MokoConsulting/MokoSuiteBackup
1
0
Fork 0
Code Issues 5 Pull Requests Packages Releases 3 Wiki Activity
145 Commits 4 Branches 3 Tags
bbf3dcd449d7158c11a5f7cf8d7e0eceb69b7ff2
Commit Graph

6 Commits

Author SHA1 Message Date
Jonathan Miller 814d1b147c refactor: extract BackupDirectory utility to eliminate code duplication
Generic: Repo Health / Scripts governance (push) Has been cancelled
Details
Generic: Repo Health / Repository health (push) Has been cancelled
Details
Generic: Repo Health / Report Issues (push) Has been cancelled
Details
Generic: Repo Health / Site Health (push) Has been cancelled
Details
Generic: Repo Health / Access control (push) Has been cancelled
Details
Universal: Auto Version Bump / Version Bump (push) Has been cancelled
Details 
- Create BackupDirectory utility class with centralized:
  - DEFAULT_RELATIVE constant and PLACEHOLDER constant
  - resolve() — path resolution with [DEFAULT_DIR] and relative path handling
  - hasPlaceholders() — check for unresolved placeholder tokens
  - isWebAccessible() — web-root boundary check
  - protect() — .htaccess and index.html creation with error logging
  - ensureReady() — mkdir + protect in one call
  - parseNewlineList() — newline-separated text parsing
  - logPathFromArchive() — derive .log path from archive path
- Remove duplicated methods from BackupEngine, SteppedBackupEngine,
  ProfileTable, AjaxController, and DashboardModel
- All consumers now use BackupDirectory static methods
- Net reduction: ~180 lines of duplicated code eliminated
 2026-06-07 09:39:43 -05:00
Jonathan Miller 41b481dbfe fix: address code review — Apache 2.4 htaccess, browseDir traversal, SQL cast
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Details
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Details
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Details
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Details
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Details
Universal: PR Check / Branch Policy (pull_request) Has been cancelled
Details
Generic: Repo Health / Site Health (pull_request) Has been cancelled
Details
Generic: Repo Health / Access control (pull_request) Has been cancelled
Details
Joomla: Extension CI / Release Readiness Check (pull_request) Has been cancelled
Details
Joomla: Extension CI / Lint & Validate (pull_request) Has been cancelled
Details
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Has been cancelled
Details
Universal: PR Check / Validate PR (pull_request) Has been cancelled
Details
Branch Cleanup / Delete merged branch (pull_request) Has been cancelled
Details
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || 'development' }}) (pull_request_target) Has been cancelled
Details
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been cancelled
Details
Universal: Build & Release / Promote to RC (pull_request) Has been cancelled
Details
Generic: Repo Health / Site Health (push) Has been cancelled
Details
Generic: Repo Health / Access control (push) Has been cancelled
Details
Universal: Auto Version Bump / Version Bump (push) Has been cancelled
Details
Generic: Repo Health / Scripts governance (push) Has been cancelled
Details
Generic: Repo Health / Repository health (push) Has been cancelled
Details
Generic: Repo Health / Report Issues (push) Has been cancelled
Details 
- Update .htaccess content to support both Apache 2.4 (Require all denied)
  and Apache 2.2 (Order deny,allow) in all four locations
- Guard browseDir parent navigation to prevent escaping allowed boundaries
- Add explicit (int) cast on viewLog SQL query for defense-in-depth
 2026-06-07 09:17:20 -05:00
Jonathan Miller e72a007041 fix: address PR review — error logging, ACL check, fetch error handling
Generic: Repo Health / Scripts governance (push) Has been cancelled
Details
Generic: Repo Health / Repository health (push) Has been cancelled
Details
Generic: Repo Health / Report Issues (push) Has been cancelled
Details
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Details
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Details
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Details
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Details
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Details
Generic: Repo Health / Site Health (push) Has been cancelled
Details
Generic: Repo Health / Access control (push) Has been cancelled
Details
Universal: Auto Version Bump / Version Bump (push) Has been cancelled
Details
Universal: PR Check / Branch Policy (pull_request) Has been cancelled
Details
Generic: Repo Health / Site Health (pull_request) Has been cancelled
Details
Generic: Repo Health / Access control (pull_request) Has been cancelled
Details
Joomla: Extension CI / Release Readiness Check (pull_request) Has been cancelled
Details
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Has been cancelled
Details
Universal: PR Check / Validate PR (pull_request) Has been cancelled
Details
Joomla: Extension CI / Lint & Validate (pull_request) Has been cancelled
Details
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || 'development' }}) (pull_request_target) Has been cancelled
Details
Branch Cleanup / Delete merged branch (pull_request) Has been cancelled
Details
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been cancelled
Details
Universal: Build & Release / Promote to RC (pull_request) Has been cancelled
Details 
- Log failures in protectBackupDir() and protectWebAccessibleDir() instead
  of silently suppressing with @ (security-critical .htaccess writes)
- Add error_log() to empty catch blocks in boot() and syncMenuIcons()
- Add core.manage ACL check to checkDir() AJAX endpoint
- Surface opendir() failures in browseDir() with warning message
- Add HTTP status check (r.ok) to JS fetch calls before parsing JSON
- Log temp SQL file deletion failures in SteppedBackupEngine
 2026-06-07 09:11:39 -05:00
Jonathan Miller 608aeb3641 feat: add dashboard menu, [DEFAULT_DIR] placeholder, live dir validation, and backup security
Generic: Repo Health / Scripts governance (push) Has been cancelled
Details
Generic: Repo Health / Repository health (push) Has been cancelled
Details
Generic: Repo Health / Report Issues (push) Has been cancelled
Details
Generic: Repo Health / Site Health (push) Has been cancelled
Details
Generic: Repo Health / Access control (push) Has been cancelled
Details
Universal: Auto Version Bump / Version Bump (push) Has been cancelled
Details 
- Add Dashboard as first submenu entry in component manifest
- Add [DEFAULT_DIR] placeholder to PlaceholderResolver for portable profiles
- Add live AJAX directory permission checking on backup_dir field changes
- Add web-accessible warning badge on backup download buttons
- Auto-create .htaccess protection in web-accessible backup dirs on profile save
- Auto-create .htaccess protection at backup time in both engines
- Add checkDir AJAX endpoint for real-time directory validation
- Fix script.php warnMissingLicenseKey running on uninstall
 2026-06-07 06:54:46 -05:00
Jonathan Miller 026b72deed fix: address all PR review findings — error handling, security, validation
Generic: Repo Health / Release configuration (push) Has been cancelled
Details
Generic: Repo Health / Scripts governance (push) Has been cancelled
Details
Generic: Repo Health / Repository health (push) Has been cancelled
Details
Generic: Repo Health / Report Issues (push) Has been cancelled
Details
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Details
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Details
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Details
Generic: Repo Health / Release configuration (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Details
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Details
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Details
Generic: Repo Health / Site Health (push) Has been cancelled
Details
Generic: Repo Health / Access control (push) Has been cancelled
Details
Universal: Auto Version Bump / Version Bump (push) Has been cancelled
Details
Universal: PR Check / Branch Policy (pull_request) Has been cancelled
Details
Generic: Repo Health / Site Health (pull_request) Has been cancelled
Details
Generic: Repo Health / Access control (pull_request) Has been cancelled
Details
Joomla: Extension CI / Release Readiness Check (pull_request) Has been cancelled
Details
Joomla: Extension CI / Lint & Validate (pull_request) Has been cancelled
Details
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Has been cancelled
Details
Universal: PR Check / Validate PR (pull_request) Has been cancelled
Details 
Security:
- browseDir restricted to JPATH_ROOT and current user $HOME (not all /home/)
- MokoRestore db_prefix validated with regex to prevent SQL injection
- MokoRestore DB import returns failure when zero statements succeed

Error handling (fatal — would produce corrupt backups):
- BackupEngine/SteppedEngine mkdir() checked, returns error on failure
- SteppedSession save() checked, throws on write failure
- SteppedEngine SQL dump file_put_contents checked, throws on failure
- MokoRestore configuration.php write checked, throws on failure

Error handling (logged — secondary operations):
- BackupEngine dispatchAfterRun catch block logs to error_log
- BackupEngine/SteppedEngine log file write failures logged
- NotificationSender user group email resolution logged
- script.php download key save/restore logged

Operational fixes:
- Cleanup plugin: don't delete DB record if file unlink fails (prevents orphans)
- BackupEngine: count and log skipped unreadable files
- BackupEngine: handle MokoRestore rename failure gracefully
- SteppedEngine: add S3Uploader to stepUpload match (feature parity)

Authored-by: Moko Consulting
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-06-06 21:10:11 -05:00
Jonathan Miller a0c6332372 fix: flatten nested package directories from rename
Generic: Repo Health / Release configuration (push) Has been cancelled
Details
Generic: Repo Health / Scripts governance (push) Has been cancelled
Details
Generic: Repo Health / Repository health (push) Has been cancelled
Details
Generic: Repo Health / Report Issues (push) Has been cancelled
Details
Generic: Repo Health / Site Health (push) Has been cancelled
Details
Generic: Repo Health / Access control (push) Has been cancelled
Details
Universal: Auto Version Bump / Version Bump (push) Has been cancelled
Details 
The mokobackup→mokojoombackup rename created double-nested directories
(e.g. com_mokojoombackup/com_mokojoombackup/). Joomla installer could
not find files at the expected paths. Flattened all packages.

Authored-by: Moko Consulting
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-06-06 15:11:07 -05:00