fix: remote upload prefix mismatch and restore security file #193

Merged
jmiller merged 6 commits from fix/sftp-upload-and-restore-security into main 2026-06-30 18:11:33 +00:00
Owner

Summary\n\n- SFTP/FTP/S3/GDrive upload fix: createUploaderFromParams() now adds the type-specific prefix (sftp_, ftp_, s3_, gdrive_) to param keys before passing to uploader constructors. The remotes table stores unprefixed keys (host, port) but all uploaders expect prefixed names (sftp_host, sftp_port). This caused "SFTP host is not configured" errors on every multi-remote upload.\n- Restore security file fix: Renamed .mokorestore-security.php to mokorestore-security.php (no leading dot). Dotfiles are hidden by default in file managers and blocked by most web server configs, making the security verification step impossible to complete. Also added cleanup of the security file in actionCleanup().\n\nCloses #13\n\n## Test plan\n\n- [ ] Create an SFTP remote destination on a profile, run a backup, verify upload succeeds\n- [ ] Test with FTP, S3, and Google Drive remote types if available\n- [ ] Generate a standalone restore.php, deploy to a test server, verify mokorestore-security.php is created and visible\n- [ ] Complete the security verification flow and confirm the file is deleted after verification\n- [ ] Run cleanup step and verify mokorestore-security.php is removed\n\nhttps://claude.ai/code/session_01MbEjBtsSjPuTWhqqrMS2wG

## Summary\n\n- **SFTP/FTP/S3/GDrive upload fix**: `createUploaderFromParams()` now adds the type-specific prefix (`sftp_`, `ftp_`, `s3_`, `gdrive_`) to param keys before passing to uploader constructors. The remotes table stores unprefixed keys (`host`, `port`) but all uploaders expect prefixed names (`sftp_host`, `sftp_port`). This caused \"SFTP host is not configured\" errors on every multi-remote upload.\n- **Restore security file fix**: Renamed `.mokorestore-security.php` to `mokorestore-security.php` (no leading dot). Dotfiles are hidden by default in file managers and blocked by most web server configs, making the security verification step impossible to complete. Also added cleanup of the security file in `actionCleanup()`.\n\nCloses #13\n\n## Test plan\n\n- [ ] Create an SFTP remote destination on a profile, run a backup, verify upload succeeds\n- [ ] Test with FTP, S3, and Google Drive remote types if available\n- [ ] Generate a standalone restore.php, deploy to a test server, verify `mokorestore-security.php` is created and visible\n- [ ] Complete the security verification flow and confirm the file is deleted after verification\n- [ ] Run cleanup step and verify `mokorestore-security.php` is removed\n\nhttps://claude.ai/code/session_01MbEjBtsSjPuTWhqqrMS2wG
jmiller added 2 commits 2026-06-30 17:50:35 +00:00
fix: remote upload prefix mismatch and restore security file visibility
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 23s
3a6bb1c783
Remote uploaders (SFTP, FTP, S3, Google Drive) expect type-prefixed
property names (sftp_host, ftp_port, etc.) but createUploaderFromParams
passes unprefixed keys from the remotes table params JSON. Add prefix
mapping in createUploaderFromParams to bridge the naming gap.

Rename .mokorestore-security.php to mokorestore-security.php (no leading
dot) so the file is visible in file managers and not blocked by web
server dotfile rules. Also clean it up in actionCleanup.

Closes #13

Claude-Session: https://claude.ai/code/session_01MbEjBtsSjPuTWhqqrMS2wG
jmiller added 1 commit 2026-06-30 17:53:43 +00:00
fix: recreate security file if missing while verification is pending
Universal: PR Check / Branch Policy (pull_request) Failing after 1s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 6s
Generic: Repo Health / Access control (pull_request) Successful in 1s
Universal: PR Check / Validate PR (pull_request) Failing after 8s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Universal: PR Check / Secret Scan (pull_request) Successful in 9s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 11s
Generic: Project CI / Lint & Validate (pull_request) Successful in 13s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 22s
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped
Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Successful in 34s
Generic: Project CI / Tests (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report: Scripts Governance (pull_request) Has been cancelled
Generic: Repo Health / Report: Repository Health (pull_request) Has been cancelled
20ce945e73
The security file was only written inside the code-generation block
(first page load). If the file was deleted or failed to write, it
was never recreated because the session already held the code. Now
file writing is a separate check that runs whenever verification is
pending and the file is missing.

Claude-Session: https://claude.ai/code/session_01MbEjBtsSjPuTWhqqrMS2wG
jmiller added 1 commit 2026-06-30 17:54:02 +00:00
jmiller added 1 commit 2026-06-30 18:00:07 +00:00
fix: add verbose error_log throughout restore script
Universal: PR Check / Branch Policy (pull_request) Failing after 2s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 8s
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 7s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Generic: Repo Health / Access control (pull_request) Successful in 2s
Universal: PR Check / Validate PR (pull_request) Failing after 8s
Generic: Project CI / Lint & Validate (pull_request) Successful in 16s
Universal: PR Check / Secret Scan (pull_request) Successful in 11s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 30s
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Universal: Build & Release / Build & Release Pipeline (pull_request) Has been skipped
Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Successful in 41s
Generic: Project CI / Tests (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report: Scripts Governance (pull_request) Has been cancelled
Generic: Repo Health / Report: Repository Health (pull_request) Has been cancelled
4093267984
Every action handler now logs entry, key parameters, outcomes, and
failures to PHP error_log. Security file creation logs directory
permissions, PHP user, and the specific error when file_put_contents
fails. Database import logs SQL file size, statement counts, and
individual errors. Cleanup logs each file removal success/failure.

Claude-Session: https://claude.ai/code/session_01MbEjBtsSjPuTWhqqrMS2wG
jmiller added 1 commit 2026-06-30 18:00:29 +00:00
chore(version): pre-release bump to 02.52.18-dev [skip ci]
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Successful in 1s
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Universal: Build & Release / Build & Release Pipeline (pull_request) Successful in 33s
Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Successful in 2m23s
3d9c48f40f
jmiller merged commit 2d3a697f22 into main 2026-06-30 18:11:33 +00:00
jmiller deleted branch fix/sftp-upload-and-restore-security 2026-06-30 18:11:33 +00:00
Sign in to join this conversation.
No Reviewers
Priority -
Type -
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: MokoConsulting/MokoSuiteBackup#193