8 Commits

Author	SHA1	Message	Date
gitea-actions[bot]	b84cce6dc9	chore(version): pre-release bump to 01.00.28-dev [skip ci]	2026-06-07 01:10:12 +00:00
Jonathan Miller	be10092ef2	fix: use single-key pattern instead of universal backup	2026-06-06 17:30:55 -05:00
Jonathan Miller	210aded6bc	feat: download key preservation + license key warning (MokoWaaS pattern)	2026-06-06 17:11:44 -05:00
Jonathan Miller	9b693abe7d	feat: download key preservation in preflight + update site notice	2026-06-06 16:46:36 -05:00
Jonathan Miller	878a9b3726	feat: resolve 6 enhancement issues (#116-#119, #124, #125) ... - #116: Batch N+1 queries in processEvergreen() — pre-load posted_at and pending status in 2 queries instead of N*M - #117: Extract buildArticleMeta() from renderTemplate() — category, author, tags resolved once per article instead of per service - #118: Wire up media attachments in Threads, WordPress, Medium, Tumblr, Teams, Google Business, Pinterest, TikTok - #119: Rewrite 7 stub plugins with correct API implementations: Dev.to (api-key header), Brevo (api-key header, campaign format), ConvertKit (api_secret body), Reddit (form-encoded, subreddit), Pinterest (v5 pins with media_source), SendGrid (single sends), Constant Contact (email campaigns), TikTok (content init) - #124: Teams — migrate to Adaptive Cards format, remove dead resolveCredential() method and duplicate webhook_url fallback - #125: Google Business — fix URL path segments (accounts/locations) and add media attachment support Authored-by: Moko Consulting Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-06 09:56:37 -05:00
Jonathan Miller	5df8b0fc38	fix: resolve remaining low-priority bugs (#121, #122, #123, #126) ... - #121: schedule() now only allows re-scheduling posts with status queued/failed/permanently_failed/cancelled — prevents duplicates - #122: updateLastRunTimestamp() uses JSON_SET for atomic update with fallback for databases without JSON function support - #123: Add curl_error() handling to all 32 service plugins — DNS failures, SSL errors, and timeouts now return actionable messages - #126: Fix Ntfy supportsMedia() to return false (consistent with empty getSupportedMediaTypes()) Authored-by: Moko Consulting Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-06 09:41:56 -05:00
Jonathan Miller	9484d6bde9	security: fix 9 security and critical bugs (#107-#115, #120) ... - #107: Fix testConnection() broken event dispatch (Joomla 5+ ArrayAccess pattern) and add CSRF + ACL checks - #108: Add CSRF checkToken() to OauthController::authorize() - #109: Add core.manage ACL check to REST dispatch endpoint - #110: Fix LinkedIn null-coalesce on organization_id - #111: Add CURLOPT_PROTOCOLS to webhook, mastodon, ghost, bluesky to prevent SSRF via user-controlled URLs - #112: Encrypt credentials at rest using sodium_crypto_secretbox with key derived from Joomla secret; backward-compat with existing plaintext JSON credentials - #113: Fix unclosed <script> tag in dashboard template - #114: Fix hasPendingWork() to use exponential backoff matching processQueue() instead of linear delay - #115: Fix timestamp lock TOCTOU race with atomic UPDATE + WHERE - #120: Add CSRF token to dashboard migration link Authored-by: Moko Consulting Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-06 09:33:12 -05:00
Jonathan Miller	75c34345f9	refactor: rename src/ to source/ per moko-platform standards ... Rename root source directory from src/ to source/ and update all references in Makefile, manifest.xml, .gitignore, CI workflows, and wiki documentation. Internal Joomla namespace paths (src/Extension) are unchanged as they are plugin-internal structure. CI workflows updated to check source/ first with src/ fallback for backward compatibility across repos. Authored-by: Moko Consulting Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-06 08:11:29 -05:00