
+
 	/**
 	 * Method to convert logs objects array to a Generator for use with a CSV export
 	 *
@@ -46,6 +54,8 @@ public static function getCsvAsGenerator($data)
 			);
 		}
 
+		$disabledText = Text::_('COM_ACTIONLOGS_DISABLED');
+
 		// Header row
 		yield array('Id', 'Message', 'Date', 'Extension', 'User', 'Ip');
 
@@ -57,12 +67,36 @@ public static function getCsvAsGenerator($data)
 
 			yield array(
 				'id'         => $log->id,
-				'message'    => strip_tags(ActionlogsHelper::getHumanReadableLogMessage($log, false)),
+				'message'    => self::escapeCsvFormula(strip_tags(ActionlogsHelper::getHumanReadableLogMessage($log, false))),
 				'date'       => (new Date($log->log_date, new DateTimeZone('UTC')))->format('Y-m-d H:i:s T'),
-				'extension'  => Text::_($extension),
-				'name'       => $log->name,
-				'ip_address' => Text::_($log->ip_address),
+				'extension'  => self::escapeCsvFormula(Text::_($extension)),
+				'name'       => self::escapeCsvFormula($log->name),
+				'ip_address' => self::escapeCsvFormula($log->ip_address === 'COM_ACTIONLOGS_DISABLED' ? $disabledText : $log->ip_address)
 			);
 		}
 	}
+
+	/**
+	 * Escapes potential characters that start a formula in a CSV value to prevent injection attacks
+	 *
+	 * @param   mixed  $value  csv field value
+	 *
+	 * @return  mixed
+	 *
+	 * @since   3.9.7
+	 */
+	protected static function escapeCsvFormula($value)
+	{
+		if ($value == '')
+		{
+			return $value;
+		}
+
+		if (in_array($value[0], self::$characters, true))
+		{
+			$value = ' ' . $value;
+		}
+
+		return $value;
+	}
 }

quickstart/administrator/components/com_actionlogs/layouts/logstable.php

@@ -3,7 +3,7 @@
  * @package     Joomla.Administrator
  * @subpackage  com_actionlogs
  *
- * @copyright   Copyright (C) 2005 - 2019 Open Source Matters, Inc. All rights reserved.
+ * @copyright   Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved.
  * @license     GNU General Public License version 2 or later; see LICENSE.txt
  */
 

quickstart/administrator/components/com_actionlogs/libraries/actionlogplugin.php

@@ -3,7 +3,7 @@
  * @package     Joomla.Administrator
  * @subpackage  com_actionlogs
  *
- * @copyright   Copyright (C) 2005 - 2019 Open Source Matters, Inc. All rights reserved.
+ * @copyright   Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved.
  * @license     GNU General Public License version 2 or later; see LICENSE.txt
  */
 defined('_JEXEC') or die;

quickstart/administrator/components/com_actionlogs/models/actionlog.php

@@ -3,7 +3,7 @@
  * @package     Joomla.Administrator
  * @subpackage  com_actionlogs
  *
- * @copyright   Copyright (C) 2005 - 2019 Open Source Matters, Inc. All rights reserved.
+ * @copyright   Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved.
  * @license     GNU General Public License version 2 or later; see LICENSE.txt
  */
 

quickstart/administrator/components/com_actionlogs/models/actionlogs.php

@@ -3,7 +3,7 @@
  * @package     Joomla.Administrator
  * @subpackage  com_actionlogs
  *
- * @copyright   Copyright (C) 2005 - 2019 Open Source Matters, Inc. All rights reserved.
+ * @copyright   Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved.
  * @license     GNU General Public License version 2 or later; see LICENSE.txt
  */
 
@@ -330,15 +330,17 @@ public function delete(&$pks)
 		try
 		{
 			$db->execute();
-
-			return true;
 		}
 		catch (RuntimeException $e)
 		{
 			$this->setError($e->getMessage());
 
 			return false;
 		}
+
+		Factory::getApplication()->triggerEvent('onAfterLogPurge', array());
+
+		return true;
 	}
 
 	/**
@@ -353,13 +355,15 @@ public function purge()
 		try
 		{
 			$this->getDbo()->truncateTable('#__action_logs');
-
-			return true;
 		}
 		catch (Exception $e)
 		{
 			return false;
 		}
+
+		Factory::getApplication()->triggerEvent('onAfterLogPurge', array());
+
+		return true;
 	}
 
 	/**

quickstart/administrator/components/com_actionlogs/models/fields/extension.php

@@ -3,8 +3,8 @@
  * @package     Joomla.Administrator
  * @subpackage  com_actionlogs
  *
- * @copyright   Copyright (C) 2005 - 2019 Open Source Matters, Inc. All rights reserved.
- * @license     GNU General Public License version 2 or later; see LICENSE
+ * @copyright   Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved.
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
  */
 
 defined('_JEXEC') or die;