b2572e676f00657ca3befa5af45591775ffc8ed5
5 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
8e5913d706 |
fix: enforce correct ACL permissions across all controllers (#137)
Universal: PR Check / Branch Policy (pull_request) Failing after 1s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 7s
Universal: PR Check / Validate PR (pull_request) Failing after 7s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 11s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 2s
Universal: PR Check / Secret Scan (pull_request) Successful in 10s
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Successful in 2s
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Successful in 33s
Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Failing after 5s
Universal: Build & Release / Build & Release Pipeline (pull_request) Successful in 54s
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
13 ACL fixes across 5 files: - BackupsController: purge() uses backup.purge (was core.delete) - SnapshotsController: delete() uses snapshot.manage (was core.delete) - AjaxController: restoreInit/Step use backup.restore (was backup.run), browseArchive uses backup.browse (was core.manage), countPurge uses backup.purge (was core.delete), compareBackups uses backup.compare (was core.manage) - API SnapshotsController: displayList/download use snapshot.manage (was core.manage) - HtmlView: verify gated by core.manage, compare by backup.compare, purge separated from delete with backup.purge Closes #137 |
||
|
|
8a4ebe1bde |
feat: selective article restore from snapshot (#58)
Browse articles inside a snapshot and restore individual items: - SnapshotRestoreEngine::restoreSelectedArticles() merges by ID - AjaxController::browseSnapshot() returns article list as JSON - SnapshotsController::restoreSelected() handles selective restore - Browse modal with checkboxes + Restore Selected button Closes #58 |
||
|
|
d5421738b7 |
fix: address PR review findings — error handling and safety
Universal: PR Check / Branch Policy (pull_request) Failing after 2s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 4s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 9s
Universal: PR Check / Validate PR (pull_request) Failing after 6s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 2s
Universal: Auto Version Bump / Version Bump (push) Successful in 14s
Generic: Project CI / Lint & Validate (pull_request) Successful in 44s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 49s
Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Successful in 51s
Generic: Project CI / Tests (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Fixes from code review and silent failure audit: - SnapshotRestoreEngine: catch only duplicate key errors (MySQL 1062) in merge mode, re-throw all other exceptions instead of swallowing - SnapshotRestoreEngine: add json_last_error() check for better error messages on corrupt snapshot files - SnapshotRestoreEngine: log warnings when set_time_limit/ini_set fail - SnapshotEngine: use strlen($json) instead of filesize() to avoid race conditions; catch \Exception instead of \Throwable - SnapshotsController: remove @unlink suppression, add try-catch around delete loop with partial failure reporting - script.php: add user-facing warning when webcron secret generation fails (was silently swallowed, inconsistent with other catch blocks) |
||
|
|
854383a899 |
fix: scope module DELETE to snapshot IDs in replace mode
The truncateFiltered() method ran unfiltered DELETE FROM #__modules in replace mode, which would wipe ALL site modules (admin toolbar, login, menus) — not just the ones in the snapshot. Now scoped to only delete modules whose IDs exist in the snapshot data. Also scopes #__modules_menu delete to snapshot module IDs, and adds defense-in-depth validation of restore_mode in the controller. |
||
|
|
ef31713029 |
feat: content snapshots, restore UI, and config hardening (v01.25.00)
Universal: Auto Version Bump / Version Bump (push) Successful in 10s
Add content snapshot system for lightweight article/category/module versioning independent of full backups. Snapshots store as JSON files with replace or merge restore modes, wrapped in DB transactions. - SnapshotEngine: dumps articles, categories, modules + related tables (workflow_associations, tag maps, frontpage) to JSON - SnapshotRestoreEngine: replace (clean slate) or merge (upsert) mode - Full MVC: controller, models, view, template with create/restore modals - New ACL permission: mokosuitebackup.snapshot.manage - Submenu entry with camera icon, upgrade SQL for snapshots table Improve full-site restore UI with confirmation modal offering options for files, database, preserve config, and encryption password. Config improvements: - WebcronSecretField: CSPRNG generator, strength meter, rejects weak patterns (password, admin, secret), enforces min 16 chars - IpWhitelistField: table-based management, current IP detection with one-click "Add my IP" button - Default profile shows "Title (#ID)" format - Default backup dir uses [DEFAULT_DIR] placeholder - Install script generates random 32-char webcron secret - Dashboard quick actions: full-width dropdown with button below |