From fc41e1801a6a6d53508601e2fb94240e94e0b048 Mon Sep 17 00:00:00 2001
From: Jonathan Miller <jmiller-moko@noreply.git.mokoconsulting.tech>
Date: Tue, 23 Jun 2026 11:35:48 -0500
Subject: [PATCH 1/2] fix: placeholder resolution display + CSRF token on Run
 Backup button

FolderPickerField: shows resolved placeholder values below input as
badges (e.g. [HOME]=/home/user, [host]=example.com), plus full
resolved path. Updates live as user types.

BackupsController::start(): accept CSRF token from both GET and POST
so the "Run Backup Now" link button on profile edit works without
triggering "security token did not match" error.
---
 .../src/Controller/BackupsController.php      | 10 +++-
 .../src/Field/FolderPickerField.php           | 49 +++++++++++++++++++
 2 files changed, 58 insertions(+), 1 deletion(-)

diff --git a/source/packages/com_mokosuitebackup/src/Controller/BackupsController.php b/source/packages/com_mokosuitebackup/src/Controller/BackupsController.php
index 5e1e9e6..ef63aeb 100644
--- a/source/packages/com_mokosuitebackup/src/Controller/BackupsController.php
+++ b/source/packages/com_mokosuitebackup/src/Controller/BackupsController.php
@@ -15,6 +15,7 @@ defined('_JEXEC') or die;
 use Joomla\CMS\Language\Text;
 use Joomla\CMS\MVC\Controller\AdminController;
 use Joomla\CMS\Router\Route;
+use Joomla\CMS\Session\Session;
 use Joomla\Component\MokoSuiteBackup\Administrator\Engine\BackupEngine;
 use Joomla\Component\MokoSuiteBackup\Administrator\Engine\RestoreEngine;
 
@@ -34,7 +35,14 @@ class BackupsController extends AdminController
 	 */
 	public function start(): void
 	{
-		$this->checkToken();
+		/* Accept token from both GET (profile Run button) and POST (backup form).
+		   Joomla's checkToken() throws on failure, so try GET first. */
+		if (!Session::checkToken('get') && !Session::checkToken('post')) {
+			$this->setMessage(Text::_('JINVALID_TOKEN_NOTICE'), 'error');
+			$this->setRedirect(Route::_('index.php?option=com_mokosuitebackup&view=backups', false));
+
+			return;
+		}
 
 		if (!$this->app->getIdentity()->authorise('mokosuitebackup.backup.run', 'com_mokosuitebackup')) {
 			$this->setMessage(Text::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN'), 'error');
diff --git a/source/packages/com_mokosuitebackup/src/Field/FolderPickerField.php b/source/packages/com_mokosuitebackup/src/Field/FolderPickerField.php
index 6ecb23b..4177a56 100644
--- a/source/packages/com_mokosuitebackup/src/Field/FolderPickerField.php
+++ b/source/packages/com_mokosuitebackup/src/Field/FolderPickerField.php
@@ -117,6 +117,8 @@ class FolderPickerField extends FormField
 		{$statusDetail}
 	</small>
 </div>
+<div class="mt-1" id="{$id}_resolved" style="font-size:0.8rem; line-height:1.6;">
+</div>
 <div id="{$id}_defaultwarn" class="alert alert-warning alert-sm mt-1 py-1 px-2" style="display:none; font-size:0.85rem;">
 	<span class="icon-warning-circle" aria-hidden="true"></span>
 	The default backup directory is inside the web root. Backup archives may be directly downloadable if <code>.htaccess</code> is not supported. For better security, use a path outside the web root.
@@ -284,8 +286,54 @@ class FolderPickerField extends FormField
 		});
 	}
 
+	/* Show which placeholders are in use and their resolved values */
+	var resolvedDiv = document.getElementById(fieldId + '_resolved');
+
+	function updateResolvedDisplay() {
+		while (resolvedDiv.firstChild) resolvedDiv.removeChild(resolvedDiv.firstChild);
+		var val = input.value || '';
+		var found = false;
+
+		for (var key in placeholders) {
+			if (val.indexOf(key) !== -1 && placeholders[key]) {
+				found = true;
+				var badge = document.createElement('span');
+				badge.className = 'badge bg-light text-dark border me-1 mb-1';
+				badge.style.fontSize = '0.75rem';
+				badge.style.fontFamily = 'monospace';
+
+				var keySpan = document.createElement('strong');
+				keySpan.textContent = key;
+				badge.appendChild(keySpan);
+
+				badge.appendChild(document.createTextNode(' = '));
+
+				var valSpan = document.createElement('span');
+				valSpan.className = 'text-primary';
+				valSpan.textContent = placeholders[key];
+				badge.appendChild(valSpan);
+
+				resolvedDiv.appendChild(badge);
+			}
+		}
+
+		if (found) {
+			var fullResolved = document.createElement('div');
+			fullResolved.className = 'mt-1';
+			var arrow = document.createElement('span');
+			arrow.className = 'text-muted';
+			arrow.textContent = 'Resolves to: ';
+			fullResolved.appendChild(arrow);
+			var code = document.createElement('code');
+			code.textContent = resolve(val);
+			fullResolved.appendChild(code);
+			resolvedDiv.appendChild(fullResolved);
+		}
+	}
+
 	input.addEventListener('input', function() {
 		clearTimeout(checkTimer);
+		updateResolvedDisplay();
 		checkTimer = setTimeout(checkDirPermissions, 400);
 	});
 
@@ -399,6 +447,7 @@ class FolderPickerField extends FormField
 
 	// Run initial check on page load
 	setDefaultDirWarning();
+	updateResolvedDisplay();
 	checkDirPermissions();
 })();
 </script>
-- 
2.52.0


From e7f165ac96677403fc9c658099e34870c302a392 Mon Sep 17 00:00:00 2001
From: "gitea-actions[bot]" <gitea-actions[bot]@mokoconsulting.tech>
Date: Tue, 23 Jun 2026 16:36:09 +0000
Subject: [PATCH 2/2] chore(version): pre-release bump to 01.38.02-dev [skip
 ci]

---
 .mokogitea/workflows/issue-branch.yml                           | 2 +-
 README.md                                                       | 2 +-
 source/packages/com_mokosuitebackup/mokosuitebackup.xml         | 2 +-
 .../packages/plg_actionlog_mokosuitebackup/mokosuitebackup.xml  | 2 +-
 source/packages/plg_console_mokosuitebackup/mokosuitebackup.xml | 2 +-
 source/packages/plg_content_mokosuitebackup/mokosuitebackup.xml | 2 +-
 .../packages/plg_quickicon_mokosuitebackup/mokosuitebackup.xml  | 2 +-
 source/packages/plg_system_mokosuitebackup/mokosuitebackup.xml  | 2 +-
 source/packages/plg_task_mokosuitebackup/mokosuitebackup.xml    | 2 +-
 .../plg_webservices_mokosuitebackup/mokosuitebackup.xml         | 2 +-
 source/pkg_mokosuitebackup.xml                                  | 2 +-
 11 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/.mokogitea/workflows/issue-branch.yml b/.mokogitea/workflows/issue-branch.yml
index 5a995a6..6a28af8 100644
--- a/.mokogitea/workflows/issue-branch.yml
+++ b/.mokogitea/workflows/issue-branch.yml
@@ -5,7 +5,7 @@
 # FILE INFORMATION
 # DEFGROUP: Gitea.Workflow
 # INGROUP: mokocli.Automation
-# VERSION: 01.38.01
+# VERSION: 01.38.02
 # BRIEF: Auto-create feature branch when an issue is opened
 
 name: "Universal: Issue Branch"
diff --git a/README.md b/README.md
index b01da38..e72eee5 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # MokoSuiteBackup
 
-<!-- VERSION: 01.38.01 -->
+<!-- VERSION: 01.38.02 -->
 
 Full-site backup and restore for Joomla — database, files, and configuration.
 
diff --git a/source/packages/com_mokosuitebackup/mokosuitebackup.xml b/source/packages/com_mokosuitebackup/mokosuitebackup.xml
index b77bbe1..1cdf2c2 100644
--- a/source/packages/com_mokosuitebackup/mokosuitebackup.xml
+++ b/source/packages/com_mokosuitebackup/mokosuitebackup.xml
@@ -7,7 +7,7 @@
  -->
 <extension type="component" method="upgrade">
 	<name>MokoSuiteBackup</name>
-	<version>01.38.01</version>
+	<version>01.38.02</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
diff --git a/source/packages/plg_actionlog_mokosuitebackup/mokosuitebackup.xml b/source/packages/plg_actionlog_mokosuitebackup/mokosuitebackup.xml
index 5493ccd..c8bf788 100644
--- a/source/packages/plg_actionlog_mokosuitebackup/mokosuitebackup.xml
+++ b/source/packages/plg_actionlog_mokosuitebackup/mokosuitebackup.xml
@@ -7,7 +7,7 @@
  -->
 <extension type="plugin" group="actionlog" method="upgrade">
 	<name>Action Log - MokoSuiteBackup</name>
-	<version>01.38.01</version>
+	<version>01.38.02</version>
 	<creationDate>2026-06-04</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
diff --git a/source/packages/plg_console_mokosuitebackup/mokosuitebackup.xml b/source/packages/plg_console_mokosuitebackup/mokosuitebackup.xml
index 7a2a968..070967a 100644
--- a/source/packages/plg_console_mokosuitebackup/mokosuitebackup.xml
+++ b/source/packages/plg_console_mokosuitebackup/mokosuitebackup.xml
@@ -7,7 +7,7 @@
  -->
 <extension type="plugin" group="console" method="upgrade">
 	<name>Console - MokoSuiteBackup</name>
-	<version>01.38.01</version>
+	<version>01.38.02</version>
 	<creationDate>2026-06-04</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
diff --git a/source/packages/plg_content_mokosuitebackup/mokosuitebackup.xml b/source/packages/plg_content_mokosuitebackup/mokosuitebackup.xml
index 2bf7dda..a3f45b8 100644
--- a/source/packages/plg_content_mokosuitebackup/mokosuitebackup.xml
+++ b/source/packages/plg_content_mokosuitebackup/mokosuitebackup.xml
@@ -7,7 +7,7 @@
  -->
 <extension type="plugin" group="content" method="upgrade">
 	<name>Content - MokoSuiteBackup</name>
-	<version>01.38.01</version>
+	<version>01.38.02</version>
 	<creationDate>2026-06-04</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
diff --git a/source/packages/plg_quickicon_mokosuitebackup/mokosuitebackup.xml b/source/packages/plg_quickicon_mokosuitebackup/mokosuitebackup.xml
index ca0d0a7..0cf4056 100644
--- a/source/packages/plg_quickicon_mokosuitebackup/mokosuitebackup.xml
+++ b/source/packages/plg_quickicon_mokosuitebackup/mokosuitebackup.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <extension type="plugin" group="quickicon" method="upgrade">
 	<name>Quick Icon - MokoSuiteBackup</name>
-	<version>01.38.01</version>
+	<version>01.38.02</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
diff --git a/source/packages/plg_system_mokosuitebackup/mokosuitebackup.xml b/source/packages/plg_system_mokosuitebackup/mokosuitebackup.xml
index dc02a57..657c837 100644
--- a/source/packages/plg_system_mokosuitebackup/mokosuitebackup.xml
+++ b/source/packages/plg_system_mokosuitebackup/mokosuitebackup.xml
@@ -7,7 +7,7 @@
  -->
 <extension type="plugin" group="system" method="upgrade">
 	<name>System - MokoSuiteBackup</name>
-	<version>01.38.01</version>
+	<version>01.38.02</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
diff --git a/source/packages/plg_task_mokosuitebackup/mokosuitebackup.xml b/source/packages/plg_task_mokosuitebackup/mokosuitebackup.xml
index f8f99a2..2c69f68 100644
--- a/source/packages/plg_task_mokosuitebackup/mokosuitebackup.xml
+++ b/source/packages/plg_task_mokosuitebackup/mokosuitebackup.xml
@@ -7,7 +7,7 @@
  -->
 <extension type="plugin" group="task" method="upgrade">
 	<name>Task - MokoSuiteBackup</name>
-	<version>01.38.01</version>
+	<version>01.38.02</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
diff --git a/source/packages/plg_webservices_mokosuitebackup/mokosuitebackup.xml b/source/packages/plg_webservices_mokosuitebackup/mokosuitebackup.xml
index 89ae96b..776c1f4 100644
--- a/source/packages/plg_webservices_mokosuitebackup/mokosuitebackup.xml
+++ b/source/packages/plg_webservices_mokosuitebackup/mokosuitebackup.xml
@@ -7,7 +7,7 @@
  -->
 <extension type="plugin" group="webservices" method="upgrade">
 	<name>Web Services - MokoSuiteBackup</name>
-	<version>01.38.01</version>
+	<version>01.38.02</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
diff --git a/source/pkg_mokosuitebackup.xml b/source/pkg_mokosuitebackup.xml
index 05845fb..3780b30 100644
--- a/source/pkg_mokosuitebackup.xml
+++ b/source/pkg_mokosuitebackup.xml
@@ -8,7 +8,7 @@
 <extension type="package" method="upgrade">
 	<name>Package - MokoSuiteBackup</name>
 	<packagename>mokosuitebackup</packagename>
-	<version>01.38.01</version>
+	<version>01.38.02</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
-- 
2.52.0