Release v01.05.00 — dashboard menu, [DEFAULT_DIR], live validation, security hardening #42
8 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
 gitea-actions[bot]
|
dd597a3ecd | chore(release): build 01.05.00-rc [skip ci] | ||
|
Jonathan Miller
|
41b481dbfe |
fix: address code review — Apache 2.4 htaccess, browseDir traversal, SQL cast
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions
Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions
Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions
Universal: PR Check / Report Issues (pull_request) Blocked by required conditions
Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions
Generic: Repo Health / Repository health (pull_request) Blocked by required conditions
Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 3s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 7s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 9s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 9s
Universal: PR Check / Validate PR (pull_request) Failing after 12s
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || 'development' }}) (pull_request_target) Failing after 14s
Universal: Build & Release / Promote to RC (pull_request) Successful in 19s
Generic: Repo Health / Scripts governance (push) Blocked by required conditions
Generic: Repo Health / Repository health (push) Blocked by required conditions
Generic: Repo Health / Report Issues (push) Blocked by required conditions
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 1s
Universal: Auto Version Bump / Version Bump (push) Successful in 7s
- Update .htaccess content to support both Apache 2.4 (Require all denied) and Apache 2.2 (Order deny,allow) in all four locations - Guard browseDir parent navigation to prevent escaping allowed boundaries - Add explicit (int) cast on viewLog SQL query for defense-in-depth |
||
|
Jonathan Miller
|
e72a007041 |
fix: address PR review — error logging, ACL check, fetch error handling
Generic: Repo Health / Scripts governance (push) Blocked by required conditions
Generic: Repo Health / Repository health (push) Blocked by required conditions
Generic: Repo Health / Report Issues (push) Blocked by required conditions
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 1s
Universal: Auto Version Bump / Version Bump (push) Successful in 7s
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions
Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions
Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions
Universal: PR Check / Report Issues (pull_request) Blocked by required conditions
Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions
Generic: Repo Health / Repository health (pull_request) Blocked by required conditions
Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 2s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 5s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 6s
Universal: PR Check / Validate PR (pull_request) Failing after 8s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 10s
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || 'development' }}) (pull_request_target) Failing after 10s
Universal: Build & Release / Promote to RC (pull_request) Successful in 14s
- Log failures in protectBackupDir() and protectWebAccessibleDir() instead of silently suppressing with @ (security-critical .htaccess writes) - Add error_log() to empty catch blocks in boot() and syncMenuIcons() - Add core.manage ACL check to checkDir() AJAX endpoint - Surface opendir() failures in browseDir() with warning message - Add HTTP status check (r.ok) to JS fetch calls before parsing JSON - Log temp SQL file deletion failures in SteppedBackupEngine |
||
|
Jonathan Miller
|
3edf635a4c |
docs: update changelog with all unreleased changes for v01.05.00
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions
Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions
Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions
Universal: PR Check / Report Issues (pull_request) Blocked by required conditions
Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions
Generic: Repo Health / Repository health (pull_request) Blocked by required conditions
Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions
Generic: Repo Health / Site Health (pull_request) Has been skipped
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Generic: Repo Health / Access control (pull_request) Successful in 2s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 8s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 8s
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 10s
Universal: PR Check / Validate PR (pull_request) Failing after 12s
Generic: Repo Health / Scripts governance (push) Blocked by required conditions
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || 'development' }}) (pull_request_target) Failing after 13s
Generic: Repo Health / Repository health (push) Blocked by required conditions
Generic: Repo Health / Report Issues (push) Blocked by required conditions
Generic: Repo Health / Site Health (push) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
Generic: Repo Health / Access control (push) Successful in 1s
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped
Universal: Auto Version Bump / Version Bump (push) Successful in 9s
|
||
|
gitea-actions[bot]
|
3339eac9de | chore(version): pre-release bump to 01.04.02-dev [skip ci] | ||
|
Jonathan Miller
|
6e18c77670 |
feat: add submenu icons via FA6 CSS injection and sync menu icons on install
Generic: Repo Health / Scripts governance (push) Blocked by required conditions
Generic: Repo Health / Repository health (push) Blocked by required conditions
Generic: Repo Health / Report Issues (push) Blocked by required conditions
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 1s
Universal: Auto Version Bump / Version Bump (push) Successful in 7s
- Inject Font Awesome 6 icons for Dashboard, Backups, and Profiles submenu items via MokoJoomBackupComponent::boot() using WebAssetManager - Add syncMenuIcons() to installer script to set img column in #__menu on both install and update (Joomla doesn't refresh icons on upgrade) - Add encryptionPassword property to SteppedSession for stepped backup encryption support |
||
|
gitea-actions[bot]
|
3ee620eca1 | chore(version): pre-release bump to 01.04.01-dev [skip ci] | ||
|
Jonathan Miller
|
608aeb3641 |
feat: add dashboard menu, [DEFAULT_DIR] placeholder, live dir validation, and backup security
Generic: Repo Health / Scripts governance (push) Blocked by required conditions
Generic: Repo Health / Repository health (push) Blocked by required conditions
Generic: Repo Health / Report Issues (push) Blocked by required conditions
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 1s
Universal: Auto Version Bump / Version Bump (push) Successful in 8s
- Add Dashboard as first submenu entry in component manifest - Add [DEFAULT_DIR] placeholder to PlaceholderResolver for portable profiles - Add live AJAX directory permission checking on backup_dir field changes - Add web-accessible warning badge on backup download buttons - Auto-create .htaccess protection in web-accessible backup dirs on profile save - Auto-create .htaccess protection at backup time in both engines - Add checkDir AJAX endpoint for real-time directory validation - Fix script.php warnMissingLicenseKey running on uninstall |