MokoSuiteBackup

Author	SHA1	Message	Date
Jonathan Miller	9990240d2d	fix: remaining audit findings — OOM, security, error handling (#81 ) Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions Details Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions Details Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions Details Joomla: Extension CI / Build RC Pre-Release (pull_request) Blocked by required conditions Details Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions Details Universal: PR Check / Report Issues (pull_request) Blocked by required conditions Details Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions Details Generic: Repo Health / Repository health (pull_request) Blocked by required conditions Details Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| github.ref_name }}) (push) Failing after 5s Details Universal: Build & Release / Promote to RC (pull_request) Has been skipped Details Universal: Build & Release / Build & Release Pipeline (pull_request) Successful in 22s Details Universal: PR Check / Branch Policy (pull_request) Failing after 1s Details Universal: PR Check / Secret Scan (pull_request) Successful in 7s Details Universal: PR Check / Validate PR (pull_request) Failing after 5s Details Generic: Repo Health / Access control (pull_request) Successful in 2s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Joomla: Extension CI / Lint & Validate (pull_request) Failing after 49s Details RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped Details Branch Cleanup / Delete merged branch (pull_request) Failing after 2s Details Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Failing after 5s Details Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Successful in 46s Details Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 2m32s Details CRITICAL: - #73: S3Uploader now streams file via CURLOPT_PUT/INFILE instead of loading entire file into RAM with file_get_contents - #74: DatabaseDumper gains dumpToFile() that streams SQL to disk; BackupEngine uses addFile() instead of addFromString() to avoid holding the entire dump in memory - #75: AkeebaImporter removes unserialize() — only uses json_decode, skips legacy serialized filter data to prevent object injection MEDIUM (also fixed): - BackupEngine: $archiveName initialized before try block (prevents undefined variable in catch) - BackupEngine: plaintext archive deleted on encryption failure - BackupEngine: temp SQL file cleaned up in both success and failure - BackupEngine: createArchiver() throws on unknown format instead of silently falling back to ZIP - TarGzArchiver: intermediate .tar cleaned up in finally block Closes #73, closes #74, closes #75 Ref #81	2026-06-21 18:16:46 -05:00
jmiller	418db394a4	Merge pull request 'chore: remove automation directory' (#82 ) from fix/remove-automation into main	2026-06-21 23:10:42 +00:00
gitea-actions[bot]	6383e9b111	chore(version): pre-release bump to 01.27.03-dev [skip ci] Universal: Build & Release / Promote to RC (pull_request) Has been skipped Details Universal: Build & Release / Build & Release Pipeline (pull_request) Successful in 21s Details Publish to Composer / Publish Package (release) Failing after 44s Details Branch Cleanup / Delete merged branch (pull_request) Failing after 2s Details RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped Details Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Failing after 5s Details	2026-06-21 23:10:10 +00:00
Jonathan Miller	2395a4eabc	fix: critical and high audit findings (#81 ) Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions Details Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions Details Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions Details Joomla: Extension CI / Build RC Pre-Release (pull_request) Blocked by required conditions Details Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions Details Universal: PR Check / Report Issues (pull_request) Blocked by required conditions Details Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions Details Generic: Repo Health / Repository health (pull_request) Blocked by required conditions Details Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| github.ref_name }}) (push) Failing after 5s Details Universal: Build & Release / Promote to RC (pull_request) Has been skipped Details Universal: Build & Release / Build & Release Pipeline (pull_request) Successful in 23s Details Joomla: Extension CI / Lint & Validate (pull_request) Failing after 9s Details Universal: PR Check / Branch Policy (pull_request) Failing after 2s Details Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 4s Details Generic: Repo Health / Access control (pull_request) Successful in 2s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Universal: PR Check / Secret Scan (pull_request) Successful in 6s Details Universal: PR Check / Validate PR (pull_request) Failing after 5s Details Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Successful in 17s Details Branch Cleanup / Delete merged branch (pull_request) Successful in 2s Details RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped Details Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Failing after 7m48s Details Fixes all critical and high severity issues from the codebase audit: CRITICAL: - #71: RestoreCommand passed wrong args to RestoreEngine (filepath instead of record ID) — CLI restore was completely broken - #72: JpaUnarchiver path traversal — added traversal rejection and realpath boundary check to prevent writes outside staging dir - #77: RestoreEngine staging path sanitized — $record->tag stripped of non-alphanumeric characters HIGH: - #75: (noted, AkeebaImporter unserialize needs separate refactor) - #76: BackupTable now deletes DB row before file — prevents data loss if DB delete fails - #78: API profiles endpoint now masks sensitive fields (passwords, keys, tokens) with '***' - #79: Webcron handler adds return after sendJsonResponse — prevents execution falling through on non-terminal close() - #80: BackupModel/ProfileModel loadFormData() now casts array to object — prevents TypeError on PHP 8.x form state restore PREFLIGHT HARDENING: - PreflightCheck::run() wrapped in try-catch for DB exceptions - mkdir() failure now includes actual error reason - Unresolved placeholders generate a warning instead of silent return Closes #71, closes #76, closes #77, closes #78, closes #79, closes #80 Ref #72, ref #81	2026-06-21 18:08:58 -05:00
gitea-actions[bot]	43a4e552ce	chore(release): build 01.27.00 [skip ci] Publish to Composer / Publish Package (release) Failing after 6s Details	2026-06-21 22:54:47 +00:00
gitea-actions[bot]	f099ad8fe9	chore(version): auto-bump patch 01.26.02-dev [skip ci] RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped Details Branch Cleanup / Delete merged branch (pull_request) Successful in 1s Details Universal: Build & Release / Promote to RC (pull_request) Has been skipped Details Universal: Build & Release / Build & Release Pipeline (pull_request) Successful in 18s Details Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Failing after 2m35s Details	2026-06-21 22:54:29 +00:00
Jonathan Miller	dbed0d0da7	fix: address PR review — remove dead code, consistent warnings key Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions Details Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions Details Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions Details Joomla: Extension CI / Build RC Pre-Release (pull_request) Blocked by required conditions Details Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions Details Universal: PR Check / Report Issues (pull_request) Blocked by required conditions Details Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions Details Generic: Repo Health / Repository health (pull_request) Blocked by required conditions Details Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions Details Universal: PR Check / Branch Policy (pull_request) Failing after 1s Details Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 4s Details Generic: Repo Health / Access control (pull_request) Successful in 2s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Joomla: Extension CI / Lint & Validate (pull_request) Failing after 7s Details Universal: PR Check / Validate PR (pull_request) Failing after 5s Details Universal: PR Check / Secret Scan (pull_request) Successful in 6s Details Universal: Auto Version Bump / Version Bump (push) Successful in 12s Details Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Successful in 35s Details - Remove dead checkRequiredExtensions() method (superseded by PreflightCheck) - Add 'warnings' key to ALL return paths in BackupEngine::run() and SteppedBackupEngine::init() to prevent undefined key access on PHP 8.x - Include preflight warnings in success, failure, and early-exit returns	2026-06-21 17:54:11 -05:00
gitea-actions[bot]	617c103055	chore(version): auto-bump patch 01.26.01-dev [skip ci]	2026-06-21 22:47:28 +00:00
Jonathan Miller	edb202071c	feat: add pre-flight checks before backup starts (#67 ) Universal: Auto Version Bump / Version Bump (push) Successful in 9s Details Validate backup prerequisites before creating any record, catching common issues early with clear messages instead of failing mid-backup. Pre-flight checks: - Required PHP extensions (zip, pdo, pdo_mysql, mbstring, curl) - Backup directory exists and is writable - Sufficient disk space (last backup size + 20% buffer, skipped if no previous backup exists) - No other backup already running for this profile - Excluded tables exist in database (warns on missing) - Remote storage credentials minimally configured (FTP/S3/GDrive) Errors block the backup; warnings are logged and displayed but allow the backup to proceed. Integrated into both BackupEngine::run() and SteppedBackupEngine::init() before any record is inserted. UI: AJAX init response includes warnings array, displayed in the stepped backup progress modal. Closes #67	2026-06-21 17:47:13 -05:00
gitea-actions[bot]	92e94ddc17	chore(release): build 01.26.00 [skip ci] Publish to Composer / Publish Package (release) Failing after 4s Details	2026-06-21 22:36:22 +00:00
gitea-actions[bot]	c2a88a898d	chore(version): auto-bump patch 01.25.02-dev [skip ci]	2026-06-21 22:22:40 +00:00
Jonathan Miller	d5421738b7	fix: address PR review findings — error handling and safety Generic: Project CI / Tests (pull_request) Blocked by required conditions Details Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions Details Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions Details Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions Details Joomla: Extension CI / Build RC Pre-Release (pull_request) Blocked by required conditions Details Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions Details Universal: PR Check / Report Issues (pull_request) Blocked by required conditions Details Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions Details Generic: Repo Health / Repository health (pull_request) Blocked by required conditions Details Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions Details Universal: PR Check / Branch Policy (pull_request) Failing after 2s Details Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 4s Details Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 9s Details Universal: PR Check / Validate PR (pull_request) Failing after 6s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Generic: Repo Health / Access control (pull_request) Successful in 2s Details Universal: Auto Version Bump / Version Bump (push) Successful in 14s Details Generic: Project CI / Lint & Validate (pull_request) Successful in 44s Details Joomla: Extension CI / Lint & Validate (pull_request) Failing after 49s Details Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Successful in 51s Details Fixes from code review and silent failure audit: - SnapshotRestoreEngine: catch only duplicate key errors (MySQL 1062) in merge mode, re-throw all other exceptions instead of swallowing - SnapshotRestoreEngine: add json_last_error() check for better error messages on corrupt snapshot files - SnapshotRestoreEngine: log warnings when set_time_limit/ini_set fail - SnapshotEngine: use strlen($json) instead of filesize() to avoid race conditions; catch \Exception instead of \Throwable - SnapshotsController: remove @unlink suppression, add try-catch around delete loop with partial failure reporting - script.php: add user-facing warning when webcron secret generation fails (was silently swallowed, inconsistent with other catch blocks)	2026-06-21 17:21:55 -05:00
Jonathan Miller	658ed77090	Merge remote-tracking branch 'origin/feature/47-backup-status-helper' into feature/47-backup-status-helper	2026-06-21 16:59:54 -05:00
Jonathan Miller	854383a899	fix: scope module DELETE to snapshot IDs in replace mode The truncateFiltered() method ran unfiltered DELETE FROM #__modules in replace mode, which would wipe ALL site modules (admin toolbar, login, menus) — not just the ones in the snapshot. Now scoped to only delete modules whose IDs exist in the snapshot data. Also scopes #__modules_menu delete to snapshot module IDs, and adds defense-in-depth validation of restore_mode in the controller.	2026-06-21 15:50:41 -05:00
gitea-actions[bot]	43c73d20e8	chore(version): auto-bump patch 01.25.01-dev [skip ci]	2026-06-21 20:30:09 +00:00
Jonathan Miller	ef31713029	feat: content snapshots, restore UI, and config hardening (v01.25.00) Universal: Auto Version Bump / Version Bump (push) Successful in 10s Details Add content snapshot system for lightweight article/category/module versioning independent of full backups. Snapshots store as JSON files with replace or merge restore modes, wrapped in DB transactions. - SnapshotEngine: dumps articles, categories, modules + related tables (workflow_associations, tag maps, frontpage) to JSON - SnapshotRestoreEngine: replace (clean slate) or merge (upsert) mode - Full MVC: controller, models, view, template with create/restore modals - New ACL permission: mokosuitebackup.snapshot.manage - Submenu entry with camera icon, upgrade SQL for snapshots table Improve full-site restore UI with confirmation modal offering options for files, database, preserve config, and encryption password. Config improvements: - WebcronSecretField: CSPRNG generator, strength meter, rejects weak patterns (password, admin, secret), enforces min 16 chars - IpWhitelistField: table-based management, current IP detection with one-click "Add my IP" button - Default profile shows "Title (#ID)" format - Default backup dir uses [DEFAULT_DIR] placeholder - Install script generates random 32-char webcron secret - Dashboard quick actions: full-width dropdown with button below	2026-06-21 15:25:53 -05:00
Jonathan Miller	a5a2f48e7c	feat: add BackupStatusHelper for bridge integration (#47 ) Universal: PR Check / Branch Policy (pull_request) Failing after 2s Details Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 6s Details Generic: Repo Health / Access control (pull_request) Successful in 1s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 9s Details Universal: PR Check / Validate PR (pull_request) Failing after 6s Details Universal: Auto Version Bump / Version Bump (push) Successful in 15s Details Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Successful in 13s Details Generic: Project CI / Lint & Validate (pull_request) Successful in 32s Details Joomla: Extension CI / Lint & Validate (pull_request) Failing after 35s Details Generic: Project CI / Tests (pull_request) Has been cancelled Details Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled Details Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled Details Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled Details Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details Static helper class for external consumers (bridge plugins, MCP servers) to query backup status without bootstrapping the full component. Methods: - isInstalled(): check if MokoSuiteBackup is installed and enabled - getLatestRecord(): get the most recent completed/failed backup - getStatusSummary(): full heartbeat payload with latest status, all-time/7-day totals, and consecutive success streak	2026-06-20 18:30:54 -05:00
gitea-actions[bot]	291f09223d	chore(release): build 01.24.00 [skip ci]	2026-06-19 07:14:55 +00:00
gitea-actions[bot]	64c6ef6d7e	chore(release): build 01.23.00 [skip ci]	2026-06-18 16:07:30 +00:00
gitea-actions[bot]	2e7e49fa60	chore(version): pre-release bump to 01.22.10-dev [skip ci] Universal: Build & Release / Promote to RC (pull_request) Has been skipped Details Branch Cleanup / Delete merged branch (pull_request) Has been skipped Details RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped Details Universal: Build & Release / Build & Release Pipeline (pull_request) Successful in 11s Details	2026-06-18 15:59:59 +00:00
Jonathan Miller	55954ba081	fix: remaining review items — prefix in trailing SQL, dead code, indent Generic: Repo Health / Access control (push) Successful in 1s Details Universal: Auto Version Bump / Version Bump (push) Successful in 3s Details Generic: Repo Health / Site Health (push) Has been skipped Details Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 4s Details Universal: PR Check / Branch Policy (pull_request) Successful in 1s Details Generic: Repo Health / Access control (pull_request) Successful in 1s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 4s Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| github.ref_name }}) (push) Successful in 7s Details Generic: Project CI / Lint & Validate (push) Successful in 42s Details Generic: Project CI / Lint & Validate (pull_request) Successful in 42s Details Universal: PR Check / Validate PR (pull_request) Failing after 38s Details Joomla: Extension CI / Lint & Validate (pull_request) Failing after 44s Details Generic: Project CI / Tests (push) Has been cancelled Details Generic: Project CI / Tests (pull_request) Has been cancelled Details Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled Details Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled Details Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled Details Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details - DatabaseImporter: apply #__ prefix replacement on trailing statement (was missing for SQL not terminated by semicolon) - SteppedBackupEngine: remove unused DatabaseDumper instantiation - SteppedBackupEngine: fix misaligned indentation in stepDatabase()	2026-06-18 10:59:47 -05:00
gitea-actions[bot]	7ecc855e40	chore(version): pre-release bump to 01.22.09-dev [skip ci]	2026-06-18 15:56:16 +00:00
Jonathan Miller	a4c03d0032	fix: critical review — infinite recursion, SQL injection, FK prefix Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 1s Details Universal: PR Check / Branch Policy (pull_request) Successful in 1s Details Universal: Auto Version Bump / Version Bump (push) Successful in 4s Details Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 5s Details Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 5s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Generic: Repo Health / Access control (pull_request) Successful in 1s Details Universal: PR Check / Validate PR (pull_request) Failing after 7s Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| github.ref_name }}) (push) Successful in 7s Details Generic: Project CI / Lint & Validate (push) Successful in 31s Details Generic: Project CI / Lint & Validate (pull_request) Successful in 31s Details Joomla: Extension CI / Lint & Validate (pull_request) Failing after 35s Details Generic: Project CI / Tests (push) Has been cancelled Details Generic: Project CI / Tests (pull_request) Has been cancelled Details Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled Details Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled Details Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled Details Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details Critical: - Fix infinite recursion in getValidatedPrefix() — was calling itself instead of extracting from $data array - Fix SQL injection in actionResetAdmin() — prefix not validated, now uses getValidatedPrefix() High: - Fix prefix abstraction to cover FK REFERENCES — str_replace now targets backtick+prefix pattern to catch all table references in CREATE TABLE output, not just the current table name Medium: - Security gate file write check — skip verification gracefully if file cannot be written (don't lock user out) - Stepped notification catch \Throwable instead of \Exception	2026-06-18 10:56:02 -05:00
gitea-actions[bot]	682538e4de	chore(version): pre-release bump to 01.22.08-dev [skip ci]	2026-06-18 15:42:29 +00:00
Jonathan Miller	b2874f32f2	feat: abstract DB prefix, stepped checksum, restore security gate Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 1s Details Universal: PR Check / Branch Policy (pull_request) Successful in 1s Details Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 4s Details Generic: Repo Health / Access control (pull_request) Successful in 2s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 6s Details Universal: PR Check / Validate PR (pull_request) Failing after 7s Details Universal: Auto Version Bump / Version Bump (push) Successful in 3s Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| github.ref_name }}) (push) Successful in 6s Details Generic: Project CI / Lint & Validate (pull_request) Successful in 32s Details Generic: Project CI / Lint & Validate (push) Successful in 32s Details Joomla: Extension CI / Lint & Validate (pull_request) Failing after 35s Details Generic: Project CI / Tests (push) Has been cancelled Details Generic: Project CI / Tests (pull_request) Has been cancelled Details Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled Details Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled Details Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled Details Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details Database prefix abstraction: - DatabaseDumper uses #__ placeholder instead of live prefix in all SQL output (DROP TABLE, CREATE TABLE, INSERT INTO) - SteppedBackupEngine::dumpSingleTable() same #__ replacement - DatabaseImporter replaces #__ with current site prefix on import - MokoRestore replaces #__ with user-specified prefix on import - Backups are now portable across sites with different prefixes Stepped backup checksum: - completeRecord() now computes and stores SHA-256 checksum MokoRestore security gate: - Writes .mokorestore-security.php with random 8-char code to site root - User must read code from filesystem and enter it in browser - Proves filesystem access before any restore actions are allowed - Security file auto-deleted after successful verification - All AJAX actions blocked until verification completes	2026-06-18 10:42:10 -05:00
gitea-actions[bot]	b3e7c8ec72	chore(version): pre-release bump to 01.22.07-dev [skip ci]	2026-06-18 15:27:08 +00:00
Jonathan Miller	9656a2a92b	fix: PR #46 review — error handling, failure notifications, cleanup Generic: Repo Health / Access control (push) Successful in 1s Details Generic: Repo Health / Site Health (push) Has been skipped Details Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 7s Details Generic: Project CI / Lint & Validate (push) Successful in 11s Details Universal: Auto Version Bump / Version Bump (push) Successful in 4s Details Universal: PR Check / Branch Policy (pull_request) Successful in 2s Details Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 10s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Generic: Repo Health / Access control (pull_request) Successful in 2s Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| github.ref_name }}) (push) Successful in 8s Details Universal: PR Check / Validate PR (pull_request) Failing after 8s Details Generic: Project CI / Lint & Validate (pull_request) Successful in 35s Details Joomla: Extension CI / Lint & Validate (pull_request) Failing after 38s Details Generic: Project CI / Tests (push) Has been cancelled Details Generic: Project CI / Tests (pull_request) Has been cancelled Details Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled Details Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled Details Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled Details Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details Critical: - Wrap cleanupOldBackups() in try-catch to prevent admin panel crash - Add missing fields (total_size, files_count, etc.) to failure record so failure notifications actually send High: - Log unlink failures in deleteBackupRecord() instead of silent return - Wrap DB delete in try-catch so one failed record doesn't abort loop - Check for ext-curl before calling curl_init() in sendNtfy() Medium: - Change runPreActionBackup catch from \Exception to \Throwable - Log warning for skipped files during archive encryption - Truncate ntfy response body in error logs (200 chars max)	2026-06-18 10:26:48 -05:00
gitea-actions[bot]	f47a99636b	chore(version): pre-release bump to 01.22.06-dev [skip ci]	2026-06-18 15:19:59 +00:00
Jonathan Miller	36ec6dd5a3	fix: notifications for AJAX backups, download CSRF token Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 1s Details Universal: PR Check / Branch Policy (pull_request) Successful in 1s Details Universal: Auto Version Bump / Version Bump (push) Successful in 4s Details Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 4s Details Generic: Repo Health / Access control (pull_request) Successful in 2s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 7s Details Generic: Project CI / Lint & Validate (push) Successful in 11s Details Generic: Project CI / Lint & Validate (pull_request) Successful in 11s Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| github.ref_name }}) (push) Successful in 12s Details Universal: PR Check / Validate PR (pull_request) Failing after 48s Details Joomla: Extension CI / Lint & Validate (pull_request) Failing after 54s Details Generic: Project CI / Tests (push) Has been cancelled Details Generic: Project CI / Tests (pull_request) Has been cancelled Details Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled Details Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled Details Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled Details Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details SteppedBackupEngine now sends email + ntfy notifications on both success (completeRecord) and failure (failRecord). Previously only BackupEngine (synchronous CLI/toolbar path) sent notifications. Download link in backups template now includes the CSRF token in the URL query string, fixing "security token did not match" error when clicking download buttons.	2026-06-18 10:19:43 -05:00
gitea-actions[bot]	6810edcd7f	chore(version): pre-release bump to 01.22.05-dev [skip ci]	2026-06-18 14:35:16 +00:00
Jonathan Miller	b2eab66d27	fix: include backup_type and archivename in notification record Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 1s Details Universal: Auto Version Bump / Version Bump (push) Successful in 4s Details Generic: Project CI / Lint & Validate (push) Successful in 18s Details Generic: Project CI / Tests (push) Has been cancelled Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details The update object passed to NotificationSender only had fields being updated in the DB (total_size, checksum, etc). It was missing backup_type, archivename, description, origin, and backupstart — which are set on the initial insert and don't change. This caused ntfy notifications to show empty Type and Archive fields.	2026-06-18 09:31:51 -05:00
gitea-actions[bot]	ee48b150f5	chore(version): pre-release bump to 01.22.04-dev [skip ci]	2026-06-18 14:12:38 +00:00
gitea-actions[bot]	2c58ebed38	chore(version): pre-release bump to 01.22.03-dev [skip ci]	2026-06-18 14:10:46 +00:00
Jonathan Miller	2a4676c999	fix: expand PHP extension checks (#22 ) Generic: Repo Health / Access control (push) Successful in 1s Details Generic: Repo Health / Site Health (push) Has been skipped Details Universal: Auto Version Bump / Version Bump (push) Successful in 4s Details Generic: Project CI / Lint & Validate (push) Successful in 8s Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| github.ref_name }}) (push) Successful in 5s Details Generic: Project CI / Tests (push) Has been cancelled Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details BackupEngine: check ext-zip, ext-pdo, ext-pdo_mysql, ext-mbstring before running (was only zip + mbstring). Installer preflight: warn about missing extensions (zip, pdo, pdo_mysql, mbstring, curl) during install/update. Warns but does not block installation so the component can still be configured. MokoRestore already checks ext-zip, ext-pdo_mysql, ext-mbstring, ext-json in its preflight step. composer.json already declares all six extensions as requirements (zip, pdo, pdo_mysql, curl, ftp, mbstring) — composer install fails if any are missing, which CI enforces. Closes #22	2026-06-18 09:10:35 -05:00
gitea-actions[bot]	b3928915fe	chore(version): pre-release bump to 01.22.02-dev [skip ci]	2026-06-18 13:19:05 +00:00
gitea-actions[bot]	dd09b65cc4	chore(version): pre-release bump to 01.22.01-dev [skip ci]	2026-06-17 16:42:27 +00:00
gitea-actions[bot]	9a908e2e3c	chore(version): pre-release bump to 01.22.00-rc [skip ci]	2026-06-17 07:57:03 +00:00
gitea-actions[bot]	d8367d7beb	chore(version): pre-release bump to 01.21.01-dev [skip ci]	2026-06-17 07:56:07 +00:00
Jonathan Miller	11141f27f4	feat: per-profile backup retention (days and count) Generic: Repo Health / Access control (push) Successful in 1s Details Generic: Repo Health / Site Health (push) Has been skipped Details Universal: Auto Version Bump / Version Bump (push) Successful in 3s Details Generic: Project CI / Lint & Validate (push) Successful in 8s Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| github.ref_name }}) (push) Successful in 6s Details Generic: Project CI / Tests (push) Has been cancelled Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Each profile can now set its own retention_days and retention_count. A value of 0 means use the global default from component options. Cleanup logic refactored to iterate per-profile with individual retention thresholds. Also cleans up orphaned records where the parent profile was deleted. Log files alongside archives are now removed during cleanup. Extracted deleteBackupRecord() helper for consistent file+DB cleanup.	2026-06-17 02:55:55 -05:00
gitea-actions[bot]	89047cdf02	chore(release): build 01.21.00 [skip ci]	2026-06-16 17:06:32 +00:00
gitea-actions[bot]	c50a39226b	chore(version): pre-release bump to 01.20.00-rc [skip ci]	2026-06-16 12:01:10 +00:00
gitea-actions[bot]	ff3c1ed977	chore(version): pre-release bump to 01.19.00-rc [skip ci]	2026-06-15 09:33:39 +00:00
gitea-actions[bot]	74a14f5fe4	chore(version): pre-release bump to 01.18.03-dev [skip ci]	2026-06-15 09:33:25 +00:00
Jonathan Miller	5f04332fc5	feat: ntfy push notification support per backup profile Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 1s Details Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 6s Details Joomla: Extension CI / Lint & Validate (pull_request) Failing after 10s Details Universal: Auto Version Bump / Version Bump (push) Successful in 15s Details Generic: Repo Health / Access control (pull_request) Successful in 2s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 10s Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| github.ref_name }}) (push) Successful in 14s Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled Details Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled Details Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details Add ntfy (https://ntfy.sh) push notifications alongside email. Each backup profile can configure its own ntfy topic, server, and access token independently. - New profile fields: ntfy_topic, ntfy_server (default ntfy.sh), ntfy_token (optional, for private topics) - NotificationSender sends both email and ntfy in parallel - Uses priority 5 (urgent) for failures, 3 (default) for success - Includes backup status emoji, profile name, type, archive, size - 10-second timeout to prevent blocking backup completion - SQL migration 01.18.00 adds columns to profiles table	2026-06-15 04:32:57 -05:00
gitea-actions[bot]	77667d436a	chore(version): pre-release bump to 01.18.02-dev [skip ci]	2026-06-15 06:10:22 +00:00
Jonathan Miller	c466839a40	fix: final review — SQL injection, input escaping, undefined var Generic: Repo Health / Access control (push) Successful in 1s Details Generic: Repo Health / Site Health (push) Has been skipped Details Universal: PR Check / Branch Policy (pull_request) Successful in 1s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Generic: Repo Health / Access control (pull_request) Successful in 2s Details Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 3s Details Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 6s Details Joomla: Extension CI / Lint & Validate (pull_request) Failing after 6s Details Universal: Auto Version Bump / Version Bump (push) Successful in 9s Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| github.ref_name }}) (push) Successful in 6s Details Universal: PR Check / Validate PR (pull_request) Failing after 20s Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled Details Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled Details Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details Critical/High: - Fix undefined $configFile → $configPath in from-scratch config path - Escape all user input with addcslashes before interpolating into configuration.php (both regex-replace and HEREDOC paths) - Add getValidatedPrefix() helper — validates db_prefix format before use in SQL table names across all restore functions - fixPackageClientId() now warns user via enqueueMessage on failure - sanitizeConfiguration() logs error on file read failure Medium: - Content-Disposition header uses RFC 6266 rawurlencode (both admin and API download controllers) - Remove @unlink suppression, log warning on failure - viewLog() catch block now logs exception context - writeDefaultHtaccess() checks copy/write, returns status to caller - actionConfig() checks file_put_contents return value	2026-06-15 01:10:04 -05:00
gitea-actions[bot]	bb0f04ec15	chore(version): pre-release bump to 01.18.01-dev [skip ci]	2026-06-15 05:50:02 +00:00
Jonathan Miller	b0fa2cceba	fix: address final review — garbled code, error handling, write checks Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 3s Details Universal: PR Check / Branch Policy (pull_request) Successful in 2s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Generic: Repo Health / Access control (pull_request) Successful in 3s Details Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 8s Details Joomla: Extension CI / Lint & Validate (pull_request) Failing after 13s Details Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 15s Details Universal: Auto Version Bump / Version Bump (push) Successful in 18s Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| github.ref_name }}) (push) Successful in 16s Details Universal: PR Check / Validate PR (pull_request) Failing after 47s Details Generic: Repo Health / Scripts governance (push) Has been cancelled Details Generic: Repo Health / Repository health (push) Has been cancelled Details Generic: Repo Health / Report Issues (push) Has been cancelled Details Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled Details Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled Details Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details Critical: - Fix garbled getDbConnection() in MokoRestore — duplicated lines and broken regex causing parse errors in the standalone restore script High: - fixPackageClientId() now warns user via enqueueMessage on failure - sanitizeConfiguration() logs error when file read fails - actionConfig() checks file_put_contents return value on both paths - writeDefaultHtaccess() returns status string, checks copy and write, callers append warnings to response message Medium: - Remove @unlink suppression before archive rename, log warning - viewLog() catch block now logs exception message for diagnostics	2026-06-15 00:49:28 -05:00
gitea-actions[bot]	a6de692639	chore(version): pre-release bump to 01.18.00-rc [skip ci]	2026-06-15 05:36:22 +00:00
gitea-actions[bot]	f418d48597	chore(version): pre-release bump to 01.17.01-dev [skip ci]	2026-06-15 05:35:24 +00:00

1 2 3 4

159 Commits