New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[4.0] Move the additional language strings in a separate file & fix postinstall #19449
Conversation
The xml file has no manifest part for languages. I suggest to add them.
|
There are other things that can be done for
|
Thanks fixed. |
$query = $db->getQuery(true) | ||
->update($db->quoteName('#__extensions')) | ||
->set($db->quoteName('params') . ' = ' . $db->quote($params)) | ||
->where($db->quoteName('extension_id') . ' = 487') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be 700
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As far as I see 700 is a common id in postinstall table, 487 in the extensions table
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sorry it looks like i missed your messages :(
I have now choose a different way to solve this problem by renaming the core plugin it is not going to conflict with the 3.x version on a upgrade. So no need for that complete sql stuff.
can you please double check that? It should just enable the plugin currently there is no redirection implemented. |
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_KEY="HTTP Header" | ||
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_VALUE="HTTP Header Value" | ||
PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_TITLE="HTTP Security Headers" | ||
PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_BODY="<p>Joomla! comes with a built-in plugin that handles http security headers. It helps to secure your site by setting the following headers with the default values:<br><ul><li><a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-frame-options'>'X-Frame-Options: SAMEORIGIN'</a></li><li><a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-xss-protection'>'X-XSS-Protection: 1; mode=block'</a></li><li><a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-content-type-options'>'X-Content-Type-Options: nosniff'</a></li><li><a href='https://scotthelme.co.uk/a-new-security-header-referrer-policy/'>'Referrer-Policy: no-referrer-when-downgrade'</a></li></ul><br>The full list of supported headers are: <br><ul><li><a href='https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security'>Strict-Transport-Security</a></li><li><a href='https://en.wikipedia.org/wiki/Content_Security_Policy'>Content-Security-Policy</a></li><li>Content-Security-Policy-Report-Only</li><li>X-Frame-Options</li><li>X-XSS-Protection</li><li>X-Content-Type-Options</li><li>Referrer-Policy</li><li>Expect-CT</li></ul><br>These headers help your browser to protect your website from <a href='https://en.wikipedia.org/wiki/Cross-site_scripting'>XSS</a> and <a href='https://en.wikipedia.org/wiki/Clickjacking'>Clickjacking</a> attacks.</p>" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
<ul>
tag should not be inside a <p>
tag.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
<p>
- tag is removed now.
Still disabled. I expect the postinstall message to disappear after clicking the button if the plugin is to be enabled. |
Sure. hmm I'm going to debug this one. Maybe i'm also going to redirect the user to the edit page so they can configure the needed values in the plugin if they hit enable. Let's see what is the problem and how to fix it. |
I have just fixed the button. A redirect to the plugin edit page is not possible ;) |
Yes it is - i did it in the recaptcha v1 pr #19648 or i misunderstand |
I'm going to review that proposal. Thanks! |
hmm look like this is working. My test before that resulted into a "you are not allowed to use this link directly" error. Now this is fixed. So commit is in coming. Thanks @brianteeman |
The default headers are not set. A var dump of
|
Thanks should be fixed by the last commit. |
I had to save the plugin initially before it would be in effect.
|
I am testing with your branch rather than via PatchTester. This is the error I get when doing a fresh install. I know it is unrelated to your PR, but how to fix it? |
Hmm i have no idea how the session things works nowdays in 4.0 can your user write to that path? |
Thanks Tobias :) |
🎉 |
Pull Request for Issue #18301 (comment)
Summary of Changes
Thanks @brianteeman
Testing Instructions
Expected result
two files & postinstall works also on new installs
Actual result
one file & postinstall is broken.