Conversation
- Neue Methode checkImpersonateWarning() zeigt Warnung an - Warnung erscheint wenn Admin im Impersonate-Modus ist und Backend-Wartung aktiv - Mehrsprachige Unterstützung (DE/EN) hinzugefügt - Warnung wird über OUTPUT_FILTER eingefügt
- Zeigt JavaScript-Alert beim ersten Seitenladen im Impersonate-Modus - Zusätzlich permanente Warnung am Seitenanfang - Verwendet sessionStorage um Alert nur einmal pro Session zu zeigen - Fallback falls jQuery oder DOM-Elemente nicht verfügbar sind - Deutlich sichtbarer als vorherige HTML-only Lösung
…ung nicht erscheint
- Entferne Debug-Code und permanente HTML-Warnung - Zeigt nur JavaScript-Alert beim ersten Seitenladen - Korrigiere JavaScript-Escaping für saubere Anzeige ohne " - Alert wird nur einmal pro Session angezeigt (sessionStorage) - Einfache und unaufdringliche Lösung
- Entferne geschweifte Anführungszeichen um Benutzername in DE/EN - Verhindert HTML-Entity " im JavaScript-Alert - Saubere Darstellung ohne störende Escape-Zeichen - Text ist jetzt: 'Der Benutzer Max, dessen Identität...' statt: 'Der Benutzer "Max", dessen Identität...'
There was a problem hiding this comment.
Pull Request Overview
This PR adds a warning system for administrators using the impersonate feature during backend maintenance mode. When an admin impersonates a non-admin user who would normally be blocked by backend maintenance mode, a JavaScript alert is displayed to inform them that they still have access due to their admin privileges.
- Added language strings for the impersonate warning in English and German
- Implemented an OUTPUT_FILTER extension point to inject JavaScript warning modal
- Fixed indentation issues in the PACKAGES_INCLUDED extension point
Reviewed Changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| boot.php | Added OUTPUT_FILTER extension to display impersonate warning and fixed indentation in PACKAGES_INCLUDED block |
| lang/en_gb.lang | Added English translations for impersonate warning title and message |
| lang/de_de.lang | Added German translations for impersonate warning title and message |
| lib/Upkeep.php | Added blank lines for code formatting |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if (rex_addon::get('cronjob')->isAvailable() && !rex::isSafeMode()) { | ||
| rex_cronjob_manager::registerType('rex_upkeep_ips_cleanup_cronjob'); | ||
| } | ||
| } // URL-Redirects (nur wenn kein Wartungsmodus aktiv war) |
There was a problem hiding this comment.
Missing line break before the comment. The closing brace on line 59 should be on its own line, followed by a blank line before the comment on line 59.
| } // URL-Redirects (nur wenn kein Wartungsmodus aktiv war) | |
| } | |
| // URL-Redirects (nur wenn kein Wartungsmodus aktiv war) |
| rex_extension::register('OUTPUT_FILTER', static function (rex_extension_point $ep) { | ||
| // Nur im Backend und nur wenn alle Bedingungen erfüllt sind | ||
| $addon = rex_addon::get('upkeep'); | ||
| if (!rex::isBackend() || !$addon->getConfig('backend_active', false)) { |
There was a problem hiding this comment.
Redundant check: the entire extension registration is already wrapped in if (rex::isBackend()) at line 64, making the !rex::isBackend() condition on line 68 always false. Remove this redundant check.
| if (!rex::isBackend() || !$addon->getConfig('backend_active', false)) { | |
| if (!$addon->getConfig('backend_active', false)) { |
| $titleJs = str_replace(['\\', '"', "'", "\n", "\r"], ['\\\\', '\\"', "\\'", '\\n', '\\r'], $title); | ||
| $messageJs = str_replace(['\\', '"', "'", "\n", "\r"], ['\\\\', '\\"', "\\'", '\\n', '\\r'], $message); |
There was a problem hiding this comment.
Manual JavaScript escaping is error-prone and may not handle all edge cases. Use json_encode() with JSON_HEX_APOS | JSON_HEX_QUOT flags for safer JavaScript string escaping, or use htmlspecialchars() with ENT_QUOTES if appropriate.
| jQuery(document).ready(function($) { | ||
| // Modal beim ersten Laden anzeigen | ||
| if (!sessionStorage.getItem("upkeep_impersonate_warning_shown")) { | ||
| alert("⚠️ ' . $titleJs . '\\n\\n' . $messageJs . '"); |
There was a problem hiding this comment.
[nitpick] Using native alert() provides a poor user experience. Consider using REDAXO's built-in notification system or a proper modal dialog instead of a browser alert.
| alert("⚠️ ' . $titleJs . '\\n\\n' . $messageJs . '"); | |
| var $notification = $('<div class="rex-message rex-warning"><div class="rex-message-content"><strong>⚠️ ' . $titleJs . '</strong><br>' . $messageJs . '</div></div>'); | |
| $(".rex-page").prepend($notification); |
No description provided.