MokoConsulting/MokoGitea-Fork
1
0
Fork 0
Code Issues 156 Pull Requests Releases 96 Wiki Activity

fix: Joomla update server — element names, platform gating, domain race #637

Closed
jmiller wants to merge 0 commits from fix into main
pull from: fix
merge into: :main
Conversation 0 Commits - Files Changed -
+104 -80
jmiller commented 2026-06-18 14:16:24 +00:00
Owner
Copy Link
Copy Source

Summary

Four fixes for the Joomla update server system:

1. Element name derivation (#635)

AutoElementName() was using the manifest Name field verbatim, producing pkg_MokoSuiteBackup instead of pkg_mokosuitebackup. Joomla's updater matches by element + type + client_id in #__extensions, so the case mismatch made updates invisible.

  • Lowercase name and strip hyphens in AutoElementName()
  • Remove incorrect plg_ prefix for plugins (Joomla plugins have no element prefix)

2. Changelog element mismatch

changelog.xml resolved the element name only from the config table, while updates.xml uses the manifest as primary source. This caused mismatched <element> values between the two feeds, breaking Joomla's changelog popup.

  • Now uses the same manifest-first resolution priority as updates.xml

3. Platform gating

ServeUpdatesXML only blocked dolibarr, meaning WordPress/PrestaShop/Drupal/WHMCS repos incorrectly served Joomla XML responses.

  • Now only serves Joomla XML when platform is joomla, both, or unset

4. Domain auto-association race condition

The domain count check and insert in ValidateLicenseKey were not atomic — concurrent requests from different domains could both pass the MaxSites check and exceed the limit.

  • Wrapped in db.WithTx for atomicity
  • Removed duplicate unreachable site-limit check (dead code)
  • Extracted to validateAndAssociateDomain() for readability

Test plan

  • AutoElementName() returns pkg_mokosuitebackup for Name=MokoSuiteBackup, PackageType=package
  • Plugins return just lowername with no prefix
  • changelog.xml and updates.xml emit matching <element> values
  • WordPress-platform repos return 404 for /updates.xml
  • Concurrent domain registrations respect MaxSites limit

Fixes #635

## Summary Four fixes for the Joomla update server system: ### 1. Element name derivation (#635) `AutoElementName()` was using the manifest Name field verbatim, producing `pkg_MokoSuiteBackup` instead of `pkg_mokosuitebackup`. Joomla's updater matches by `element + type + client_id` in `#__extensions`, so the case mismatch made updates invisible. - Lowercase name and strip hyphens in `AutoElementName()` - Remove incorrect `plg_` prefix for plugins (Joomla plugins have no element prefix) ### 2. Changelog element mismatch `changelog.xml` resolved the element name only from the config table, while `updates.xml` uses the manifest as primary source. This caused mismatched `<element>` values between the two feeds, breaking Joomla's changelog popup. - Now uses the same manifest-first resolution priority as `updates.xml` ### 3. Platform gating `ServeUpdatesXML` only blocked `dolibarr`, meaning WordPress/PrestaShop/Drupal/WHMCS repos incorrectly served Joomla XML responses. - Now only serves Joomla XML when platform is `joomla`, `both`, or unset ### 4. Domain auto-association race condition The domain count check and insert in `ValidateLicenseKey` were not atomic — concurrent requests from different domains could both pass the MaxSites check and exceed the limit. - Wrapped in `db.WithTx` for atomicity - Removed duplicate unreachable site-limit check (dead code) - Extracted to `validateAndAssociateDomain()` for readability ## Test plan - [ ] `AutoElementName()` returns `pkg_mokosuitebackup` for Name=`MokoSuiteBackup`, PackageType=`package` - [ ] Plugins return just `lowername` with no prefix - [ ] `changelog.xml` and `updates.xml` emit matching `<element>` values - [ ] WordPress-platform repos return 404 for `/updates.xml` - [ ] Concurrent domain registrations respect MaxSites limit Fixes #635
jmiller added 3 commits 2026-06-18 14:16:25 +00:00
chore(version): pre-release bump to 06.13.03-dev [skip ci] 0a0d7b704d
fix: derive Joomla element name with correct lowercase + type prefix
Branch Policy Check / Verify merge target (pull_request) Successful in 2s
Details
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 10s
Details
Generic: Repo Health / Site Health (pull_request) Has been skipped
Details
Generic: Repo Health / Access control (pull_request) Successful in 1s
Details
Generic: Project CI / Lint & Validate (pull_request) Successful in 32s
Details
Generic: Repo Health / Site Health (push) Has been skipped
Details
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
Details
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Details
Generic: Repo Health / Access control (push) Successful in 2s
Details
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 41s
Details
PR RC Release / Build RC Release (pull_request) Failing after 34s
Details
Universal: Auto Version Bump / Version Bump (push) Successful in 4s
Details
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 1m46s
Details
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Details
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped
Details
Generic: Project CI / Tests (pull_request) Has been cancelled
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Details
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Details
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (push) Has been cancelled
Details
Generic: Repo Health / Repository health (push) Has been cancelled
Details
Generic: Repo Health / Report Issues (push) Has been cancelled
Details
73a1320d72 
AutoElementName() was using the manifest Name field verbatim, producing
element names like "pkg_MokoSuiteBackup" instead of "pkg_mokosuitebackup".
Joomla's updater matches by element+type+client_id in #__extensions, so
the case mismatch made updates invisible.

Changes:
- Lowercase name and strip hyphens in AutoElementName()
- Remove incorrect "plg_" prefix for plugins (Joomla plugins have no
  element prefix; the folder column determines the plugin group)

Fixes #635
fix: changelog element mismatch, platform gating, domain race condition
Branch Policy Check / Verify merge target (pull_request) Successful in 1s
Details
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Details
Generic: Repo Health / Site Health (pull_request) Has been skipped
Details
Generic: Repo Health / Access control (pull_request) Successful in 1s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 8s
Details
Generic: Repo Health / Access control (push) Successful in 1s
Details
Generic: Repo Health / Site Health (push) Has been skipped
Details
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
Details
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Details
Universal: Auto Version Bump / Version Bump (push) Successful in 6s
Details
Generic: Project CI / Lint & Validate (pull_request) Successful in 39s
Details
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 1m12s
Details
PR RC Release / Build RC Release (pull_request) Failing after 1m10s
Details
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 2m1s
Details
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Details
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped
Details
Generic: Project CI / Tests (pull_request) Has been cancelled
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Details
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Details
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (push) Has been cancelled
Details
Generic: Repo Health / Repository health (push) Has been cancelled
Details
Generic: Repo Health / Report Issues (push) Has been cancelled
Details
a83d2ee3bd 
Three fixes for the Joomla update server system:

1. changelog_xml.go: Resolve element name from manifest first (same
   priority as updates.xml) so changelog.xml and updates.xml emit
   matching <element> values. Previously only checked the config table.

2. updateserver.go: Only serve Joomla XML when platform is joomla,
   both, or unset. Previously only blocked dolibarr, meaning WordPress/
   PrestaShop/Drupal/WHMCS repos incorrectly served Joomla XML.

3. license_key.go: Wrap domain auto-association in db.WithTx to prevent
   TOCTOU race where concurrent requests from different domains could
   exceed MaxSites. Also removes a duplicate site-limit check that was
   unreachable dead code.
jmiller closed this pull request 2026-06-18 14:16:37 +00:00
jmiller deleted branch fix 2026-06-18 14:16:38 +00:00

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
breaking-change
Breaking API or behavior change
 ci-cd
CI/CD pipeline changes
 config
Configuration changes
 dependencies
Dependency updates
 deploy-failure
Deployment failed
 docker
Docker/container changes
 documentation
Documentation changes
 feature: wiki
Wiki system enhancements
 good first issue
Good for newcomers
 health-check
Repo health check result
 help wanted
Extra attention needed
 mokostandards
Related to MokoStandards framework
 push-failure
Git push operation failed
 security
Security vulnerability or hardening
 size/l
200-500 lines changed
 size/m
50-200 lines changed
 size/s
10-50 lines changed
 size/xl
500+ lines changed
 size/xs
< 10 lines changed
 standards-drift
Deviates from MokoStandards
 standards-update
MokoStandards compliance update
 sync-failure
Sync or mirror failed
 tech-debt
Technical debt and TODO/FIXME items
 upstream
upstream
Inherited from upstream Gitea
 work-in-progress
Draft or incomplete work
No labels
Priority -
Type -
Milestone
No items
No Milestone
Assignees
Clear assignees
jmiller (Jonathan Miller) moko-deploy (Moko Deploy Bot)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: MokoConsulting/MokoGitea-Fork#637
Delete Branch "fix"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?