first commit

2026-02-08 21:16:11 +01:00
commit e17b7026fd
8881 changed files with 1160453 additions and 0 deletions
--- a/components/com_akeebabackup/language/.htaccess
+++ b/components/com_akeebabackup/language/.htaccess
@@ -0,0 +1,9 @@
+<IfModule !mod_authz_core.c>
+Order deny,allow
+Deny from all
+</IfModule>
+<IfModule mod_authz_core.c>
+  <RequireAll>
+    Require all denied
+  </RequireAll>
+</IfModule>
--- a/components/com_akeebabackup/language/en-GB/com_akeebabackup.ini
+++ b/components/com_akeebabackup/language/en-GB/com_akeebabackup.ini
@@ -0,0 +1,8 @@
+COM_AKEEBABACKUP_COMMON_EMAIL_BODY_INFO="The new backup was taken with profile #%s. It consists of %s part(s). The full list of files of this backup set is the following:"
+COM_AKEEBABACKUP_COMMON_EMAIL_BODY_OK="Akeeba Backup has completed backing up your site using the front-end backup feature. You may visit the site's administrator section to download the backup."
+COM_AKEEBABACKUP_COMMON_EMAIL_SUBJECT_OK="Akeeba Backup has taken a new backup"
+COM_AKEEBABACKUP_COMMON_ERR_NOT_ENABLED="Operation not permitted"
+COM_AKEEBABACKUP_EMAIL_POSTPROCESSING_FAILED="Post-processing (upload to remote storage) has FAILED."
+COM_AKEEBABACKUP_EMAIL_POSTPROCESSING_SUCCESS="Post-processing (upload to remote storage) was successful."
+COM_AKEEBABACKUP_ERR_NO_FRONTEND_IN_CORE="Akeeba Backup Core does not have any frontend / remote backup features. Please upgrade to Akeeba Backup Professional."
+COM_AKEEBABACKUP_BACKUP_DEFAULT_DESCRIPTION="Backup taken on"
--- a/components/com_akeebabackup/language/web.config
+++ b/components/com_akeebabackup/language/web.config
@@ -0,0 +1,16 @@
+<?xml version="1.0"?>
+<!--
+    This only works on IIS 7 or later. See https://www.iis.net/configreference/system.webserver/security/requestfiltering/fileextensions
+-->
+<configuration>
+    <system.webServer>
+        <security>
+            <requestFiltering>
+                <fileExtensions allowUnlisted="false" >
+                    <clear />
+                    <add fileExtension=".html" allowed="true"/>
+                </fileExtensions>
+            </requestFiltering>
+        </security>
+    </system.webServer>
+</configuration>
--- a/components/com_akeebabackup/src/.htaccess
+++ b/components/com_akeebabackup/src/.htaccess
@@ -0,0 +1,9 @@
+<IfModule !mod_authz_core.c>
+Order deny,allow
+Deny from all
+</IfModule>
+<IfModule mod_authz_core.c>
+  <RequireAll>
+    Require all denied
+  </RequireAll>
+</IfModule>
--- a/components/com_akeebabackup/src/Dispatcher/Dispatcher.php
+++ b/components/com_akeebabackup/src/Dispatcher/Dispatcher.php
@@ -0,0 +1,72 @@
+<?php
+/**
+ * @package   akeebabackup
+ * @copyright Copyright (c)2006-2022 Nicholas K. Dionysopoulos / Akeeba Ltd
+ * @license   GNU General Public License version 3, or later
+ */
+
+namespace Akeeba\Component\AkeebaBackup\Site\Dispatcher;
+
+defined('_JEXEC') || die;
+
+use Akeeba\Component\AkeebaBackup\Administrator\Dispatcher\Dispatcher as BackendDispatcher;
+use Exception;
+use Joomla\CMS\Document\FactoryInterface;
+use Joomla\CMS\Document\JsonDocument as JDocumentJSON;
+use Joomla\CMS\Factory as JFactory;
+
+class Dispatcher extends BackendDispatcher
+{
+	protected $defaultController = 'backup';
+
+	protected function onAfterDispatch()
+	{
+		$view = $this->input->getCmd('view', $this->defaultController);
+
+		if (ucfirst(strtolower($view)) === 'Api')
+		{
+			$this->fixJsonApiOutput();
+		}
+	}
+
+	/**
+	 * Make sure the JSON API always outputs a JSON document.
+	 *
+	 * This works even when you have enabled caching, Joomla's off-line mode or tried to use tmpl=component.
+	 *
+	 * @throws  Exception
+	 */
+	private function fixJsonApiOutput()
+	{
+		$format = $this->input->getCmd('format', 'html');
+
+		if ($format == 'json')
+		{
+			return;
+		}
+
+		$app = JFactory::getApplication();
+
+		// Disable caching, disable offline, force use of index.php
+		$app->set('caching', 0);
+		$app->set('offline', 0);
+		$app->set('themeFile', 'index.php');
+
+		/** @var FactoryInterface $documentFactory */
+		$documentFactory = JFactory::getContainer()->get(FactoryInterface::class);
+		/** @var JDocumentJSON $doc */
+		$doc = $documentFactory->createDocument('json');
+
+		$app->loadDocument($doc);
+
+		if (property_exists(JFactory::class, 'document'))
+		{
+			JFactory::$document = $doc;
+		}
+
+		// Set a custom document name
+		/** @var JDocumentJSON $document */
+		$document = $this->app->getDocument();
+		$document->setName('akeeba_backup');
+	}
+}
--- a/components/com_akeebabackup/src/Mixin/ControllerActivateProfileTrait.php
+++ b/components/com_akeebabackup/src/Mixin/ControllerActivateProfileTrait.php
@@ -0,0 +1,40 @@
+<?php
+/**
+ * @package   akeebabackup
+ * @copyright Copyright (c)2006-2022 Nicholas K. Dionysopoulos / Akeeba Ltd
+ * @license   GNU General Public License version 3, or later
+ */
+
+namespace Akeeba\Component\AkeebaBackup\Site\Mixin;
+
+// Protect from unauthorized access
+use Akeeba\Engine\Platform;
+
+defined('_JEXEC') || die();
+
+/**
+ * Provides the method to set the current backup profile from the request variables
+ */
+trait ControllerActivateProfileTrait
+{
+	/**
+	 * Set the active profile from the input parameters
+	 */
+	protected function setProfile()
+	{
+		$profile = $this->input->getInt('profile', 1);
+		$profile = max(1, $profile);
+
+		$this->app->getSession()->set('akeebabackup.profile', $profile);
+
+		/**
+		 * DO NOT REMOVE!
+		 *
+		 * The Model will only try to load the configuration after nuking the factory. This causes Profile 1 to be
+		 * loaded first. Then it figures out it needs to load a different profile and it does – but the protected keys
+		 * are NOT replaced, meaning that certain configuration parameters are not replaced. Most notably, the chain.
+		 * This causes backups to behave weirdly. So, DON'T REMOVE THIS UNLESS WE REFACTOR THE MODEL.
+		 */
+		Platform::getInstance()->load_configuration($profile);
+	}
+}
--- a/components/com_akeebabackup/src/Mixin/ControllerCustomRedirectionTrait.php
+++ b/components/com_akeebabackup/src/Mixin/ControllerCustomRedirectionTrait.php
@@ -0,0 +1,35 @@
+<?php
+/**
+ * @package   akeebabackup
+ * @copyright Copyright (c)2006-2022 Nicholas K. Dionysopoulos / Akeeba Ltd
+ * @license   GNU General Public License version 3, or later
+ */
+
+namespace Akeeba\Component\AkeebaBackup\Site\Mixin;
+
+// Protect from unauthorized access
+
+defined('_JEXEC') || die();
+
+/**
+ * Provides the method to send custom HTTP redirection headers
+ */
+trait ControllerCustomRedirectionTrait
+{
+	/**
+	 * Sends custom HTTP redirection headers
+	 *
+	 * @param   string  $url     The URL to redirect to
+	 * @param   string  $header  The HTTP header to send, default 302 Found
+	 */
+	protected function customRedirect($url, $header = '302 Found')
+	{
+		header('HTTP/1.1 ' . $header);
+		header('Location: ' . $url);
+		header('Content-Type: text/plain');
+		header('Connection: close');
+
+		$this->app->close();
+	}
+
+}
--- a/components/com_akeebabackup/src/Mixin/ControllerFrontEndPermissionsTrait.php
+++ b/components/com_akeebabackup/src/Mixin/ControllerFrontEndPermissionsTrait.php
@@ -0,0 +1,91 @@
+<?php
+/**
+ * @package   akeebabackup
+ * @copyright Copyright (c)2006-2022 Nicholas K. Dionysopoulos / Akeeba Ltd
+ * @license   GNU General Public License version 3, or later
+ */
+
+namespace Akeeba\Component\AkeebaBackup\Site\Mixin;
+
+// Protect from unauthorized access
+use Akeeba\Engine\Platform;
+use Akeeba\Engine\Util\Complexify;
+use DateInterval;
+use Exception;
+use Joomla\CMS\Component\ComponentHelper;
+use Joomla\CMS\Date\Date;
+use Joomla\CMS\Language\Text;
+
+defined('_JEXEC') || die();
+
+/**
+ * Provides the method to check whether front-end backup is enabled and weather the key is correct
+ */
+trait ControllerFrontEndPermissionsTrait
+{
+	private static $ENABLE_DATE_CHECKS = false;
+
+	/**
+	 * Check that the user has sufficient permissions to access the front-end backup feature.
+	 *
+	 * @return  void
+	 */
+	protected function checkPermissions()
+	{
+		// Is frontend backup enabled?
+		$cParams = ComponentHelper::getParams('com_akeebabackup');
+		$febEnabled = $cParams->get('legacyapi_enabled', 0) == 1;
+
+		// Is the Secret Key strong enough?
+		$validKey     = Platform::getInstance()->get_platform_configuration_option('frontend_secret_word', '');
+		$validKeyTrim = trim($validKey);
+
+		if (!Complexify::isStrongEnough($validKey, false))
+		{
+			$febEnabled = false;
+		}
+
+		if (static::$ENABLE_DATE_CHECKS && !$this->confirmDates())
+		{
+			@ob_end_clean();
+			echo '402 Your version of Akeeba Backup is too old. Please update it to re-enable the remote backup features';
+			flush();
+
+			$this->app->close();
+		}
+
+		// Is the key good?
+		$key = $this->input->get('key', '', 'raw');
+
+		if (!$febEnabled || ($key != $validKey) || (empty($validKeyTrim)))
+		{
+			@ob_end_clean();
+			echo sprintf("403 %s", Text::_('COM_AKEEBABACKUP_COMMON_ERR_NOT_ENABLED'));
+			flush();
+
+			$this->app->close();
+		}
+	}
+
+	private function confirmDates()
+	{
+		if (!defined('AKEEBABACKUP_DATE'))
+		{
+			return false;
+		}
+
+		try
+		{
+			$jDate    = new Date(AKEEBABACKUP_DATE);
+			$interval = new DateInterval('P4M');
+			$jFuture  = $jDate->add($interval);
+			$futureTS = $jFuture->toUnix();
+		}
+		catch (Exception $e)
+		{
+			return false;
+		}
+
+		return time() <= $futureTS;
+	}
+}
--- a/components/com_akeebabackup/src/web.config
+++ b/components/com_akeebabackup/src/web.config
@@ -0,0 +1,16 @@
+<?xml version="1.0"?>
+<!--
+    This only works on IIS 7 or later. See https://www.iis.net/configreference/system.webserver/security/requestfiltering/fileextensions
+-->
+<configuration>
+    <system.webServer>
+        <security>
+            <requestFiltering>
+                <fileExtensions allowUnlisted="false" >
+                    <clear />
+                    <add fileExtension=".html" allowed="true"/>
+                </fileExtensions>
+            </requestFiltering>
+        </security>
+    </system.webServer>
+</configuration>