Compare commits
14 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 9a02b7d903 | |||
| d4fca16a13 | |||
| 90f08207ea | |||
| 3ef9bdaa48 | |||
| 7a7e804647 | |||
| 498f62e975 | |||
| f9c1c6b186 | |||
| d84ccfca31 | |||
| 8a428c6cbb | |||
| b894c95f6b | |||
| e3bd4a36ff | |||
| da9265e329 | |||
| b9c0ddf2b9 | |||
| 41e8bffd26 |
@@ -380,13 +380,10 @@ jobs:
|
||||
import sys
|
||||
version, date = sys.argv[1], sys.argv[2]
|
||||
content = open('CHANGELOG.md').read()
|
||||
marker = f'## [{version}]'
|
||||
# Idempotent: only promote when this version header isn't already present,
|
||||
# otherwise re-runs (or same-version builds) create empty duplicate headers.
|
||||
if marker not in content:
|
||||
new = f'## [Unreleased]\n\n{marker} --- {date}'
|
||||
content = content.replace('## [Unreleased]', new, 1)
|
||||
open('CHANGELOG.md', 'w').write(content)
|
||||
old = '## [Unreleased]'
|
||||
new = f'## [Unreleased]\n\n## [{version}] --- {date}'
|
||||
content = content if ('## [' + version + ']') in content else content.replace(old, new, 1)
|
||||
open('CHANGELOG.md', 'w').write(content)
|
||||
" "$VERSION" "$DATE"
|
||||
git add CHANGELOG.md
|
||||
git commit -m "chore: promote changelog [Unreleased] → [${VERSION}]" || true
|
||||
|
||||
@@ -131,10 +131,11 @@ jobs:
|
||||
test:
|
||||
name: Tests
|
||||
runs-on: ubuntu-latest
|
||||
needs: lint
|
||||
# Run only when lint succeeded; always() forces evaluation so a skipped
|
||||
# lint (e.g. template repos) skips this job cleanly instead of hanging.
|
||||
if: ${{ always() && needs.lint.result == 'success' }}
|
||||
# Independent job (no `needs: lint`): the Gitea Actions scheduler does not
|
||||
# offer the dependent 2nd job of a needs-chain to runners, so it stalls in
|
||||
# "waiting" and is reaped by ABANDONED_JOB_TIMEOUT. Guard template repos
|
||||
# directly (same condition lint uses) instead of gating on lint's result.
|
||||
if: ${{ !startsWith(github.event.repository.name, 'Template-') }}
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
# FILE INFORMATION
|
||||
# DEFGROUP: MokoGitea.Workflow
|
||||
# INGROUP: mokocli.Automation
|
||||
# VERSION: 02.58.34
|
||||
# VERSION: 02.59.00
|
||||
# BRIEF: Auto-create feature branch when an issue is opened
|
||||
|
||||
name: "Universal: Issue Branch"
|
||||
|
||||
@@ -210,7 +210,7 @@ jobs:
|
||||
|
||||
- name: Check for merge conflict markers
|
||||
run: |
|
||||
CONFLICTS=$(grep -rn '<<<<<<< \|>>>>>>> \|^=======$' --include='*.php' --include='*.xml' --include='*.css' --include='*.js' --include='*.json' --include='*.md' --include='*.yml' --include='*.yaml' --include='*.ini' --include='*.txt' . 2>/dev/null | grep -v '.git/' || true)
|
||||
CONFLICTS=$(grep -rn '<<<<<<< \|>>>>>>> \|^=======$' --exclude-dir='.git' --exclude-dir='.mokogitea' --include='*.php' --include='*.xml' --include='*.css' --include='*.js' --include='*.json' --include='*.md' --include='*.yml' --include='*.yaml' --include='*.ini' --include='*.txt' . 2>/dev/null | grep -v '.git/' || true)
|
||||
if [ -n "$CONFLICTS" ]; then
|
||||
echo "::error::Merge conflict markers found in source files"
|
||||
echo "## Conflict Markers Found" >> $GITHUB_STEP_SUMMARY
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
# INGROUP: mokocli.Release
|
||||
# REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Generic
|
||||
# PATH: /.mokogitea/workflows/pre-release.yml
|
||||
# VERSION: 05.02.00
|
||||
# VERSION: 05.02.01
|
||||
# BRIEF: Auto pre-release on push to dev/alpha/beta/rc branches
|
||||
|
||||
name: "Universal: Pre-Release"
|
||||
@@ -162,7 +162,13 @@ jobs:
|
||||
git add -A
|
||||
git diff --cached --quiet || {
|
||||
git commit -m "chore(version): pre-release bump to ${VERSION} [skip ci]"
|
||||
git push origin HEAD 2>&1
|
||||
# Push the bump commit, but do NOT fail the release if the target branch
|
||||
# is protected and the release identity is not on the push allowlist.
|
||||
# The build proceeds from the in-tree bumped version regardless; if the
|
||||
# push is rejected, the next run simply re-bumps from the same base.
|
||||
if ! git push origin HEAD 2>&1; then
|
||||
echo "::warning::Version-bump commit could not be pushed (protected branch?). Building from in-tree version ${VERSION} anyway."
|
||||
fi
|
||||
}
|
||||
|
||||
# Auto-detect element via manifest_element.php
|
||||
@@ -274,4 +280,4 @@ jobs:
|
||||
echo "| Version | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY
|
||||
echo "| Channel | ${STABILITY} |" >> $GITHUB_STEP_SUMMARY
|
||||
echo "| Package | \`${ZIP_NAME}\` |" >> $GITHUB_STEP_SUMMARY
|
||||
echo "| SHA-256 | \`${SHA256:-n/a}\` |" >> $GITHUB_STEP_SUMMARY
|
||||
echo "| SHA-256 | \`${SHA256:-n/a}\` |" >> $GITHUB_STEP_SUMMARY
|
||||
+3
-16
@@ -1,7 +1,9 @@
|
||||
# Changelog
|
||||
|
||||
## [Unreleased]
|
||||
|
||||
|
||||
## [02.59.00] --- 2026-07-12
|
||||
|
||||
### Fixed
|
||||
- Pre-update backup on the **Joomla Update** page is now **seamless** (Akeeba-style): after the full-screen backup runs, the plugin auto-ticks Joomla's "I have taken a backup" checkbox and clicks Install, so the update continues automatically instead of stopping for a second manual click.
|
||||
- Pre-update full-screen backup now actually fires on the **Joomla Update** page. The "Install the update" button posts to `option=com_joomlaupdate&layout=update` (Joomla's confirm/updating page) — carrying **only `layout=update`**, no `view`/`task` — so the previous match on `view=update`/`update.install` never triggered. The plugin now intercepts `layout=update` (as well as `view=update` and the legacy `update.install`) and returns the browser there flagged `is_backed_up=1`.
|
||||
@@ -64,18 +66,3 @@
|
||||
|
||||
### Fixed
|
||||
- Component manifest `<name>` reverted to the element-safe `MokoSuiteBackup`. The "Type - Name" convention derived element `com_component-mokosuitebackup`, registering a duplicate component and leaving the real `com_mokosuitebackup` orphaned on the old version. (#213)
|
||||
|
||||
## [02.56.07] --- 2026-07-05
|
||||
|
||||
### Security
|
||||
- Mask the FTP password in `AjaxController::maskSecrets()`/`mergeExistingSecrets()` — stored FTP remotes no longer leak their password via `listRemotes`. (#169)
|
||||
- Stop the API single-item view (`Backups/JsonapiView`) leaking the server `absolute_path`. (#187)
|
||||
- SFTP uploader uses `StrictHostKeyChecking=accept-new` instead of `no`. (#182)
|
||||
|
||||
### Fixed
|
||||
- `DatabaseDumper` writes a real newline after `DROP TABLE` (was a literal `\n`). (#179)
|
||||
- Profile-picker forms order by `id` instead of the dropped `ordering` column. (#180)
|
||||
- `uninstall.mysql.sql` now drops the snapshots table. (#181)
|
||||
- CLI snapshot delete uses the `data_file` column (was non-existent `file_path`). (#184)
|
||||
- Remove the duplicate pre-update backup (content plugin no longer subscribes to `onExtensionBeforeUpdate`). (#186)
|
||||
- `DatabaseImporter` collects non-fatal statement errors (`getErrors()`/`hasErrors()`). (#188)
|
||||
|
||||
+1
-1
@@ -23,7 +23,7 @@ DEFGROUP: Template-Joomla
|
||||
INGROUP: Template-Joomla.Documentation
|
||||
REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Joomla
|
||||
PATH: /SECURITY.md
|
||||
VERSION: 02.58.34
|
||||
VERSION: 02.59.00
|
||||
BRIEF: Security vulnerability reporting and handling policy
|
||||
-->
|
||||
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
display label there.
|
||||
-->
|
||||
<name>MokoSuiteBackup</name>
|
||||
<version>02.58.34</version>
|
||||
<version>02.59.00</version>
|
||||
<creationDate>2026-06-02</creationDate>
|
||||
<author>Moko Consulting</author>
|
||||
<authorEmail>hello@mokoconsulting.tech</authorEmail>
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
/* 02.58.34 — no schema changes */
|
||||
@@ -0,0 +1 @@
|
||||
/* 02.58.35 — no schema changes */
|
||||
@@ -0,0 +1 @@
|
||||
/* 02.58.36 — no schema changes */
|
||||
@@ -0,0 +1 @@
|
||||
/* 02.58.37 — no schema changes */
|
||||
@@ -0,0 +1 @@
|
||||
/* 02.59.00 — no schema changes */
|
||||
@@ -125,11 +125,23 @@ class SnapshotRestoreEngine
|
||||
$prefix = $db->getPrefix();
|
||||
$totalRows = 0;
|
||||
|
||||
try {
|
||||
$db->transactionStart();
|
||||
// Build list of tables to restore based on selected types
|
||||
$tablesToRestore = $this->getTablesToRestore($restoreTypes);
|
||||
|
||||
// Build list of tables to restore based on selected types
|
||||
$tablesToRestore = $this->getTablesToRestore($restoreTypes);
|
||||
/* Duplicate mode inserts brand-new records through Joomla's Table API,
|
||||
whose Nested tables (categories, tags) issue LOCK TABLES — which
|
||||
implicitly COMMITS any open transaction in MySQL/InnoDB. Wrapping it
|
||||
in transactionStart()/Rollback() would be a false atomicity promise:
|
||||
the first category/tag store would commit and defeat the rollback.
|
||||
Duplicate mode is therefore best-effort and per-item defensive (a bad
|
||||
item is skipped and logged, never fatal) rather than all-or-nothing.
|
||||
The raw-DB modes (replace/create/merge) remain fully transactional. */
|
||||
$useTransaction = ($mode !== 'duplicate');
|
||||
|
||||
try {
|
||||
if ($useTransaction) {
|
||||
$db->transactionStart();
|
||||
}
|
||||
|
||||
if ($mode === 'duplicate') {
|
||||
$totalRows = $this->restoreDuplicate($data, $restoreTypes);
|
||||
@@ -156,7 +168,9 @@ class SnapshotRestoreEngine
|
||||
}
|
||||
}
|
||||
|
||||
$db->transactionCommit();
|
||||
if ($useTransaction) {
|
||||
$db->transactionCommit();
|
||||
}
|
||||
|
||||
$this->log('Restore complete: ' . $totalRows . ' total rows');
|
||||
|
||||
@@ -188,11 +202,15 @@ class SnapshotRestoreEngine
|
||||
'log' => implode("\n", $this->log),
|
||||
];
|
||||
} catch (\Throwable $e) {
|
||||
try {
|
||||
$db->transactionRollback();
|
||||
$this->log('Transaction rolled back');
|
||||
} catch (\Exception $rollbackEx) {
|
||||
$this->log('Rollback failed: ' . $rollbackEx->getMessage());
|
||||
if ($useTransaction) {
|
||||
try {
|
||||
$db->transactionRollback();
|
||||
$this->log('Transaction rolled back');
|
||||
} catch (\Exception $rollbackEx) {
|
||||
$this->log('Rollback failed: ' . $rollbackEx->getMessage());
|
||||
}
|
||||
} else {
|
||||
$this->log('Duplicate mode is not transactional; records already inserted are left in place.');
|
||||
}
|
||||
|
||||
$this->log('FATAL: ' . $e->getMessage());
|
||||
|
||||
@@ -34,6 +34,14 @@ if ($this->returnUrl !== '') {
|
||||
$decoded = base64_decode($this->returnUrl, true);
|
||||
$raw = ($decoded !== false && $decoded !== '') ? $decoded : $this->returnUrl;
|
||||
|
||||
/* Reject any backslash or control char outright: legitimate Joomla admin
|
||||
return URLs never contain them, and a browser normalises a leading "/\"
|
||||
to "//", turning a would-be root-relative path into a protocol-relative
|
||||
open redirect (e.g. "/\evil.com" → "//evil.com"). */
|
||||
if (preg_match('/[\x00-\x1f\x7f\\\\]/', $raw)) {
|
||||
$raw = '';
|
||||
}
|
||||
|
||||
$isAbsoluteHttp = (bool) preg_match('#^https?://#i', $raw);
|
||||
$isRootRelative = isset($raw[0]) && $raw[0] === '/' && (!isset($raw[1]) || $raw[1] !== '/');
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
-->
|
||||
<extension type="module" client="administrator" method="upgrade">
|
||||
<name>Module - MokoSuiteBackup - cPanel</name>
|
||||
<version>02.58.34</version>
|
||||
<version>02.59.00</version>
|
||||
<creationDate>2026-06-23</creationDate>
|
||||
<author>Moko Consulting</author>
|
||||
<authorEmail>hello@mokoconsulting.tech</authorEmail>
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
-->
|
||||
<extension type="plugin" group="actionlog" method="upgrade">
|
||||
<name>Action Log - MokoSuiteBackup</name>
|
||||
<version>02.58.34</version>
|
||||
<version>02.59.00</version>
|
||||
<creationDate>2026-06-04</creationDate>
|
||||
<author>Moko Consulting</author>
|
||||
<authorEmail>hello@mokoconsulting.tech</authorEmail>
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
-->
|
||||
<extension type="plugin" group="console" method="upgrade">
|
||||
<name>Console - MokoSuiteBackup</name>
|
||||
<version>02.58.34</version>
|
||||
<version>02.59.00</version>
|
||||
<creationDate>2026-06-04</creationDate>
|
||||
<author>Moko Consulting</author>
|
||||
<authorEmail>hello@mokoconsulting.tech</authorEmail>
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
-->
|
||||
<extension type="plugin" group="content" method="upgrade">
|
||||
<name>Content - MokoSuiteBackup</name>
|
||||
<version>02.58.34</version>
|
||||
<version>02.59.00</version>
|
||||
<creationDate>2026-06-04</creationDate>
|
||||
<author>Moko Consulting</author>
|
||||
<authorEmail>hello@mokoconsulting.tech</authorEmail>
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<extension type="plugin" group="quickicon" method="upgrade">
|
||||
<name>Quick Icon - MokoSuiteBackup</name>
|
||||
<version>02.58.34</version>
|
||||
<version>02.59.00</version>
|
||||
<creationDate>2026-06-02</creationDate>
|
||||
<author>Moko Consulting</author>
|
||||
<authorEmail>hello@mokoconsulting.tech</authorEmail>
|
||||
|
||||
@@ -70,6 +70,22 @@
|
||||
return;
|
||||
}
|
||||
|
||||
var ret = window.location.href;
|
||||
ret += (ret.indexOf('?') === -1 ? '?' : '&') + 'msb_resume=1';
|
||||
|
||||
/* Build the redirect BEFORE we swallow the click. btoa() throws on
|
||||
non-Latin1 input (e.g. a UTF-8 filter value in the query string), so
|
||||
encode as UTF-8 first; if it still fails, bail WITHOUT preventing the
|
||||
click so Joomla's own update/uninstall proceeds normally. */
|
||||
var target;
|
||||
try {
|
||||
target = cfg.runbackupUrl
|
||||
+ '&profile_id=' + encodeURIComponent(cfg.profileId)
|
||||
+ '&returnurl=' + encodeURIComponent(btoa(unescape(encodeURIComponent(ret))));
|
||||
} catch (x) {
|
||||
return;
|
||||
}
|
||||
|
||||
e.preventDefault();
|
||||
e.stopImmediatePropagation();
|
||||
|
||||
@@ -77,12 +93,7 @@
|
||||
sessionStorage.setItem(STORAGE_KEY, JSON.stringify({ task: task, cids: cids }));
|
||||
} catch (x) {}
|
||||
|
||||
var ret = window.location.href;
|
||||
ret += (ret.indexOf('?') === -1 ? '?' : '&') + 'msb_resume=1';
|
||||
|
||||
window.location.href = cfg.runbackupUrl
|
||||
+ '&profile_id=' + encodeURIComponent(cfg.profileId)
|
||||
+ '&returnurl=' + encodeURIComponent(btoa(ret));
|
||||
window.location.href = target;
|
||||
}, true);
|
||||
|
||||
/* On return from the backup screen: restore the selection and re-fire. */
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
-->
|
||||
<extension type="plugin" group="system" method="upgrade">
|
||||
<name>System - MokoSuiteBackup</name>
|
||||
<version>02.58.34</version>
|
||||
<version>02.59.00</version>
|
||||
<creationDate>2026-06-02</creationDate>
|
||||
<author>Moko Consulting</author>
|
||||
<authorEmail>hello@mokoconsulting.tech</authorEmail>
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
-->
|
||||
<extension type="plugin" group="task" method="upgrade">
|
||||
<name>Task - MokoSuiteBackup</name>
|
||||
<version>02.58.34</version>
|
||||
<version>02.59.00</version>
|
||||
<creationDate>2026-06-02</creationDate>
|
||||
<author>Moko Consulting</author>
|
||||
<authorEmail>hello@mokoconsulting.tech</authorEmail>
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
-->
|
||||
<extension type="plugin" group="webservices" method="upgrade">
|
||||
<name>Web Services - MokoSuiteBackup</name>
|
||||
<version>02.58.34</version>
|
||||
<version>02.59.00</version>
|
||||
<creationDate>2026-06-02</creationDate>
|
||||
<author>Moko Consulting</author>
|
||||
<authorEmail>hello@mokoconsulting.tech</authorEmail>
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
<extension type="package" method="upgrade">
|
||||
<name>Package - MokoSuiteBackup</name>
|
||||
<packagename>mokosuitebackup</packagename>
|
||||
<version>02.58.34</version>
|
||||
<version>02.59.00</version>
|
||||
<creationDate>2026-06-02</creationDate>
|
||||
<author>Moko Consulting</author>
|
||||
<authorEmail>hello@mokoconsulting.tech</authorEmail>
|
||||
|
||||
Reference in New Issue
Block a user