MokoConsulting/MokoJoomBackup
1
0
Fork 0
Code Issues 5 Pull Requests Packages Projects Releases 3 Wiki Activity

Release v01.05.00 — dashboard menu, [DEFAULT_DIR], live validation, security hardening #42

Merged
jmiller merged 8 commits from rc into main 2026-06-07 14:23:05 +00:00
Conversation 0 Commits 8 Files Changed 29
+401 -62
jmiller commented 2026-06-07 14:22:47 +00:00
Owner
Copy Link
Copy Source

Summary

  • Dashboard submenu entry with FA6 icon injection
  • [DEFAULT_DIR] placeholder for portable backup directory config
  • Live AJAX directory validation on backup_dir field
  • .htaccess protection (Apache 2.2 + 2.4) on profile save and backup time
  • Security hardening: ACL checks, traversal guards, error logging, fetch error handling

Review

Two review agents ran (code-reviewer, silent-failure-hunter). All critical and high findings addressed.

## Summary - Dashboard submenu entry with FA6 icon injection - `[DEFAULT_DIR]` placeholder for portable backup directory config - Live AJAX directory validation on backup_dir field - `.htaccess` protection (Apache 2.2 + 2.4) on profile save and backup time - Security hardening: ACL checks, traversal guards, error logging, fetch error handling ## Review Two review agents ran (code-reviewer, silent-failure-hunter). All critical and high findings addressed.
jmiller added 8 commits 2026-06-07 14:22:48 +00:00
feat: add dashboard menu, [DEFAULT_DIR] placeholder, live dir validation, and backup security
Generic: Repo Health / Scripts governance (push) Blocked by required conditions
Details
Generic: Repo Health / Repository health (push) Blocked by required conditions
Details
Generic: Repo Health / Report Issues (push) Blocked by required conditions
Details
Generic: Repo Health / Site Health (push) Has been skipped
Details
Generic: Repo Health / Access control (push) Successful in 1s
Details
Universal: Auto Version Bump / Version Bump (push) Successful in 8s
Details
608aeb3641 
- Add Dashboard as first submenu entry in component manifest
- Add [DEFAULT_DIR] placeholder to PlaceholderResolver for portable profiles
- Add live AJAX directory permission checking on backup_dir field changes
- Add web-accessible warning badge on backup download buttons
- Auto-create .htaccess protection in web-accessible backup dirs on profile save
- Auto-create .htaccess protection at backup time in both engines
- Add checkDir AJAX endpoint for real-time directory validation
- Fix script.php warnMissingLicenseKey running on uninstall
chore(version): pre-release bump to 01.04.01-dev [skip ci] 3ee620eca1
feat: add submenu icons via FA6 CSS injection and sync menu icons on install
Generic: Repo Health / Scripts governance (push) Blocked by required conditions
Details
Generic: Repo Health / Repository health (push) Blocked by required conditions
Details
Generic: Repo Health / Report Issues (push) Blocked by required conditions
Details
Generic: Repo Health / Site Health (push) Has been skipped
Details
Generic: Repo Health / Access control (push) Successful in 1s
Details
Universal: Auto Version Bump / Version Bump (push) Successful in 7s
Details
6e18c77670 
- Inject Font Awesome 6 icons for Dashboard, Backups, and Profiles submenu
  items via MokoJoomBackupComponent::boot() using WebAssetManager
- Add syncMenuIcons() to installer script to set img column in #__menu
  on both install and update (Joomla doesn't refresh icons on upgrade)
- Add encryptionPassword property to SteppedSession for stepped backup
  encryption support
chore(version): pre-release bump to 01.04.02-dev [skip ci] 3339eac9de
docs: update changelog with all unreleased changes for v01.05.00
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions
Details
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions
Details
Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions
Details
Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions
Details
Universal: PR Check / Report Issues (pull_request) Blocked by required conditions
Details
Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions
Details
Generic: Repo Health / Repository health (pull_request) Blocked by required conditions
Details
Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions
Details
Generic: Repo Health / Site Health (pull_request) Has been skipped
Details
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Details
Generic: Repo Health / Access control (pull_request) Successful in 2s
Details
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 8s
Details
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 8s
Details
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 10s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 12s
Details
Generic: Repo Health / Scripts governance (push) Blocked by required conditions
Details
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || 'development' }}) (pull_request_target) Failing after 13s
Details
Generic: Repo Health / Repository health (push) Blocked by required conditions
Details
Generic: Repo Health / Report Issues (push) Blocked by required conditions
Details
Generic: Repo Health / Site Health (push) Has been skipped
Details
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
Details
Generic: Repo Health / Access control (push) Successful in 1s
Details
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Details
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped
Details
Universal: Auto Version Bump / Version Bump (push) Successful in 9s
Details
3edf635a4c
fix: address PR review — error logging, ACL check, fetch error handling
Generic: Repo Health / Scripts governance (push) Blocked by required conditions
Details
Generic: Repo Health / Repository health (push) Blocked by required conditions
Details
Generic: Repo Health / Report Issues (push) Blocked by required conditions
Details
Generic: Repo Health / Site Health (push) Has been skipped
Details
Generic: Repo Health / Access control (push) Successful in 1s
Details
Universal: Auto Version Bump / Version Bump (push) Successful in 7s
Details
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions
Details
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions
Details
Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions
Details
Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions
Details
Universal: PR Check / Report Issues (pull_request) Blocked by required conditions
Details
Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions
Details
Generic: Repo Health / Repository health (pull_request) Blocked by required conditions
Details
Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions
Details
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Details
Generic: Repo Health / Site Health (pull_request) Has been skipped
Details
Generic: Repo Health / Access control (pull_request) Successful in 2s
Details
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 5s
Details
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 6s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 8s
Details
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 10s
Details
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped
Details
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
Details
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || 'development' }}) (pull_request_target) Failing after 10s
Details
Universal: Build & Release / Promote to RC (pull_request) Successful in 14s
Details
e72a007041 
- Log failures in protectBackupDir() and protectWebAccessibleDir() instead
  of silently suppressing with @ (security-critical .htaccess writes)
- Add error_log() to empty catch blocks in boot() and syncMenuIcons()
- Add core.manage ACL check to checkDir() AJAX endpoint
- Surface opendir() failures in browseDir() with warning message
- Add HTTP status check (r.ok) to JS fetch calls before parsing JSON
- Log temp SQL file deletion failures in SteppedBackupEngine
fix: address code review — Apache 2.4 htaccess, browseDir traversal, SQL cast
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions
Details
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions
Details
Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions
Details
Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions
Details
Universal: PR Check / Report Issues (pull_request) Blocked by required conditions
Details
Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions
Details
Generic: Repo Health / Repository health (pull_request) Blocked by required conditions
Details
Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions
Details
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Details
Generic: Repo Health / Site Health (pull_request) Has been skipped
Details
Generic: Repo Health / Access control (pull_request) Successful in 3s
Details
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 7s
Details
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 9s
Details
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 9s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 12s
Details
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
Details
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped
Details
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || 'development' }}) (pull_request_target) Failing after 14s
Details
Universal: Build & Release / Promote to RC (pull_request) Successful in 19s
Details
Generic: Repo Health / Scripts governance (push) Blocked by required conditions
Details
Generic: Repo Health / Repository health (push) Blocked by required conditions
Details
Generic: Repo Health / Report Issues (push) Blocked by required conditions
Details
Generic: Repo Health / Site Health (push) Has been skipped
Details
Generic: Repo Health / Access control (push) Successful in 1s
Details
Universal: Auto Version Bump / Version Bump (push) Successful in 7s
Details
41b481dbfe 
- Update .htaccess content to support both Apache 2.4 (Require all denied)
  and Apache 2.2 (Order deny,allow) in all four locations
- Guard browseDir parent navigation to prevent escaping allowed boundaries
- Add explicit (int) cast on viewLog SQL query for defense-in-depth
chore(release): build 01.05.00-rc [skip ci]
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Details
Branch Cleanup / Delete merged branch (pull_request) Successful in 2s
Details
Universal: Build & Release / Build & Release Pipeline (pull_request) Successful in 14s
Details
dd597a3ecd
jmiller merged commit 3de786cf71 into main 2026-06-07 14:23:05 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
component: admin
Admin UI and views
 component: api
REST API
 component: engine
Backup/restore engine
 component: remote
Remote storage (FTP/GDrive)
 component: scheduler
Scheduled tasks
No labels
Priority -
Type -
Milestone
No items
No Milestone
Projects
Clear projects
No projects
Assignees
Clear assignees
jmiller (Jonathan Miller)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: MokoConsulting/MokoJoomBackup#42
Delete Branch "rc"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?