fix: review round 2 — geocode 0-coord, tel: sanitization, Factory ACL
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions
Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions
Joomla: Extension CI / Build RC Pre-Release (pull_request) Blocked by required conditions
Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions
Universal: PR Check / Report Issues (pull_request) Blocked by required conditions
Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions
Generic: Repo Health / Repository health (pull_request) Blocked by required conditions
Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions
Universal: PR Check / Branch Policy (pull_request) Failing after 1s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 3s
Universal: PR Check / Validate PR (pull_request) Failing after 4s
Generic: Repo Health / Access control (pull_request) Successful in 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Universal: PR Check / Secret Scan (pull_request) Successful in 5s
Joomla: Extension CI / Lint & Validate (pull_request) Successful in 7s
Universal: Auto Version Bump / Version Bump (push) Successful in 9s
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Successful in 2s
Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Successful in 30s
Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Failing after 6s
Universal: Build & Release / Build & Release Pipeline (pull_request) Failing after 17s
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions
Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions
Joomla: Extension CI / Build RC Pre-Release (pull_request) Blocked by required conditions
Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions
Universal: PR Check / Report Issues (pull_request) Blocked by required conditions
Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions
Generic: Repo Health / Repository health (pull_request) Blocked by required conditions
Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions
Universal: PR Check / Branch Policy (pull_request) Failing after 1s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 3s
Universal: PR Check / Validate PR (pull_request) Failing after 4s
Generic: Repo Health / Access control (pull_request) Successful in 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Universal: PR Check / Secret Scan (pull_request) Successful in 5s
Joomla: Extension CI / Lint & Validate (pull_request) Successful in 7s
Universal: Auto Version Bump / Version Bump (push) Successful in 9s
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Successful in 2s
Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Successful in 30s
Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Failing after 6s
Universal: Build & Release / Build & Release Pipeline (pull_request) Failing after 17s
- Fix geocoding trigger: use isset+is_numeric instead of !empty for coordinate detection (same 0.0 bug pattern as Haversine fix) - Sanitize tel: href to digits/+/-/() only (prevents URI injection) - Use Factory::getApplication() for ACL check (consistent with codebase) Authored-by: Moko Consulting
This commit is contained in:
Jonathan Miller
@@ -10,6 +10,7 @@ namespace Moko\Component\MokoSuiteStoreLocator\Administrator\Controller;
|
||||
|
||||
defined('_JEXEC') or die;
|
||||
|
||||
use Joomla\CMS\Factory;
|
||||
use Joomla\CMS\Language\Text;
|
||||
use Joomla\CMS\MVC\Controller\BaseController;
|
||||
use Joomla\CMS\Router\Route;
|
||||
@@ -34,7 +35,7 @@ class ImportController extends BaseController
|
||||
Session::checkToken() or jexit(Text::_('JINVALID_TOKEN'));
|
||||
|
||||
// ACL check — user must have create permission
|
||||
if (!$this->app->getIdentity()->authorise('core.create', 'com_mokosuitestorelocator'))
|
||||
if (!Factory::getApplication()->getIdentity()->authorise('core.create', 'com_mokosuitestorelocator'))
|
||||
{
|
||||
$this->setMessage(Text::_('JLIB_APPLICATION_ERROR_CREATE_RECORD_NOT_PERMITTED'), 'error');
|
||||
$this->setRedirect(Route::_('index.php?option=com_mokosuitestorelocator&view=locations', false));
|
||||
|
||||
@@ -99,7 +99,8 @@ class LocationModel extends AdminModel
|
||||
*/
|
||||
public function save($data)
|
||||
{
|
||||
$hasCoords = !empty($data['latitude']) && !empty($data['longitude']);
|
||||
$hasCoords = isset($data['latitude'], $data['longitude'])
|
||||
&& is_numeric($data['latitude']) && is_numeric($data['longitude']);
|
||||
$hasAddress = !empty($data['address']) || !empty($data['city']) || !empty($data['postcode']);
|
||||
|
||||
if (!$hasCoords && $hasAddress)
|
||||
|
||||
@@ -71,7 +71,8 @@ $item = $this->item;
|
||||
<?php if ($item->phone) : ?>
|
||||
<div>
|
||||
<strong><?php echo Text::_('COM_MOKOJOOMSTORELOCATOR_FIELD_PHONE'); ?>:</strong>
|
||||
<a href="tel:<?php echo $this->escape($item->phone); ?>" itemprop="telephone">
|
||||
<?php $safePhone = preg_replace('/[^0-9+\-() ]/', '', $item->phone); ?>
|
||||
<a href="tel:<?php echo $this->escape($safePhone); ?>" itemprop="telephone">
|
||||
<?php echo $this->escape($item->phone); ?>
|
||||
</a>
|
||||
</div>
|
||||
|
||||
@@ -54,7 +54,8 @@ use Joomla\CMS\Router\Route;
|
||||
|
||||
<?php if ($item->phone) : ?>
|
||||
<div class="com-mokosuitestorelocator-location-card__phone">
|
||||
<a href="tel:<?php echo $this->escape($item->phone); ?>" itemprop="telephone">
|
||||
<?php $safePhone = preg_replace('/[^0-9+\-() ]/', '', $item->phone); ?>
|
||||
<a href="tel:<?php echo $this->escape($safePhone); ?>" itemprop="telephone">
|
||||
<?php echo $this->escape($item->phone); ?>
|
||||
</a>
|
||||
</div>
|
||||
|
||||
Reference in New Issue
Block a user