User tests: Successful: Unsuccessful:
Currently there is no clear overview of which extensions have download keys to make users download their extensions with an extra_query with their keys included to allow the download. Developers have been currently hacking this system by creating their own view to add a download key to the extra_query field in the #__update_sites table (Example of an extra_query field: dlid=%s&dummy=my.zip (%s is the download key)).
Each extension developer may have a different way to build this extra query so the idea is to make a view to manage and insert the download keys of all extensions in a single view in com_installer.
Here are the extensions to test the feature:
Plugin:
plg_csviaddon_virtuemart_csvi_7.1.0.zip
Template:
jpeople.zip
Module:
mod_weblinks.zip
Package:
pkg_weblinks_3.4.1-changelog (3).zip
Library:
lib_fof30-3.1.0-changelog (1).zip
File:
cli2zoombie.zip
To allow the prefix and sufix of the download key you need to have an tag with prefix and sufix in your installation file (here lists.xml) like this:
<dlid prefix="dlid=" sufix="&dummy=my.zip"/>
(note: remember to close />)
Install the component and go to Extensions -> Download Keys Manager
You will not create or delete download keys so there will be only the edit button, the Download Key you see has the prefix and the suffix hidden, so the extra_query of this extension is:
dlid=asd123asd&dummy=my.zip
In the edit view, you will also have the prefix and sufix hidden, so the user don't have to worry about that.
Only the developer will be responsible to define the prefix and sufix of the download key:
The Downloadkeys view will probably be not known to all users, so to reinforce this new feature, a new modal button can be added to the extension when opened in com_plugins:
Every plugin that has an update_site linked to it and a <dlid>
tag on its xml installation file will pop this Download Key button in the toolbar, that will open a remote iframe to the DownloadKey view:
The same will happen also to modules working the same way as com_plugins:
You can try this extension with an invalid updatesite and and dlid to testing porpuses:
mod_weblinks.zip
A simple a intuitive way to the user manage his download keys and less work to the developers to create a view to generate the extra_query
Category | ⇒ | Administration com_installer com_modules com_plugins Language & Strings Modules Libraries |
Status | New | ⇒ | Pending |
Labels |
Added:
?
?
|
Can you look at resolving the conflicts so that this can be tested please.
Category | Administration com_installer com_modules com_plugins Language & Strings Modules Libraries | ⇒ | Administration com_installer com_modules com_plugins Language & Strings Libraries |
Category | Administration com_installer com_modules com_plugins Language & Strings Libraries | ⇒ | Administration com_installer com_modules com_plugins Libraries |
Status | Pending | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2019-07-14 15:54:33 |
Closed_By | ⇒ | roland-d |
Category | Administration com_installer com_modules com_plugins Libraries | ⇒ | Administration com_installer com_modules com_plugins Language & Strings Libraries |
As far as I can see the keys will be shown and stored in the clear.
From my practical experience there are several situations where you use your own key for client pages or nonsalaried work (for example for a club). And you are not always able to hide it using user access.
This will be a problem with normal keys, but a critical problem if those keys are related to
volume-based billing, e.g picture optimizing.
Is there a way to hash the keys or or at least hide them in the backend?
@ka3media Perhaps add it to this issue: https://issues.joomla.org/tracker/joomla-cms/26583
Not going to comment on every xml codestyle error
Please review https://developer.joomla.org/coding-standards/xml.html