Updated 055 Dynamic File and Folder Inclusion concept (markdown)

Amigo 2019-09-09 07:55:34 +02:00
parent f03c048ffd
commit 209bbcc55e

@ -74,7 +74,7 @@ So we see two messages that are relevant to the issue at hand. The one deals wit
[00:15:51](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h15m51s) [00:15:51](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h15m51s)
Every time thereafter it should give you this little message here. It should tell you how many code strings are being added to this component as an external code, and to avoid shipping your component with malicious code string, always make sure that the correct code string values were used. If we detect a change, it will also notify you. <<<<<<<<<<<<<<<<< Every time thereafter it should give you this little message here. It should tell you how many code strings are being added to this component as an external code, and to avoid shipping your component with a malicious code string, always make sure that the correct code string values are used. If we detect a change, it will also notify you. <<<<<<<<<<<<<<<<<
@ -83,12 +83,16 @@ Every time thereafter it should give you this little message here. It should tel
[00:16:16](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h16m16s) [00:16:16](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h16m16s)
First let's go do what it said here. Let's go check that it is the correct code. I'm in the ZIP package. [00:16:25](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h16m25s) We see that this library folder has been added. We going to go to the admin area, helpers, open componentbuilders helper file where I added the snippet. Let's just open that and then here we have it, fancydate, and fancydatetime. [00:16:53](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h16m53s) From here to here(see video) was taken from GitHub and put inside of the component. I'm going to make a change to this snippet on GitHub. I'm going to just do something small so that we can see what happens if a change is made to this code, and how JCB response. I'm just adding this [00:17:20](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h17m20s) new little string saying (change was made) and I'm updating this public Gist. So it now tells us that it's been revised for a second time, and a change was made. Now let's compile the component without doing anything else, just make the changes here on GitHub, then go back to the component and compile it. We are selecting this and Compile. [00:17:51](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h17m51s) I can see I will have to add some spacing between the messages here. It doesn't always seem clear enough that the messages are not related to each other like here it's showing that other message again. Like I said it would but you might miss that. I think I'll have to look at that anyway. Let's go and check that it is the correct code. In in the ZIP package we see that this `library` folder has been added. Go to the `admin area`, `helpers`, open Component Builders `helper` file where I added the snippet. Let's just open that and then here we have it, `fancydate`, and `fancydatetime`. [00:16:53](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h16m53s) This whole selected area(see video) was taken from GitHub and put in the component. I am going to make a change to this snippet on GitHub. I'm going to just do something small so that we can see what happens if a change is made to this code, and how JCB responds. I am just adding this [00:17:20](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h17m20s) new short string saying (change was made) and click on this 'Updates Public Gist'. So it now tells us that it has been revised for a second time, and a change was made. Now let's compile the component without doing anything else, just make the changes here on GitHub, then go back to the component and compile it. We are selecting this and Compile. [00:17:51](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h17m51s) Some spacing between the messages should be added. It does not always seem clear enough that the messages are not related to each other like here it is showing that other message again. You might miss that. I need to give attention to this.
### Warnings Area ### Warnings Area
[00:18:12](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h18m12s) [00:18:12](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h18m12s)
Here in the warnings area we see that it has changed since the last compilation. Please investigate to ensure that change is safe. That means JCB is automatically detected that the snippet that you originally added has actually been updated. At this point we anticipated that so. If we go and look at the code, we see that it just added this little part here the 'change was made'. [00:18:49](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h18m49s) The rest of it is exactly the way we want that. Everything is fine, it's a change we anticipated. We know that nobody else has tampered with the script. Neither was there a man in the middle attack. In any case if there is someone tampering with the script, it will end up as a string. Let's say they put something in here it will do [00:19:16](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h19m16s) something like that whatever they put in, and you will see this error in your file. That's how it will play out. In the actual reality JCB will detect that, it will see that the hash for the script is changed, and it will notify you with that message. I'm going to do my part and trying to make sure that it's more obvious you won't miss that message, when you use this kind of implementation, [00:19:52](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h19m52s) it is not the most ideal implementation. It's just that sometimes we want included an external value in our component which is dynamically changing. We want to do it without really thinking about it all the time. This is what this feature is ideal for. Use it with caution and know what you are doing or don't use it at all. Here in the warnings area we see that it has changed since the last compilation. Please examine that to ensure that change is safe. That means JCB has automatically detected that the snippet that you originally added has actually been updated. At this point we anticipated that so. If we go and look at the code, we see that it just added this 'change was made'. [00:18:49](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h18m49s) The rest of it is exactly the way we want it. Everything is fine, it is a change we anticipated.<<<<<<<<
We know that nobody else has tampered with the script. Neither was there a man in the middle attack. In any case if there is someone tampering with the script, it will end up as a string. Let's say they put something in here it will do [00:19:16](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h19m16s) something like that whatever they put in, and you will see this error in your file. That's how it will play out. In the actual reality JCB will detect that, it will see that the hash for the script is changed, and it will notify you with that message. I'm going to do my part and trying to make sure that it's more obvious you won't miss that message, when you use this kind of implementation, [00:19:52](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h19m52s) it is not the most ideal implementation. It's just that sometimes we want included an external value in our component which is dynamically changing. We want to do it without really thinking about it all the time. This is what this feature is ideal for. Use it with caution and know what you are doing or don't use it at all.
That was a quick overview [00:20:21](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h20m21s) of the new folder file inclusion, as well external code inclusion features which I really trust would be useful to you. It's powerful tools. I realize there are the danger of it being abused. But at the same time I think component development works upon reputation and if you want to have a good [00:20:54](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h20m54s) reputation in the community, you shouldn't do anything that will hurt others or damage their contribution, and their applications but you should steer within the parameters of your own component, and your own implementation. In any case because people are going to look at your code they are going to unzip your package they are going to see if you're doing things that are not [00:21:22](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h21m22s) good. They're going to notice that and your reputation will get hurt. That's the last thing you would want when you're developing components for Joomla. That was a quick overview [00:20:21](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h20m21s) of the new folder file inclusion, as well external code inclusion features which I really trust would be useful to you. It's powerful tools. I realize there are the danger of it being abused. But at the same time I think component development works upon reputation and if you want to have a good [00:20:54](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h20m54s) reputation in the community, you shouldn't do anything that will hurt others or damage their contribution, and their applications but you should steer within the parameters of your own component, and your own implementation. In any case because people are going to look at your code they are going to unzip your package they are going to see if you're doing things that are not [00:21:22](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h21m22s) good. They're going to notice that and your reputation will get hurt. That's the last thing you would want when you're developing components for Joomla.