fix: resolve 10 critical/medium bugs from deep dive audit #252

Open
jmiller wants to merge 2 commits from fix/deep-dive-critical into dev
Owner

Summary

Fixes 10 bugs identified during the deep dive codebase audit:

Critical

  • deleteFromPlatforms() used json_decode instead of CredentialHelper::decrypt() -- delete-on-unpublish silently failed for encrypted credentials (#226)
  • deleteFromPlatforms() used deprecated triggerEvent() instead of Joomla 6-compatible getDispatcher()->dispatch() (#228)

Medium

  • PostsController: retryFailed() and purgePosted() missing ACL checks (#224)
  • QueueProcessor: posts stuck in posting status > 10 min now auto-recover to queued (#235)
  • onContentChangeState: did not respect post_on_first_publish_only setting (#238)
  • Uninstall SQL missing analytics and category_rules table drops (#225)
  • Dashboard and Calendar views used deprecated Sidebar::render() (#250)
  • AnalyticsHelper AJAX endpoints queried empty analytics table instead of posts table (#246)
  • addSubmenu() had duplicate calendar key, hiding logs entry (#248)

Chore

  • CHANGELOG had 3 duplicate version headers (#240)

Closes #224 #225 #226 #228 #235 #238 #240 #246 #248 #250

Test plan

  • Unpublish an article with posted cross-posts -- verify delete-from-platforms works
  • Toggle article state from list view -- verify first-publish-only is respected
  • Check retryFailed/purgePosted require queue.manage permission
  • Verify Analytics heatmap AJAX returns real data from posts table
  • Verify submenu shows all items (dashboard, posts, services, templates, calendar, analytics, logs)
  • Uninstall and verify all 6 tables are dropped
## Summary Fixes 10 bugs identified during the deep dive codebase audit: **Critical** - `deleteFromPlatforms()` used `json_decode` instead of `CredentialHelper::decrypt()` -- delete-on-unpublish silently failed for encrypted credentials (#226) - `deleteFromPlatforms()` used deprecated `triggerEvent()` instead of Joomla 6-compatible `getDispatcher()->dispatch()` (#228) **Medium** - `PostsController`: `retryFailed()` and `purgePosted()` missing ACL checks (#224) - `QueueProcessor`: posts stuck in `posting` status > 10 min now auto-recover to `queued` (#235) - `onContentChangeState`: did not respect `post_on_first_publish_only` setting (#238) - Uninstall SQL missing `analytics` and `category_rules` table drops (#225) - Dashboard and Calendar views used deprecated `Sidebar::render()` (#250) - `AnalyticsHelper` AJAX endpoints queried empty `analytics` table instead of `posts` table (#246) - `addSubmenu()` had duplicate `calendar` key, hiding logs entry (#248) **Chore** - CHANGELOG had 3 duplicate version headers (#240) Closes #224 #225 #226 #228 #235 #238 #240 #246 #248 #250 ## Test plan - [ ] Unpublish an article with posted cross-posts -- verify delete-from-platforms works - [ ] Toggle article state from list view -- verify first-publish-only is respected - [ ] Check retryFailed/purgePosted require queue.manage permission - [ ] Verify Analytics heatmap AJAX returns real data from posts table - [ ] Verify submenu shows all items (dashboard, posts, services, templates, calendar, analytics, logs) - [ ] Uninstall and verify all 6 tables are dropped
jmiller added 2 commits 2026-06-29 16:28:53 +00:00
fix: resolve 10 critical/medium bugs from deep dive audit
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 11s
d6848e6b90
- deleteFromPlatforms(): use CredentialHelper::decrypt() + Joomla 6
  dispatcher pattern instead of json_decode + deprecated triggerEvent (#226, #228)
- PostsController: add ACL checks on retryFailed/purgePosted (#224)
- QueueProcessor: recover stale posting entries stuck >10min (#235)
- onContentChangeState: respect post_on_first_publish_only (#238)
- Uninstall SQL: add analytics + category_rules table drops (#225)
- Dashboard/Calendar: remove deprecated Sidebar::render() (#250)
- AnalyticsHelper: rewrite AJAX endpoints to query posts table (#246)
- Submenu helper: remove duplicate calendar key (#248)
- CHANGELOG: remove 3 duplicate version headers (#240)

Authored-by: Moko Consulting

Claude-Session: https://claude.ai/code/session_014iwLv3vUVsSxP8LyZ6STTj
This pull request has changes conflicting with the target branch.
  • .mokogitea/workflows/issue-branch.yml
  • CODE_OF_CONDUCT.md
  • GOVERNANCE.md
  • README.md
  • SECURITY.md
  • source/packages/com_mokosuitecross/mokosuitecross.xml
  • source/packages/plg_content_mokosuitecross/mokosuitecross.xml
  • source/packages/plg_mokosuitecross_activitypub/activitypub.xml
  • source/packages/plg_mokosuitecross_blogger/blogger.xml
  • source/packages/plg_mokosuitecross_bluesky/bluesky.xml
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin fix/deep-dive-critical:fix/deep-dive-critical
git checkout fix/deep-dive-critical
Sign in to join this conversation.
No Reviewers
No labels
Priority -
Type -
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: MokoConsulting/MokoSuiteCross#252