jmiller d9087ac420 fix: harden input handling and output safety (#79)
- canonical_url: sanitize via sanitizeUrl() (scheme allowlist) instead of
  bare trim() — closes stored-XSS via addHeadLink() on the public frontend
- AI endpoint: replace die('Invalid Token') with a clean event result,
  and strip_tags + truncate article_title to 200 chars before use
- SitemapBuilder: whitelist changefreq against the sitemap spec enum,
  intval() noindex IDs, strict in_array comparison
- MokoOG: log a WARNING when sitemap.xml write fails instead of ignoring it

(cherry picked from commit b77054b769)
2026-06-29 01:39:13 -05:00

Contributing to MokoJoomOpenGraph

Thank you for your interest in contributing to MokoJoomOpenGraph.

Getting Started

  1. Fork the repository on Gitea
  2. Create a feature branch from dev (feature/your-feature)
  3. Make your changes following the coding standards below
  4. Submit a pull request targeting dev

Branch Strategy

  • main — stable releases only
  • dev — active development
  • feature/* — new features (target dev)
  • fix/* — bug fixes (target dev)
  • hotfix/* — urgent fixes (target dev or main)

Coding Standards

  • PHP 8.1+ required
  • Follow Joomla coding standards
  • SPDX license headers on all PHP files
  • Use SubscriberInterface for event subscription
  • Use bind() -> check() -> store() for Table operations

Reporting Issues

Report bugs and feature requests via Issues.

License

By contributing, you agree that your contributions will be licensed under GPL-3.0-or-later.

2026-06-29 16:27:36 +00:00
Languages
PHP 87.4%
JavaScript 9%
CSS 2.4%
HTML 1.2%