ff3c1ed977
chore(version): pre-release bump to 01.19.00-rc [skip ci]
2026-06-15 09:33:39 +00:00
74a14f5fe4
chore(version): pre-release bump to 01.18.03-dev [skip ci]
2026-06-15 09:33:25 +00:00
5f04332fc5
feat: ntfy push notification support per backup profile
...
Generic: Repo Health / Scripts governance (push) Blocked by required conditions
Generic: Repo Health / Repository health (push) Blocked by required conditions
Generic: Repo Health / Report Issues (push) Blocked by required conditions
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions
Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions
Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions
Generic: Repo Health / Repository health (pull_request) Blocked by required conditions
Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 1s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 6s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 10s
Universal: Auto Version Bump / Version Bump (push) Successful in 15s
Generic: Repo Health / Access control (pull_request) Successful in 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 10s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 14s
Add ntfy (https://ntfy.sh ) push notifications alongside email.
Each backup profile can configure its own ntfy topic, server, and
access token independently.
- New profile fields: ntfy_topic, ntfy_server (default ntfy.sh),
ntfy_token (optional, for private topics)
- NotificationSender sends both email and ntfy in parallel
- Uses priority 5 (urgent) for failures, 3 (default) for success
- Includes backup status emoji, profile name, type, archive, size
- 10-second timeout to prevent blocking backup completion
- SQL migration 01.18.00 adds columns to profiles table
2026-06-15 04:32:57 -05:00
77667d436a
chore(version): pre-release bump to 01.18.02-dev [skip ci]
2026-06-15 06:10:22 +00:00
c466839a40
fix: final review — SQL injection, input escaping, undefined var
...
Generic: Repo Health / Scripts governance (push) Blocked by required conditions
Generic: Repo Health / Repository health (push) Blocked by required conditions
Generic: Repo Health / Report Issues (push) Blocked by required conditions
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions
Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions
Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions
Universal: PR Check / Report Issues (pull_request) Blocked by required conditions
Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions
Generic: Repo Health / Repository health (pull_request) Blocked by required conditions
Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions
Generic: Repo Health / Access control (push) Successful in 1s
Generic: Repo Health / Site Health (push) Has been skipped
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 2s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 3s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 6s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 6s
Universal: Auto Version Bump / Version Bump (push) Successful in 9s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 6s
Universal: PR Check / Validate PR (pull_request) Failing after 20s
Critical/High:
- Fix undefined $configFile → $configPath in from-scratch config path
- Escape all user input with addcslashes before interpolating into
configuration.php (both regex-replace and HEREDOC paths)
- Add getValidatedPrefix() helper — validates db_prefix format before
use in SQL table names across all restore functions
- fixPackageClientId() now warns user via enqueueMessage on failure
- sanitizeConfiguration() logs error on file read failure
Medium:
- Content-Disposition header uses RFC 6266 rawurlencode (both admin
and API download controllers)
- Remove @unlink suppression, log warning on failure
- viewLog() catch block now logs exception context
- writeDefaultHtaccess() checks copy/write, returns status to caller
- actionConfig() checks file_put_contents return value
2026-06-15 01:10:04 -05:00
bb0f04ec15
chore(version): pre-release bump to 01.18.01-dev [skip ci]
2026-06-15 05:50:02 +00:00
b0fa2cceba
fix: address final review — garbled code, error handling, write checks
...
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 3s
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 3s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 8s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 13s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 15s
Universal: Auto Version Bump / Version Bump (push) Successful in 18s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 16s
Universal: PR Check / Validate PR (pull_request) Failing after 47s
Generic: Repo Health / Scripts governance (push) Has been cancelled
Generic: Repo Health / Repository health (push) Has been cancelled
Generic: Repo Health / Report Issues (push) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Critical:
- Fix garbled getDbConnection() in MokoRestore — duplicated lines and
broken regex causing parse errors in the standalone restore script
High:
- fixPackageClientId() now warns user via enqueueMessage on failure
- sanitizeConfiguration() logs error when file read fails
- actionConfig() checks file_put_contents return value on both paths
- writeDefaultHtaccess() returns status string, checks copy and write,
callers append warnings to response message
Medium:
- Remove @unlink suppression before archive rename, log warning
- viewLog() catch block now logs exception message for diagnostics
2026-06-15 00:49:28 -05:00
a6de692639
chore(version): pre-release bump to 01.18.00-rc [skip ci]
2026-06-15 05:36:22 +00:00
f418d48597
chore(version): pre-release bump to 01.17.01-dev [skip ci]
2026-06-15 05:35:24 +00:00
79e577edf0
fix: set package client_id to 0 (site) for update matching
...
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 2s
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Generic: Repo Health / Access control (pull_request) Successful in 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 7s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 7s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 9s
Universal: Auto Version Bump / Version Bump (push) Successful in 13s
Universal: PR Check / Validate PR (pull_request) Failing after 11s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 10s
Generic: Repo Health / Scripts governance (push) Has been cancelled
Generic: Repo Health / Repository health (push) Has been cancelled
Generic: Repo Health / Report Issues (push) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Joomla packages must have client_id=0 in #__extensions for the
updater to match against <client>site</client> in updates.xml.
The package was incorrectly registered with client_id=1 (admin),
causing updates to be invisible in the Joomla update manager.
Adds fixPackageClientId() to postflight so it self-corrects on
every install/update.
2026-06-15 00:35:00 -05:00
dc1089e6bf
chore(version): pre-release bump to 01.17.00-rc [skip ci]
2026-06-15 05:12:33 +00:00
34d55ea300
chore(version): pre-release bump to 01.16.00-rc [skip ci]
2026-06-15 02:23:26 +00:00
c212a3d179
chore(version): pre-release bump to 01.15.03-dev [skip ci]
2026-06-15 02:23:09 +00:00
b785b0e748
feat: add .htaccess reset option to MokoRestore
...
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 2s
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Generic: Repo Health / Access control (pull_request) Successful in 1s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 5s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 5s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 7s
Universal: Auto Version Bump / Version Bump (push) Successful in 10s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 6s
Universal: PR Check / Validate PR (pull_request) Failing after 19s
Generic: Repo Health / Scripts governance (push) Has been cancelled
Generic: Repo Health / Repository health (push) Has been cancelled
Generic: Repo Health / Report Issues (push) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Add checkbox in Step 4 to reset .htaccess to Joomla defaults.
Backs up existing as .htaccess.bak before overwriting. Optional
and unchecked by default to preserve custom rules.
2026-06-14 21:22:45 -05:00
cb3f1ab3cc
chore(version): pre-release bump to 01.15.02-dev [skip ci]
2026-06-14 20:30:35 +00:00
3a6354e648
refactor: store config as .bak, rebuild on restore
...
Generic: Repo Health / Access control (push) Successful in 1s
Generic: Repo Health / Site Health (push) Has been skipped
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 3s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Generic: Repo Health / Access control (pull_request) Successful in 1s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 5s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 6s
Universal: Auto Version Bump / Version Bump (push) Successful in 8s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 6s
Universal: PR Check / Validate PR (pull_request) Failing after 18s
Generic: Repo Health / Scripts governance (push) Has been cancelled
Generic: Repo Health / Repository health (push) Has been cancelled
Generic: Repo Health / Report Issues (push) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Instead of storing a sanitized configuration.php in the archive,
save it as configuration.php.bak with credentials stripped. No
configuration.php exists in the archive — it's rebuilt from the
.bak template + user-provided credentials during restore.
Backup side:
- configuration.php stored as configuration.php.bak (sanitized)
- No configuration.php in the archive (prevents accidental use)
MokoRestore side:
- Reads .bak as base template (preserves non-sensitive settings:
debug, cache, SEF, editor, timezone, etc.)
- Replaces all sanitized fields with user input
- Clears proxy/Redis/TLS placeholders to empty strings
- Deletes .bak after successful rebuild
- Falls back to configuration.php for legacy backups
FileRestorer:
- Added configuration.php.bak to skip list
2026-06-14 15:30:17 -05:00
f43664dbef
chore(version): pre-release bump to 01.15.01-dev [skip ci]
2026-06-14 20:26:13 +00:00
c96444fe80
feat: add SMTP fields to MokoRestore config step
...
Generic: Repo Health / Access control (push) Successful in 1s
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 1s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 5s
Universal: Auto Version Bump / Version Bump (push) Successful in 8s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 4s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 4s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 6s
Generic: Repo Health / Scripts governance (push) Has been cancelled
Generic: Repo Health / Repository health (push) Has been cancelled
Generic: Repo Health / Report Issues (push) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Since configuration.php is now sanitized in backups, MokoRestore
needs UI fields for the stripped SMTP credentials. Adds:
- SMTP Host, User, Password fields in Step 4 (Site Configuration)
- Clean card-based layout with General and Mail sections
- Only replaces SMTP values if provided (blank = leave existing)
- Pre-fills SMTP fields from extracted config (if not sanitized)
- Expanded info banner explaining secret key regeneration
2026-06-14 15:25:58 -05:00
a97db76caf
chore(version): pre-release bump to 01.15.00-rc [skip ci]
2026-06-14 20:07:46 +00:00
1dee5ad3a9
chore(version): pre-release bump to 01.14.01-dev [skip ci]
2026-06-14 20:07:39 +00:00
2ff76263ff
fix: recompute checksum after MokoRestore wrapping
...
Generic: Repo Health / Access control (push) Successful in 1s
Generic: Repo Health / Site Health (push) Has been skipped
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 1s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 4s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 7s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 7s
Universal: Auto Version Bump / Version Bump (push) Successful in 10s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 6s
Universal: PR Check / Validate PR (pull_request) Failing after 23s
Generic: Repo Health / Scripts governance (push) Has been cancelled
Generic: Repo Health / Repository health (push) Has been cancelled
Generic: Repo Health / Report Issues (push) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
The SHA-256 checksum was computed before the MokoRestore wrap step,
then the archive was replaced with the wrapped version without
recomputing the hash. This left the checksum column empty or stale
for MokoRestore-wrapped backups.
2026-06-14 15:07:18 -05:00
0b7c61ce17
chore(version): pre-release bump to 01.14.00-rc [skip ci]
2026-06-14 19:43:46 +00:00
44b82da2cf
chore(version): pre-release bump to 01.13.01-dev [skip ci]
2026-06-14 19:43:20 +00:00
2f490c3208
feat: sanitize configuration.php in backups
...
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 2s
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 1s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 4s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 5s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 5s
Universal: PR Check / Validate PR (pull_request) Failing after 7s
Universal: Auto Version Bump / Version Bump (push) Successful in 12s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 8s
Generic: Repo Health / Scripts governance (push) Has been cancelled
Generic: Repo Health / Repository health (push) Has been cancelled
Generic: Repo Health / Report Issues (push) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Strip sensitive credentials from configuration.php before adding it
to the backup archive. Replaced fields use [SANITIZED:field] placeholders:
- Database: host, user, password, db
- Security: secret
- SMTP: smtpuser, smtppass, smtphost
- Proxy: proxy_user, proxy_pass
- Redis: redis_server_auth, session_redis_server_auth
- DB TLS: dbsslkey, dbsslcert, dbsslca
Non-sensitive fields (sitename, debug, cache, SEF, paths, etc.)
are preserved as-is for inspection and partial restores.
MokoRestore detects sanitized placeholders and leaves those form
fields blank so the user must enter fresh credentials (like the
Joomla installer). In-Joomla restore is unaffected because
RestoreEngine preserves the current site's configuration.php.
Applied to both BackupEngine (synchronous) and SteppedBackupEngine
(AJAX-based) code paths.
2026-06-14 14:42:54 -05:00
88b930835a
chore(version): pre-release bump to 01.13.00-rc [skip ci]
2026-06-13 13:03:08 +00:00
67f2637319
chore(version): pre-release bump to 01.12.01-dev [skip ci]
2026-06-13 13:02:24 +00:00
e745735ccd
feat: auto-backup before extension update or uninstall
...
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 2s
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 1s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 5s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 5s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 5s
Universal: PR Check / Validate PR (pull_request) Failing after 8s
Universal: Auto Version Bump / Version Bump (push) Successful in 9s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 6s
Generic: Repo Health / Scripts governance (push) Has been cancelled
Generic: Repo Health / Repository health (push) Has been cancelled
Generic: Repo Health / Report Issues (push) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Add two new options in component config (Pre-action Backups fieldset):
- Backup Before Extension Update (default: No)
- Backup Before Extension Uninstall (default: No)
System plugin subscribes to onExtensionBeforeUpdate and
onExtensionBeforeUninstall events. When enabled, runs a full backup
using the default profile before any extension is updated or
uninstalled. Throttled to once per 10 minutes via session flag to
prevent duplicate backups during batch operations.
2026-06-13 08:02:07 -05:00
330e7d96fe
chore(version): pre-release bump to 01.12.00-rc [skip ci]
2026-06-13 12:43:23 +00:00
a5a19b9872
chore(version): pre-release bump to 01.11.01-dev [skip ci]
2026-06-13 12:42:40 +00:00
c381829fc5
fix: ACL review — missing checks, HTTP status codes, memory safety
...
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 1s
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 1s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 3s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 5s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 5s
Universal: Auto Version Bump / Version Bump (push) Successful in 7s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 6s
Universal: PR Check / Validate PR (pull_request) Failing after 20s
Generic: Repo Health / Scripts governance (push) Has been cancelled
Generic: Repo Health / Repository health (push) Has been cancelled
Generic: Repo Health / Report Issues (push) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
- Add ACL check (core.manage) to verify() — was completely unguarded
- Add checkToken('get') to download() for CSRF protection
- Wrap all setMessage() calls in Text::_() for proper translation
- Add HTTP 403 status to all AJAX token/ACL denial responses
- Add $status param to sendJson() helper
- Wrap viewLog() DB query in try-catch, return JSON error on failure
- Fix viewLog() file_get_contents to detect read errors vs missing
- Replace API download() file_get_contents + base64 with streaming
readfile() to prevent memory exhaustion on large backups
- Gate backup profile selector in template behind backup.run permission
2026-06-13 07:42:23 -05:00
a9ab2b8ccc
chore(version): pre-release bump to 01.11.00-rc [skip ci]
2026-06-13 12:24:42 +00:00
75f5b2dfb8
chore(version): pre-release bump to 01.10.02-dev [skip ci]
2026-06-13 12:24:12 +00:00
ff5f0108b9
feat: wire up ACL permission checks across all controllers and views
...
Generic: Repo Health / Access control (push) Successful in 1s
Generic: Repo Health / Site Health (push) Has been skipped
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 1s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 3s
Universal: Auto Version Bump / Version Bump (push) Successful in 8s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 6s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 6s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 6s
Universal: PR Check / Validate PR (pull_request) Failing after 20s
Generic: Repo Health / Scripts governance (push) Has been cancelled
Generic: Repo Health / Repository health (push) Has been cancelled
Generic: Repo Health / Report Issues (push) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Enforce granular permissions defined in access.xml:
Controllers (server-side enforcement):
- BackupsController: start() → backup.run, download() → backup.download,
restore() → backup.restore
- AjaxController: init()/step() → backup.run, browseDir()/viewLog() →
core.manage
- API BackupsController: backup() → backup.run, download() →
backup.download, profiles() → core.manage
- ProfilesController: importAkeeba() → core.create
Views (toolbar button visibility):
- Backups: conditionally show Start, Restore, Delete, Preferences
- Profiles: conditionally show Add, Edit, Import, Delete, Preferences
- Profile edit: conditionally show Save/Apply based on create/edit
Templates:
- Backups list: hide download button when backup.download denied
2026-06-13 07:23:57 -05:00
0d154adf13
chore(version): pre-release bump to 01.10.01-dev [skip ci]
2026-06-13 12:09:34 +00:00
7071b92a19
feat: add granular ACL permissions via access.xml
...
Generic: Repo Health / Access control (push) Successful in 1s
Generic: Repo Health / Site Health (push) Has been skipped
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 2s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 4s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 6s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 6s
Universal: Auto Version Bump / Version Bump (push) Successful in 9s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 7s
Universal: PR Check / Validate PR (pull_request) Failing after 22s
Generic: Repo Health / Scripts governance (push) Has been cancelled
Generic: Repo Health / Repository health (push) Has been cancelled
Generic: Repo Health / Report Issues (push) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Add access.xml with standard Joomla core actions (admin, options,
manage, create, delete, edit, edit.state) plus three custom actions
for backup-specific operations:
- mokosuitebackup.backup.run — trigger backup operations
- mokosuitebackup.backup.download — download archive files (contains
full database and site files)
- mokosuitebackup.backup.restore — restore from backup (destructive)
Also includes: remaining review fixes for enqueueMessage consistency
in ensureSubmenuItems, syncMenuIcons, warnMissingLicenseKey catch
blocks, and index.html write check in createBackupDirectory.
2026-06-13 07:09:21 -05:00
79a476c7fc
chore(version): pre-release bump to 01.10.00-rc [skip ci]
2026-06-13 11:31:40 +00:00
5394cf6821
chore(version): pre-release bump to 01.09.01-dev [skip ci]
2026-06-13 11:31:33 +00:00
eb0b41101b
fix: add user-facing warnings for remaining silent failures
...
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 2s
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 1s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 5s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 11s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 12s
Universal: Auto Version Bump / Version Bump (push) Successful in 14s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 8s
Universal: PR Check / Validate PR (pull_request) Failing after 31s
Generic: Repo Health / Scripts governance (push) Has been cancelled
Generic: Repo Health / Repository health (push) Has been cancelled
Generic: Repo Health / Report Issues (push) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
- preflight_saveKey: warn user if license key could not be preserved
- createDefaultScheduledTask: warn user to create task manually
- migrateDefaultBackupDir: warn user to review profile settings
- createBackupDirectory: warn if .htaccess protection file fails
- boot(): widen catch to \Exception for consistency
2026-06-13 06:31:13 -05:00
ba8d9fa556
chore(version): pre-release bump to 01.09.00-rc [skip ci]
2026-06-13 04:00:52 +00:00
cd9535d3db
chore(version): pre-release bump to 01.08.18-dev [skip ci]
2026-06-13 00:22:39 +00:00
5393180eb9
fix: address PR review — error handling, security, code quality
...
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 2s
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 2s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 7s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 8s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 12s
Universal: Auto Version Bump / Version Bump (push) Successful in 15s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 7s
Universal: PR Check / Validate PR (pull_request) Failing after 26s
Generic: Repo Health / Scripts governance (push) Has been cancelled
Generic: Repo Health / Repository health (push) Has been cancelled
Generic: Repo Health / Report Issues (push) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
- Move uninstall guard to top of postflight()
- Refactor plugin enables into loop with per-plugin try-catch
- Replace @mkdir with createBackupDirectory() — check result, warn
user, add .htaccess + index.html protection
- Merge menu_icon into existing params instead of overwriting
- Add HtmlDocument type check in boot(), narrow catch to RuntimeException
- Add Joomla version check in preflight()
- Add error_log on missing parent/component in ensureSubmenuItems()
- Rename warnDefaultBackupDir → migrateDefaultBackupDir
- Narrow all \Throwable catches to \Exception
- Warn user on restoreDownloadKey failure via enqueueMessage
- Use null-safe operator for getIdentity()?->id
- Remove orphaned docblock, fix ensureSubmenuItems docblock
- Tighten syncMenuIcons LIKE pattern
2026-06-12 19:22:16 -05:00
59fac1bf08
chore(version): pre-release bump to 01.08.17-dev [skip ci]
2026-06-12 03:26:53 +00:00
e0c8f6a6d1
docs: update changelog with submenu and icon fixes
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 2s
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Generic: Repo Health / Access control (pull_request) Successful in 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 8s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 9s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 11s
Universal: PR Check / Validate PR (pull_request) Failing after 14s
Universal: Auto Version Bump / Version Bump (push) Successful in 20s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 20s
Generic: Repo Health / Scripts governance (push) Has been cancelled
Generic: Repo Health / Repository health (push) Has been cancelled
Generic: Repo Health / Report Issues (push) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
2026-06-11 22:22:49 -05:00
9e3a059459
chore(version): pre-release bump to 01.08.16-dev [skip ci]
2026-06-12 03:19:07 +00:00
e61a5a5647
chore(version): pre-release bump to 01.08.15-dev [skip ci]
2026-06-12 03:18:54 +00:00
f471ca5fd1
fix: set menu_icon param for submenu items to render icons
...
Generic: Repo Health / Access control (push) Successful in 2s
Generic: Repo Health / Site Health (push) Has been skipped
Universal: Auto Version Bump / Version Bump (push) Successful in 14s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 13s
Generic: Repo Health / Scripts governance (push) Has been cancelled
Generic: Repo Health / Repository health (push) Has been cancelled
Generic: Repo Health / Report Issues (push) Has been cancelled
Joomla 6's mod_menu only renders the img column as an icon span for
level 1 items. For level 2+ items, the menu_icon param in the JSON
params column is used instead. Set this param on both new and existing
submenu items so icons render correctly.
2026-06-11 22:18:27 -05:00
9b543e786e
chore(version): pre-release bump to 01.08.14-dev [skip ci]
2026-06-12 03:15:37 +00:00
5bada9933a
chore(version): pre-release bump to 01.08.13-dev [skip ci]
2026-06-12 03:15:22 +00:00
7ba0468907
fix: submenu icons not rendering in Joomla 6
...
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 2s
Universal: Auto Version Bump / Version Bump (push) Successful in 14s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 15s
Generic: Repo Health / Scripts governance (push) Has been cancelled
Generic: Repo Health / Repository health (push) Has been cancelled
Generic: Repo Health / Report Issues (push) Has been cancelled
The CSS selector #menu doesn't exist in Joomla 6 — mod_menu uses
id="menu{moduleId}" (dynamic). Switch to .main-nav class selector
which is stable across Joomla 4/5/6. Also use margin-inline-end
for RTL support.
2026-06-11 22:14:56 -05:00
e93a25c9d2
chore(version): pre-release bump to 01.08.12-dev [skip ci]
2026-06-12 02:55:13 +00:00
gitea-actions[bot]