MokoConsulting/MokoSuiteBackup
1
0
Fork 0
Code Issues 5 Pull Requests Packages Releases 3 Wiki Activity

feat: per-profile retention, ntfy notifications, extension checks #46

Merged
jmiller merged 20 commits from dev into main 2026-06-18 16:07:21 +00:00
Conversation 0 Commits 20 Files Changed 26
+423 -112

20 Commits

Author SHA1 Message Date
gitea-actions[bot] 2e7e49fa60 chore(version): pre-release bump to 01.22.10-dev [skip ci]
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Details
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
Details
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Details
Universal: Build & Release / Build & Release Pipeline (pull_request) Successful in 11s
Details
2026-06-18 15:59:59 +00:00
Jonathan Miller 55954ba081 fix: remaining review items — prefix in trailing SQL, dead code, indent
Generic: Repo Health / Access control (push) Successful in 1s
Details
Universal: Auto Version Bump / Version Bump (push) Successful in 3s
Details
Generic: Repo Health / Site Health (push) Has been skipped
Details
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 4s
Details
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Details
Generic: Repo Health / Access control (pull_request) Successful in 1s
Details
Generic: Repo Health / Site Health (pull_request) Has been skipped
Details
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 4s
Details
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 7s
Details
Generic: Project CI / Lint & Validate (push) Successful in 42s
Details
Generic: Project CI / Lint & Validate (pull_request) Successful in 42s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 38s
Details
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 44s
Details
Generic: Project CI / Tests (push) Has been cancelled
Details
Generic: Project CI / Tests (pull_request) Has been cancelled
Details
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Details
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Details
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Details
Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (push) Has been cancelled
Details
Generic: Repo Health / Repository health (push) Has been cancelled
Details
Generic: Repo Health / Report Issues (push) Has been cancelled
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Details
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Details
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Details 
- DatabaseImporter: apply #__ prefix replacement on trailing statement
  (was missing for SQL not terminated by semicolon)
- SteppedBackupEngine: remove unused DatabaseDumper instantiation
- SteppedBackupEngine: fix misaligned indentation in stepDatabase()
 2026-06-18 10:59:47 -05:00
gitea-actions[bot] 7ecc855e40 chore(version): pre-release bump to 01.22.09-dev [skip ci] 2026-06-18 15:56:16 +00:00
Jonathan Miller a4c03d0032 fix: critical review — infinite recursion, SQL injection, FK prefix
Generic: Repo Health / Site Health (push) Has been skipped
Details
Generic: Repo Health / Access control (push) Successful in 1s
Details
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Details
Universal: Auto Version Bump / Version Bump (push) Successful in 4s
Details
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 5s
Details
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 5s
Details
Generic: Repo Health / Site Health (pull_request) Has been skipped
Details
Generic: Repo Health / Access control (pull_request) Successful in 1s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 7s
Details
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 7s
Details
Generic: Project CI / Lint & Validate (push) Successful in 31s
Details
Generic: Project CI / Lint & Validate (pull_request) Successful in 31s
Details
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 35s
Details
Generic: Project CI / Tests (push) Has been cancelled
Details
Generic: Project CI / Tests (pull_request) Has been cancelled
Details
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Details
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Details
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Details
Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (push) Has been cancelled
Details
Generic: Repo Health / Repository health (push) Has been cancelled
Details
Generic: Repo Health / Report Issues (push) Has been cancelled
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Details
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Details
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Details 
Critical:
- Fix infinite recursion in getValidatedPrefix() — was calling itself
  instead of extracting from $data array
- Fix SQL injection in actionResetAdmin() — prefix not validated,
  now uses getValidatedPrefix()

High:
- Fix prefix abstraction to cover FK REFERENCES — str_replace now
  targets backtick+prefix pattern to catch all table references in
  CREATE TABLE output, not just the current table name

Medium:
- Security gate file write check — skip verification gracefully if
  file cannot be written (don't lock user out)
- Stepped notification catch \Throwable instead of \Exception
 2026-06-18 10:56:02 -05:00
gitea-actions[bot] 682538e4de chore(version): pre-release bump to 01.22.08-dev [skip ci] 2026-06-18 15:42:29 +00:00
Jonathan Miller b2874f32f2 feat: abstract DB prefix, stepped checksum, restore security gate
Generic: Repo Health / Site Health (push) Has been skipped
Details
Generic: Repo Health / Access control (push) Successful in 1s
Details
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Details
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 4s
Details
Generic: Repo Health / Access control (pull_request) Successful in 2s
Details
Generic: Repo Health / Site Health (pull_request) Has been skipped
Details
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 6s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 7s
Details
Universal: Auto Version Bump / Version Bump (push) Successful in 3s
Details
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 6s
Details
Generic: Project CI / Lint & Validate (pull_request) Successful in 32s
Details
Generic: Project CI / Lint & Validate (push) Successful in 32s
Details
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 35s
Details
Generic: Project CI / Tests (push) Has been cancelled
Details
Generic: Project CI / Tests (pull_request) Has been cancelled
Details
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Details
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Details
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Details
Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (push) Has been cancelled
Details
Generic: Repo Health / Repository health (push) Has been cancelled
Details
Generic: Repo Health / Report Issues (push) Has been cancelled
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Details
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Details
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Details 
Database prefix abstraction:
- DatabaseDumper uses #__ placeholder instead of live prefix in all
  SQL output (DROP TABLE, CREATE TABLE, INSERT INTO)
- SteppedBackupEngine::dumpSingleTable() same #__ replacement
- DatabaseImporter replaces #__ with current site prefix on import
- MokoRestore replaces #__ with user-specified prefix on import
- Backups are now portable across sites with different prefixes

Stepped backup checksum:
- completeRecord() now computes and stores SHA-256 checksum

MokoRestore security gate:
- Writes .mokorestore-security.php with random 8-char code to site root
- User must read code from filesystem and enter it in browser
- Proves filesystem access before any restore actions are allowed
- Security file auto-deleted after successful verification
- All AJAX actions blocked until verification completes
 2026-06-18 10:42:10 -05:00
gitea-actions[bot] b3e7c8ec72 chore(version): pre-release bump to 01.22.07-dev [skip ci] 2026-06-18 15:27:08 +00:00
Jonathan Miller 9656a2a92b fix: PR #46 review — error handling, failure notifications, cleanup
Generic: Repo Health / Access control (push) Successful in 1s
Details
Generic: Repo Health / Site Health (push) Has been skipped
Details
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 7s
Details
Generic: Project CI / Lint & Validate (push) Successful in 11s
Details
Universal: Auto Version Bump / Version Bump (push) Successful in 4s
Details
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Details
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 10s
Details
Generic: Repo Health / Site Health (pull_request) Has been skipped
Details
Generic: Repo Health / Access control (pull_request) Successful in 2s
Details
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 8s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 8s
Details
Generic: Project CI / Lint & Validate (pull_request) Successful in 35s
Details
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 38s
Details
Generic: Project CI / Tests (push) Has been cancelled
Details
Generic: Project CI / Tests (pull_request) Has been cancelled
Details
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Details
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Details
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Details
Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (push) Has been cancelled
Details
Generic: Repo Health / Repository health (push) Has been cancelled
Details
Generic: Repo Health / Report Issues (push) Has been cancelled
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Details
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Details
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Details 
Critical:
- Wrap cleanupOldBackups() in try-catch to prevent admin panel crash
- Add missing fields (total_size, files_count, etc.) to failure record
  so failure notifications actually send

High:
- Log unlink failures in deleteBackupRecord() instead of silent return
- Wrap DB delete in try-catch so one failed record doesn't abort loop
- Check for ext-curl before calling curl_init() in sendNtfy()

Medium:
- Change runPreActionBackup catch from \Exception to \Throwable
- Log warning for skipped files during archive encryption
- Truncate ntfy response body in error logs (200 chars max)
 2026-06-18 10:26:48 -05:00
gitea-actions[bot] f47a99636b chore(version): pre-release bump to 01.22.06-dev [skip ci] 2026-06-18 15:19:59 +00:00
Jonathan Miller 36ec6dd5a3 fix: notifications for AJAX backups, download CSRF token
Generic: Repo Health / Site Health (push) Has been skipped
Details
Generic: Repo Health / Access control (push) Successful in 1s
Details
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Details
Universal: Auto Version Bump / Version Bump (push) Successful in 4s
Details
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 4s
Details
Generic: Repo Health / Access control (pull_request) Successful in 2s
Details
Generic: Repo Health / Site Health (pull_request) Has been skipped
Details
Universal: Secret Scanning / Gitleaks Secret Scan (pull_request) Successful in 7s
Details
Generic: Project CI / Lint & Validate (push) Successful in 11s
Details
Generic: Project CI / Lint & Validate (pull_request) Successful in 11s
Details
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 12s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 48s
Details
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 54s
Details
Generic: Project CI / Tests (push) Has been cancelled
Details
Generic: Project CI / Tests (pull_request) Has been cancelled
Details
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Details
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Details
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Details
Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (push) Has been cancelled
Details
Generic: Repo Health / Repository health (push) Has been cancelled
Details
Generic: Repo Health / Report Issues (push) Has been cancelled
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Details
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Details
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Details 
SteppedBackupEngine now sends email + ntfy notifications on both
success (completeRecord) and failure (failRecord). Previously only
BackupEngine (synchronous CLI/toolbar path) sent notifications.

Download link in backups template now includes the CSRF token in
the URL query string, fixing "security token did not match" error
when clicking download buttons.
 2026-06-18 10:19:43 -05:00
gitea-actions[bot] 6810edcd7f chore(version): pre-release bump to 01.22.05-dev [skip ci] 2026-06-18 14:35:16 +00:00
Jonathan Miller b2eab66d27 fix: include backup_type and archivename in notification record
Generic: Repo Health / Site Health (push) Has been skipped
Details
Generic: Repo Health / Access control (push) Successful in 1s
Details
Universal: Auto Version Bump / Version Bump (push) Successful in 4s
Details
Generic: Project CI / Lint & Validate (push) Successful in 18s
Details
Generic: Project CI / Tests (push) Has been cancelled
Details
Generic: Repo Health / Scripts governance (push) Has been cancelled
Details
Generic: Repo Health / Repository health (push) Has been cancelled
Details
Generic: Repo Health / Report Issues (push) Has been cancelled
Details 
The update object passed to NotificationSender only had fields
being updated in the DB (total_size, checksum, etc). It was missing
backup_type, archivename, description, origin, and backupstart —
which are set on the initial insert and don't change. This caused
ntfy notifications to show empty Type and Archive fields.
 2026-06-18 09:31:51 -05:00
gitea-actions[bot] ee48b150f5 chore(version): pre-release bump to 01.22.04-dev [skip ci] 2026-06-18 14:12:38 +00:00
gitea-actions[bot] 2c58ebed38 chore(version): pre-release bump to 01.22.03-dev [skip ci] 2026-06-18 14:10:46 +00:00
Jonathan Miller 2a4676c999 fix: expand PHP extension checks (#22)
Generic: Repo Health / Access control (push) Successful in 1s
Details
Generic: Repo Health / Site Health (push) Has been skipped
Details
Universal: Auto Version Bump / Version Bump (push) Successful in 4s
Details
Generic: Project CI / Lint & Validate (push) Successful in 8s
Details
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 5s
Details
Generic: Project CI / Tests (push) Has been cancelled
Details
Generic: Repo Health / Scripts governance (push) Has been cancelled
Details
Generic: Repo Health / Repository health (push) Has been cancelled
Details
Generic: Repo Health / Report Issues (push) Has been cancelled
Details 
BackupEngine: check ext-zip, ext-pdo, ext-pdo_mysql, ext-mbstring
before running (was only zip + mbstring).

Installer preflight: warn about missing extensions (zip, pdo,
pdo_mysql, mbstring, curl) during install/update. Warns but does
not block installation so the component can still be configured.

MokoRestore already checks ext-zip, ext-pdo_mysql, ext-mbstring,
ext-json in its preflight step.

composer.json already declares all six extensions as requirements
(zip, pdo, pdo_mysql, curl, ftp, mbstring) — composer install
fails if any are missing, which CI enforces.

Closes #22
 2026-06-18 09:10:35 -05:00
gitea-actions[bot] b3928915fe chore(version): pre-release bump to 01.22.02-dev [skip ci] 2026-06-18 13:19:05 +00:00
gitea-actions[bot] dd09b65cc4 chore(version): pre-release bump to 01.22.01-dev [skip ci] 2026-06-17 16:42:27 +00:00
gitea-actions[bot] 9a908e2e3c chore(version): pre-release bump to 01.22.00-rc [skip ci] 2026-06-17 07:57:03 +00:00
gitea-actions[bot] d8367d7beb chore(version): pre-release bump to 01.21.01-dev [skip ci] 2026-06-17 07:56:07 +00:00
Jonathan Miller 11141f27f4 feat: per-profile backup retention (days and count)
Generic: Repo Health / Access control (push) Successful in 1s
Details
Generic: Repo Health / Site Health (push) Has been skipped
Details
Universal: Auto Version Bump / Version Bump (push) Successful in 3s
Details
Generic: Project CI / Lint & Validate (push) Successful in 8s
Details
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 6s
Details
Generic: Project CI / Tests (push) Has been cancelled
Details
Generic: Repo Health / Scripts governance (push) Has been cancelled
Details
Generic: Repo Health / Repository health (push) Has been cancelled
Details
Generic: Repo Health / Report Issues (push) Has been cancelled
Details 
Each profile can now set its own retention_days and retention_count.
A value of 0 means use the global default from component options.

Cleanup logic refactored to iterate per-profile with individual
retention thresholds. Also cleans up orphaned records where the
parent profile was deleted. Log files alongside archives are now
removed during cleanup.

Extracted deleteBackupRecord() helper for consistent file+DB cleanup.
 2026-06-17 02:55:55 -05:00