MokoConsulting/MokoSuiteBackup
1
0
Fork 0
Code Issues 3 Pull Requests 2 Releases 2 Wiki Activity
570 Commits 35 Branches 2 Tags
79b3caa35a793765af81d73ce4e448b6f6d941b0
Commit Graph

5 Commits

Author SHA1 Message Date
Jonathan Miller 5698c074da feat: data sanitization — passwords, emails, sessions (#129)
Universal: PR Check / Branch Policy (pull_request) Failing after 1s
Details
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 5s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 7s
Details
Generic: Repo Health / Site Health (pull_request) Has been skipped
Details
Universal: PR Check / Secret Scan (pull_request) Successful in 7s
Details
Generic: Repo Health / Access control (pull_request) Successful in 2s
Details
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 9s
Details
Branch Cleanup / Delete merged branch (pull_request) Successful in 3s
Details
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Details
Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Failing after 6s
Details
Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Successful in 54s
Details
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Details
Universal: Build & Release / Build & Release Pipeline (pull_request) Successful in 33s
Details
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Details
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Details
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Details
Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Details
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Details
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Details 
New "Data Sanitization" fieldset on profile form with four options:
- Sanitize User Passwords: replaces all bcrypt hashes with invalid sentinel
- Preserve Super Admin: keeps Super Users group passwords intact
- Sanitize User Emails: replaces with user123@sanitized.example.com
- Clear Session Data: excludes #__session table data (default: on)

DatabaseDumper sanitizes rows inline during dump — both in-memory
and file-streaming paths. Super admin detection uses group_id=8
from #__user_usergroup_map with static caching.

Use cases: sharing backups, creating demo/staging sites, GDPR compliance.

Partial #129 (Part 2 — restore script password reset — tracked separately)
 2026-06-23 12:06:19 -05:00
Jonathan Miller 9990240d2d fix: remaining audit findings — OOM, security, error handling (#81)
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Failing after 5s
Details
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Details
Universal: Build & Release / Build & Release Pipeline (pull_request) Successful in 22s
Details
Universal: PR Check / Branch Policy (pull_request) Failing after 1s
Details
Universal: PR Check / Secret Scan (pull_request) Successful in 7s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 5s
Details
Generic: Repo Health / Access control (pull_request) Successful in 2s
Details
Generic: Repo Health / Site Health (pull_request) Has been skipped
Details
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 49s
Details
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Details
Branch Cleanup / Delete merged branch (pull_request) Failing after 2s
Details
Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Failing after 5s
Details
Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Successful in 46s
Details
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 2m32s
Details
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Details
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Details
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Details
Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Details
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Details
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Details 
CRITICAL:
- #73: S3Uploader now streams file via CURLOPT_PUT/INFILE instead of
  loading entire file into RAM with file_get_contents
- #74: DatabaseDumper gains dumpToFile() that streams SQL to disk;
  BackupEngine uses addFile() instead of addFromString() to avoid
  holding the entire dump in memory
- #75: AkeebaImporter removes unserialize() — only uses json_decode,
  skips legacy serialized filter data to prevent object injection

MEDIUM (also fixed):
- BackupEngine: $archiveName initialized before try block (prevents
  undefined variable in catch)
- BackupEngine: plaintext archive deleted on encryption failure
- BackupEngine: temp SQL file cleaned up in both success and failure
- BackupEngine: createArchiver() throws on unknown format instead of
  silently falling back to ZIP
- TarGzArchiver: intermediate .tar cleaned up in finally block

Closes #73, closes #74, closes #75
Ref #81
 2026-06-21 18:16:46 -05:00
Jonathan Miller a4c03d0032 fix: critical review — infinite recursion, SQL injection, FK prefix
Generic: Repo Health / Site Health (push) Has been skipped
Details
Generic: Repo Health / Access control (push) Successful in 1s
Details
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Details
Universal: Auto Version Bump / Version Bump (push) Successful in 4s
Details
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 5s
Details
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 5s
Details
Generic: Repo Health / Site Health (pull_request) Has been skipped
Details
Generic: Repo Health / Access control (pull_request) Successful in 1s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 7s
Details
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 7s
Details
Generic: Project CI / Lint & Validate (push) Successful in 31s
Details
Generic: Project CI / Lint & Validate (pull_request) Successful in 31s
Details
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 35s
Details
Generic: Project CI / Tests (push) Has been cancelled
Details
Generic: Project CI / Tests (pull_request) Has been cancelled
Details
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Details
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Details
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Details
Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (push) Has been cancelled
Details
Generic: Repo Health / Repository health (push) Has been cancelled
Details
Generic: Repo Health / Report Issues (push) Has been cancelled
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Details
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Details
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Details 
Critical:
- Fix infinite recursion in getValidatedPrefix() — was calling itself
  instead of extracting from $data array
- Fix SQL injection in actionResetAdmin() — prefix not validated,
  now uses getValidatedPrefix()

High:
- Fix prefix abstraction to cover FK REFERENCES — str_replace now
  targets backtick+prefix pattern to catch all table references in
  CREATE TABLE output, not just the current table name

Medium:
- Security gate file write check — skip verification gracefully if
  file cannot be written (don't lock user out)
- Stepped notification catch \Throwable instead of \Exception
 2026-06-18 10:56:02 -05:00
Jonathan Miller b2874f32f2 feat: abstract DB prefix, stepped checksum, restore security gate
Generic: Repo Health / Site Health (push) Has been skipped
Details
Generic: Repo Health / Access control (push) Successful in 1s
Details
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Details
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 4s
Details
Generic: Repo Health / Access control (pull_request) Successful in 2s
Details
Generic: Repo Health / Site Health (pull_request) Has been skipped
Details
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 6s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 7s
Details
Universal: Auto Version Bump / Version Bump (push) Successful in 3s
Details
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 6s
Details
Generic: Project CI / Lint & Validate (pull_request) Successful in 32s
Details
Generic: Project CI / Lint & Validate (push) Successful in 32s
Details
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 35s
Details
Generic: Project CI / Tests (push) Has been cancelled
Details
Generic: Project CI / Tests (pull_request) Has been cancelled
Details
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Details
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Details
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Details
Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (push) Has been cancelled
Details
Generic: Repo Health / Repository health (push) Has been cancelled
Details
Generic: Repo Health / Report Issues (push) Has been cancelled
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Details
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Details
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Details 
Database prefix abstraction:
- DatabaseDumper uses #__ placeholder instead of live prefix in all
  SQL output (DROP TABLE, CREATE TABLE, INSERT INTO)
- SteppedBackupEngine::dumpSingleTable() same #__ replacement
- DatabaseImporter replaces #__ with current site prefix on import
- MokoRestore replaces #__ with user-specified prefix on import
- Backups are now portable across sites with different prefixes

Stepped backup checksum:
- completeRecord() now computes and stores SHA-256 checksum

MokoRestore security gate:
- Writes .mokorestore-security.php with random 8-char code to site root
- User must read code from filesystem and enter it in browser
- Proves filesystem access before any restore actions are allowed
- Security file auto-deleted after successful verification
- All AJAX actions blocked until verification completes
 2026-06-18 10:42:10 -05:00
Jonathan Miller ace33b60fe feat: rename mokojoombackup → mokosuitebackup, add [HOME] placeholder for backup directory
Generic: Repo Health / Site Health (push) Has been skipped
Details
Generic: Repo Health / Access control (push) Successful in 2s
Details
Universal: Auto Version Bump / Version Bump (push) Successful in 10s
Details
Generic: Repo Health / Scripts governance (push) Has been cancelled
Details
Generic: Repo Health / Repository health (push) Has been cancelled
Details
Generic: Repo Health / Report Issues (push) Has been cancelled
Details 
Renames all sub-extensions from mokojoombackup to mokosuitebackup
(package, component, 7 plugins, language files, manifests).

Adds [HOME] placeholder to BackupDirectory and PlaceholderResolver
so users can set backup_dir to [HOME]/backups (outside web root).
Fixes folder browser "access denied" on PHP-FPM shared hosting
where getenv('HOME') returns empty by adding POSIX and JPATH_ROOT
fallback detection.
 2026-06-11 12:24:27 -05:00