2e7e49fa60
chore(version): pre-release bump to 01.22.10-dev [skip ci]
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Universal: Build & Release / Build & Release Pipeline (pull_request) Successful in 11s
2026-06-18 15:59:59 +00:00
55954ba081
fix: remaining review items — prefix in trailing SQL, dead code, indent
...
Generic: Project CI / Tests (push) Blocked by required conditions
Generic: Project CI / Tests (pull_request) Blocked by required conditions
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions
Generic: Repo Health / Scripts governance (push) Blocked by required conditions
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions
Generic: Repo Health / Repository health (push) Blocked by required conditions
Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions
Joomla: Extension CI / Build RC Pre-Release (pull_request) Blocked by required conditions
Generic: Repo Health / Report Issues (push) Blocked by required conditions
Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions
Universal: PR Check / Report Issues (pull_request) Blocked by required conditions
Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions
Generic: Repo Health / Repository health (pull_request) Blocked by required conditions
Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions
Generic: Repo Health / Access control (push) Successful in 1s
Universal: Auto Version Bump / Version Bump (push) Successful in 3s
Generic: Repo Health / Site Health (push) Has been skipped
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 4s
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Generic: Repo Health / Access control (pull_request) Successful in 1s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 4s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 7s
Generic: Project CI / Lint & Validate (push) Successful in 42s
Generic: Project CI / Lint & Validate (pull_request) Successful in 42s
Universal: PR Check / Validate PR (pull_request) Failing after 38s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 44s
- DatabaseImporter: apply #__ prefix replacement on trailing statement
(was missing for SQL not terminated by semicolon)
- SteppedBackupEngine: remove unused DatabaseDumper instantiation
- SteppedBackupEngine: fix misaligned indentation in stepDatabase()
2026-06-18 10:59:47 -05:00
7ecc855e40
chore(version): pre-release bump to 01.22.09-dev [skip ci]
2026-06-18 15:56:16 +00:00
a4c03d0032
fix: critical review — infinite recursion, SQL injection, FK prefix
...
Generic: Project CI / Tests (push) Blocked by required conditions
Generic: Project CI / Tests (pull_request) Blocked by required conditions
Generic: Repo Health / Scripts governance (push) Blocked by required conditions
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions
Generic: Repo Health / Repository health (push) Blocked by required conditions
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions
Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions
Generic: Repo Health / Report Issues (push) Blocked by required conditions
Joomla: Extension CI / Build RC Pre-Release (pull_request) Blocked by required conditions
Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions
Universal: PR Check / Report Issues (pull_request) Blocked by required conditions
Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions
Generic: Repo Health / Repository health (pull_request) Blocked by required conditions
Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 1s
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Universal: Auto Version Bump / Version Bump (push) Successful in 4s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 5s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 5s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 1s
Universal: PR Check / Validate PR (pull_request) Failing after 7s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 7s
Generic: Project CI / Lint & Validate (push) Successful in 31s
Generic: Project CI / Lint & Validate (pull_request) Successful in 31s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 35s
Critical:
- Fix infinite recursion in getValidatedPrefix() — was calling itself
instead of extracting from $data array
- Fix SQL injection in actionResetAdmin() — prefix not validated,
now uses getValidatedPrefix()
High:
- Fix prefix abstraction to cover FK REFERENCES — str_replace now
targets backtick+prefix pattern to catch all table references in
CREATE TABLE output, not just the current table name
Medium:
- Security gate file write check — skip verification gracefully if
file cannot be written (don't lock user out)
- Stepped notification catch \Throwable instead of \Exception
2026-06-18 10:56:02 -05:00
682538e4de
chore(version): pre-release bump to 01.22.08-dev [skip ci]
2026-06-18 15:42:29 +00:00
b2874f32f2
feat: abstract DB prefix, stepped checksum, restore security gate
...
Generic: Project CI / Tests (push) Blocked by required conditions
Generic: Project CI / Tests (pull_request) Blocked by required conditions
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions
Generic: Repo Health / Scripts governance (push) Blocked by required conditions
Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions
Generic: Repo Health / Repository health (push) Blocked by required conditions
Joomla: Extension CI / Build RC Pre-Release (pull_request) Blocked by required conditions
Generic: Repo Health / Report Issues (push) Blocked by required conditions
Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions
Universal: PR Check / Report Issues (pull_request) Blocked by required conditions
Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions
Generic: Repo Health / Repository health (pull_request) Blocked by required conditions
Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 1s
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 4s
Generic: Repo Health / Access control (pull_request) Successful in 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 6s
Universal: PR Check / Validate PR (pull_request) Failing after 7s
Universal: Auto Version Bump / Version Bump (push) Successful in 3s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 6s
Generic: Project CI / Lint & Validate (pull_request) Successful in 32s
Generic: Project CI / Lint & Validate (push) Successful in 32s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 35s
Database prefix abstraction:
- DatabaseDumper uses #__ placeholder instead of live prefix in all
SQL output (DROP TABLE, CREATE TABLE, INSERT INTO)
- SteppedBackupEngine::dumpSingleTable() same #__ replacement
- DatabaseImporter replaces #__ with current site prefix on import
- MokoRestore replaces #__ with user-specified prefix on import
- Backups are now portable across sites with different prefixes
Stepped backup checksum:
- completeRecord() now computes and stores SHA-256 checksum
MokoRestore security gate:
- Writes .mokorestore-security.php with random 8-char code to site root
- User must read code from filesystem and enter it in browser
- Proves filesystem access before any restore actions are allowed
- Security file auto-deleted after successful verification
- All AJAX actions blocked until verification completes
2026-06-18 10:42:10 -05:00
b3e7c8ec72
chore(version): pre-release bump to 01.22.07-dev [skip ci]
2026-06-18 15:27:08 +00:00
9656a2a92b
fix: PR #46 review — error handling, failure notifications, cleanup
...
Generic: Project CI / Tests (push) Blocked by required conditions
Generic: Project CI / Tests (pull_request) Blocked by required conditions
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions
Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions
Joomla: Extension CI / Build RC Pre-Release (pull_request) Blocked by required conditions
Generic: Repo Health / Scripts governance (push) Blocked by required conditions
Generic: Repo Health / Repository health (push) Blocked by required conditions
Generic: Repo Health / Report Issues (push) Blocked by required conditions
Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions
Universal: PR Check / Report Issues (pull_request) Blocked by required conditions
Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions
Generic: Repo Health / Repository health (pull_request) Blocked by required conditions
Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions
Generic: Repo Health / Access control (push) Successful in 1s
Generic: Repo Health / Site Health (push) Has been skipped
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 7s
Generic: Project CI / Lint & Validate (push) Successful in 11s
Universal: Auto Version Bump / Version Bump (push) Successful in 4s
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 10s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 2s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 8s
Universal: PR Check / Validate PR (pull_request) Failing after 8s
Generic: Project CI / Lint & Validate (pull_request) Successful in 35s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 38s
Critical:
- Wrap cleanupOldBackups() in try-catch to prevent admin panel crash
- Add missing fields (total_size, files_count, etc.) to failure record
so failure notifications actually send
High:
- Log unlink failures in deleteBackupRecord() instead of silent return
- Wrap DB delete in try-catch so one failed record doesn't abort loop
- Check for ext-curl before calling curl_init() in sendNtfy()
Medium:
- Change runPreActionBackup catch from \Exception to \Throwable
- Log warning for skipped files during archive encryption
- Truncate ntfy response body in error logs (200 chars max)
2026-06-18 10:26:48 -05:00
f47a99636b
chore(version): pre-release bump to 01.22.06-dev [skip ci]
2026-06-18 15:19:59 +00:00
36ec6dd5a3
fix: notifications for AJAX backups, download CSRF token
...
Generic: Project CI / Tests (push) Blocked by required conditions
Generic: Project CI / Tests (pull_request) Blocked by required conditions
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions
Generic: Repo Health / Scripts governance (push) Blocked by required conditions
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions
Generic: Repo Health / Repository health (push) Blocked by required conditions
Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions
Joomla: Extension CI / Build RC Pre-Release (pull_request) Blocked by required conditions
Generic: Repo Health / Report Issues (push) Blocked by required conditions
Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions
Universal: PR Check / Report Issues (pull_request) Blocked by required conditions
Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions
Generic: Repo Health / Repository health (pull_request) Blocked by required conditions
Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 1s
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Universal: Auto Version Bump / Version Bump (push) Successful in 4s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 4s
Generic: Repo Health / Access control (pull_request) Successful in 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 7s
Generic: Project CI / Lint & Validate (push) Successful in 11s
Generic: Project CI / Lint & Validate (pull_request) Successful in 11s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 12s
Universal: PR Check / Validate PR (pull_request) Failing after 48s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 54s
SteppedBackupEngine now sends email + ntfy notifications on both
success (completeRecord) and failure (failRecord). Previously only
BackupEngine (synchronous CLI/toolbar path) sent notifications.
Download link in backups template now includes the CSRF token in
the URL query string, fixing "security token did not match" error
when clicking download buttons.
2026-06-18 10:19:43 -05:00
6810edcd7f
chore(version): pre-release bump to 01.22.05-dev [skip ci]
2026-06-18 14:35:16 +00:00
b2eab66d27
fix: include backup_type and archivename in notification record
...
Generic: Project CI / Tests (push) Blocked by required conditions
Generic: Repo Health / Scripts governance (push) Blocked by required conditions
Generic: Repo Health / Repository health (push) Blocked by required conditions
Generic: Repo Health / Report Issues (push) Blocked by required conditions
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 1s
Universal: Auto Version Bump / Version Bump (push) Successful in 4s
Generic: Project CI / Lint & Validate (push) Successful in 18s
The update object passed to NotificationSender only had fields
being updated in the DB (total_size, checksum, etc). It was missing
backup_type, archivename, description, origin, and backupstart —
which are set on the initial insert and don't change. This caused
ntfy notifications to show empty Type and Archive fields.
2026-06-18 09:31:51 -05:00
ee48b150f5
chore(version): pre-release bump to 01.22.04-dev [skip ci]
2026-06-18 14:12:38 +00:00
2c58ebed38
chore(version): pre-release bump to 01.22.03-dev [skip ci]
2026-06-18 14:10:46 +00:00
2a4676c999
fix: expand PHP extension checks ( #22 )
...
Generic: Project CI / Tests (push) Blocked by required conditions
Generic: Repo Health / Scripts governance (push) Blocked by required conditions
Generic: Repo Health / Repository health (push) Blocked by required conditions
Generic: Repo Health / Report Issues (push) Blocked by required conditions
Generic: Repo Health / Access control (push) Successful in 1s
Generic: Repo Health / Site Health (push) Has been skipped
Universal: Auto Version Bump / Version Bump (push) Successful in 4s
Generic: Project CI / Lint & Validate (push) Successful in 8s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 5s
BackupEngine: check ext-zip, ext-pdo, ext-pdo_mysql, ext-mbstring
before running (was only zip + mbstring).
Installer preflight: warn about missing extensions (zip, pdo,
pdo_mysql, mbstring, curl) during install/update. Warns but does
not block installation so the component can still be configured.
MokoRestore already checks ext-zip, ext-pdo_mysql, ext-mbstring,
ext-json in its preflight step.
composer.json already declares all six extensions as requirements
(zip, pdo, pdo_mysql, curl, ftp, mbstring) — composer install
fails if any are missing, which CI enforces.
Closes #22
2026-06-18 09:10:35 -05:00
b3928915fe
chore(version): pre-release bump to 01.22.02-dev [skip ci]
2026-06-18 13:19:05 +00:00
dd09b65cc4
chore(version): pre-release bump to 01.22.01-dev [skip ci]
2026-06-17 16:42:27 +00:00
9a908e2e3c
chore(version): pre-release bump to 01.22.00-rc [skip ci]
2026-06-17 07:57:03 +00:00
d8367d7beb
chore(version): pre-release bump to 01.21.01-dev [skip ci]
2026-06-17 07:56:07 +00:00
11141f27f4
feat: per-profile backup retention (days and count)
...
Generic: Repo Health / Access control (push) Successful in 1s
Generic: Repo Health / Site Health (push) Has been skipped
Universal: Auto Version Bump / Version Bump (push) Successful in 3s
Generic: Project CI / Lint & Validate (push) Successful in 8s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 6s
Generic: Project CI / Tests (push) Has been cancelled
Generic: Repo Health / Scripts governance (push) Has been cancelled
Generic: Repo Health / Repository health (push) Has been cancelled
Generic: Repo Health / Report Issues (push) Has been cancelled
Each profile can now set its own retention_days and retention_count.
A value of 0 means use the global default from component options.
Cleanup logic refactored to iterate per-profile with individual
retention thresholds. Also cleans up orphaned records where the
parent profile was deleted. Log files alongside archives are now
removed during cleanup.
Extracted deleteBackupRecord() helper for consistent file+DB cleanup.
2026-06-17 02:55:55 -05:00
gitea-actions[bot]