fix: address PR review findings — security, performance, cleanup
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 10s
Universal: Auto Version Bump / Version Bump (push) Successful in 15s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 15s
Universal: PR Check / Branch Policy (pull_request) Successful in 3s
Universal: PR Check / Validate PR (pull_request) Failing after 7s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 29s
Generic: Project CI / Lint & Validate (pull_request) Successful in 51s
Platform: moko-platform CI / Gate 1: Code Quality (push) Failing after 52s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 52s
Generic: Repo Health / Access control (pull_request) Successful in 1s
Platform: moko-platform CI / Gate 1: Code Quality (pull_request) Failing after 1m1s
Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Successful in 41s
Platform: moko-platform CI / Gate 2: Unit Tests (8.1) (push) Has been cancelled
Platform: moko-platform CI / Gate 2: Unit Tests (8.2) (push) Has been cancelled
Platform: moko-platform CI / Gate 2: Unit Tests (8.3) (push) Has been cancelled
Platform: moko-platform CI / Gate 3: Self-Health Check (push) Has been cancelled
Platform: moko-platform CI / Gate 4: Governance (push) Has been cancelled
Platform: moko-platform CI / Gate 5: Template Integrity (push) Has been cancelled
Platform: moko-platform CI / CI Summary (push) Has been cancelled
Generic: Project CI / Tests (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled
Platform: moko-platform CI / Gate 2: Unit Tests (8.1) (pull_request) Has been cancelled
Platform: moko-platform CI / Gate 2: Unit Tests (8.2) (pull_request) Has been cancelled
Platform: moko-platform CI / Gate 2: Unit Tests (8.3) (pull_request) Has been cancelled
Platform: moko-platform CI / Gate 3: Self-Health Check (pull_request) Has been cancelled
Platform: moko-platform CI / Gate 4: Governance (pull_request) Has been cancelled
Platform: moko-platform CI / Gate 5: Template Integrity (pull_request) Has been cancelled
Platform: moko-platform CI / CI Summary (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 10s
Universal: Auto Version Bump / Version Bump (push) Successful in 15s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 15s
Universal: PR Check / Branch Policy (pull_request) Successful in 3s
Universal: PR Check / Validate PR (pull_request) Failing after 7s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 29s
Generic: Project CI / Lint & Validate (pull_request) Successful in 51s
Platform: moko-platform CI / Gate 1: Code Quality (push) Failing after 52s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 52s
Generic: Repo Health / Access control (pull_request) Successful in 1s
Platform: moko-platform CI / Gate 1: Code Quality (pull_request) Failing after 1m1s
Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Successful in 41s
Platform: moko-platform CI / Gate 2: Unit Tests (8.1) (push) Has been cancelled
Platform: moko-platform CI / Gate 2: Unit Tests (8.2) (push) Has been cancelled
Platform: moko-platform CI / Gate 2: Unit Tests (8.3) (push) Has been cancelled
Platform: moko-platform CI / Gate 3: Self-Health Check (push) Has been cancelled
Platform: moko-platform CI / Gate 4: Governance (push) Has been cancelled
Platform: moko-platform CI / Gate 5: Template Integrity (push) Has been cancelled
Platform: moko-platform CI / CI Summary (push) Has been cancelled
Generic: Project CI / Tests (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled
Platform: moko-platform CI / Gate 2: Unit Tests (8.1) (pull_request) Has been cancelled
Platform: moko-platform CI / Gate 2: Unit Tests (8.2) (pull_request) Has been cancelled
Platform: moko-platform CI / Gate 2: Unit Tests (8.3) (pull_request) Has been cancelled
Platform: moko-platform CI / Gate 3: Self-Health Check (pull_request) Has been cancelled
Platform: moko-platform CI / Gate 4: Governance (pull_request) Has been cancelled
Platform: moko-platform CI / Gate 5: Template Integrity (pull_request) Has been cancelled
Platform: moko-platform CI / CI Summary (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
- togglePlugin: restrict scope to mokosuiteclient plugins only (was any plugin) - DevTools: replace full-table hits reset on every request with config toggle - CurrentIpField: prefer REMOTE_ADDR over spoofable X-Forwarded-For - SQL: explicit (int) cast on $days interpolation in chart queries - Heartbeat: enable SSL peer verification (was disabled) - script.php: remove orphaned docblock
This commit is contained in:
Jonathan Miller
@@ -204,7 +204,7 @@ class DisplayController extends BaseController
|
||||
CURLOPT_RETURNTRANSFER => true,
|
||||
CURLOPT_TIMEOUT => 15,
|
||||
CURLOPT_FOLLOWLOCATION => true,
|
||||
CURLOPT_SSL_VERIFYPEER => false,
|
||||
CURLOPT_SSL_VERIFYPEER => true,
|
||||
]);
|
||||
|
||||
$response = curl_exec($ch);
|
||||
|
||||
@@ -277,7 +277,9 @@ class DashboardModel extends BaseDatabaseModel
|
||||
->select([$db->quoteName('element'), $db->quoteName('protected')])
|
||||
->from($db->quoteName('#__extensions'))
|
||||
->where($db->quoteName('extension_id') . ' = ' . $extensionId)
|
||||
->where($db->quoteName('type') . ' = ' . $db->quote('plugin'));
|
||||
->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
|
||||
->where('(' . $db->quoteName('element') . ' = ' . $db->quote('mokosuiteclient')
|
||||
. ' OR ' . $db->quoteName('element') . ' LIKE ' . $db->quote('mokosuiteclient\\_%') . ')');
|
||||
$db->setQuery($query);
|
||||
$ext = $db->loadObject();
|
||||
|
||||
@@ -568,7 +570,7 @@ class DashboardModel extends BaseDatabaseModel
|
||||
$db->setQuery(
|
||||
"SELECT DATE(" . $db->quoteName('created') . ") AS day, COUNT(*) AS total"
|
||||
. " FROM " . $db->quoteName('#__mokosuiteclient_waf_log')
|
||||
. " WHERE " . $db->quoteName('created') . " >= DATE_SUB(NOW(), INTERVAL $days DAY)"
|
||||
. " WHERE " . $db->quoteName('created') . " >= DATE_SUB(NOW(), INTERVAL " . (int) $days . " DAY)"
|
||||
. " GROUP BY day ORDER BY day"
|
||||
);
|
||||
$rows = $db->loadObjectList() ?: [];
|
||||
@@ -609,7 +611,7 @@ class DashboardModel extends BaseDatabaseModel
|
||||
"SELECT DATE(" . $db->quoteName('log_date') . ") AS day, COUNT(*) AS total"
|
||||
. " FROM " . $db->quoteName('#__action_logs')
|
||||
. " WHERE " . $db->quoteName('message_language_key') . " = 'PLG_ACTIONLOG_JOOMLA_USER_LOGGED_IN'"
|
||||
. " AND " . $db->quoteName('log_date') . " >= DATE_SUB(NOW(), INTERVAL $days DAY)"
|
||||
. " AND " . $db->quoteName('log_date') . " >= DATE_SUB(NOW(), INTERVAL " . (int) $days . " DAY)"
|
||||
. " GROUP BY day ORDER BY day"
|
||||
);
|
||||
$rows = $db->loadObjectList() ?: [];
|
||||
|
||||
@@ -58,21 +58,8 @@ class DevTools extends CMSPlugin implements SubscriberInterface
|
||||
$config->set('offline', 1);
|
||||
}
|
||||
|
||||
// Suppress hit recording
|
||||
try
|
||||
{
|
||||
$db = Factory::getDbo();
|
||||
$db->setQuery(
|
||||
$db->getQuery(true)
|
||||
->update($db->quoteName('#__content'))
|
||||
->set($db->quoteName('hits') . ' = 0')
|
||||
->where($db->quoteName('hits') . ' > 0')
|
||||
)->execute();
|
||||
}
|
||||
catch (\Throwable $e)
|
||||
{
|
||||
// Silent
|
||||
}
|
||||
// Suppress hit recording by disabling the content hit counter
|
||||
$config->set('record_hits', 0);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -20,23 +20,29 @@ class CurrentIpField extends FormField
|
||||
|
||||
protected function getInput(): string
|
||||
{
|
||||
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'] ?? '';
|
||||
$ip = $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0';
|
||||
$forwarded = '';
|
||||
|
||||
if (!empty($ip))
|
||||
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
||||
{
|
||||
$ip = trim(explode(',', $ip)[0]);
|
||||
$candidate = trim(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])[0]);
|
||||
if (filter_var($candidate, FILTER_VALIDATE_IP))
|
||||
{
|
||||
$forwarded = $candidate;
|
||||
}
|
||||
}
|
||||
|
||||
if (empty($ip))
|
||||
{
|
||||
$ip = $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0';
|
||||
}
|
||||
|
||||
return '<div class="d-flex align-items-center gap-2">'
|
||||
$html = '<div class="d-flex align-items-center gap-2">'
|
||||
. '<code style="font-size:1.1rem;padding:0.4rem 0.8rem;background:#f8f9fa;border:1px solid #dee2e6;border-radius:4px;" id="mokosuiteclient-current-ip">'
|
||||
. htmlspecialchars($ip)
|
||||
. '</code>'
|
||||
. '<button type="button" class="btn btn-sm btn-outline-secondary" onclick="navigator.clipboard.writeText(document.getElementById(\'mokosuiteclient-current-ip\').textContent.trim()).then(function(){this.textContent=\'Copied!\';var b=this;setTimeout(function(){b.textContent=\'Copy\'},1500)}.bind(this))" title="Copy IP to clipboard">Copy</button>'
|
||||
. '</div>';
|
||||
. '<button type="button" class="btn btn-sm btn-outline-secondary" onclick="navigator.clipboard.writeText(document.getElementById(\'mokosuiteclient-current-ip\').textContent.trim()).then(function(){this.textContent=\'Copied!\';var b=this;setTimeout(function(){b.textContent=\'Copy\'},1500)}.bind(this))" title="Copy IP to clipboard">Copy</button>';
|
||||
|
||||
if ($forwarded && $forwarded !== $ip)
|
||||
{
|
||||
$html .= '<span class="text-muted small ms-2">Proxy: <code>' . htmlspecialchars($forwarded) . '</code></span>';
|
||||
}
|
||||
|
||||
return $html . '</div>';
|
||||
}
|
||||
}
|
||||
|
||||
@@ -22,16 +22,6 @@ use Joomla\CMS\Log\Log;
|
||||
*/
|
||||
class Pkg_MokosuiteclientInstallerScript
|
||||
{
|
||||
/**
|
||||
* Runs after package installation/update.
|
||||
*
|
||||
* @param string $type Installation type
|
||||
* @param InstallerAdapter $parent Parent installer
|
||||
*
|
||||
* @return void
|
||||
*
|
||||
* @since 2.2.0
|
||||
*/
|
||||
/**
|
||||
* Runs before package installation/update.
|
||||
*
|
||||
|
||||
Reference in New Issue
Block a user