joomla/Component-Builder
joomla
/
Component-Builder
38
20
Fork 11
Code Issues 55 Pull Requests Projects 3 Releases Wiki Activity

Updated 055 Dynamic File and Folder Inclusion concept (markdown)

Amigo 2019-09-07 09:30:46 +02:00
parent 46a37c09f0
commit f03c048ffd
1 changed files with 17 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
055-Dynamic-File-and-Folder-Inclusion-concept.md

@ -19,21 +19,21 @@ There is now a new area called 'Advance'. [00:02:35](https://www.youtube.com/wat
[00:02:53](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h02m53s)
Just make sure that the PHP has the right to the file and can read it(See Video). But for most cases it is not necessary to grab files outside the Joomla root directory, because we are just editing a custom file inside of our Joomla Component which we have created. [00:03:24](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h03m24s) But this file or this folders are not generated by JCB. We want those files where they are actively running inside of our component. We want them to be taken and put into the package without us having to move it around. So you can like a I am doing here(see video). [00:03:52](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h03m52s), There is a note; '_Please note... use constant paths_'. That you can use constant paths and the full path directly without quotes. That means you do not need to do like in PHP,(follow on video) you put this part in quotes. Well you do not need to do any of that. You can put the constant directly like that and the compiler will deal with this and make it right.[00:04:21](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h04m21s) You can do that also with folders as well as with files.
Just make sure that the PHP has the right to the file and can read it(See Video). But for most cases, it is not necessary to grab files outside the Joomla root directory, because we are just editing a custom file inside of our Joomla Component which we have created. [00:03:24](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h03m24s) But this file or these folders are not generated by JCB. We want those files where they are actively running inside of our component. We want them to be taken and put into the package without us having to move it around. So you can like, I am doing here(see video). [00:03:52](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h03m52s) There is a note; '_Please note... use constant paths_'. That you can use constant paths and the full path directly without quotes. That means you do not need to do like in PHP,(follow on video) you put this part in quotes. Well, you do not need to do any of that. You can put the constant directly like that and the compiler will deal with this and make it right. [00:04:21](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h04m21s) You can do that also with folders as well as with files.
### Need To Set The Target Path And Relation To The Zip Package
[00:04:29](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h04m29s)
Then you need to still set the target path and relation to the ZIP package. You will have folders called 'Admin'. But here I am doing a folder called 'libraries/vdm_io'. [00:04:45](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h04m45s) That means I am targeting a folder which is not part of a component package but because I want that folder to be installed with my component every time, I do not want to have a separate package for this library. [00:05:15](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h05m15s) JCB has been improved to include this package, which is, if you look at this(see video) will see that it is a composer file and I am including some Composer Classes there, which is now used in JCB. With each install it is moved into its place.[00:05:39](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h05m39s) That might be outside of convention, but there is neither rules against it.
Then you need to still set the target path and relation to the ZIP package. You will have folders called 'Admin'. But here I am doing a folder called 'libraries/vdm_io'. [00:04:45](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h04m45s) That means I am targeting a folder which is not part of a component package but because I want that folder to be installed with my component every time, I do not want to have a separate package for this library. [00:05:15](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h05m15s) JCB has been improved to include this package, which is if you look at this(see video) will see that it is a composer file and I am including some Composer Classes there, which is now used in JCB. With each install, it is moved into its place. [00:05:39](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h05m39s) That might be outside of the convention, but there are neither rules against it.
### JCB Detects You Are Not Targeting Normal Folders - Add A Little Script To Script Install
[00:05:53](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h05m53s)
When JCB detects that you are not targeting the normal Admin, Media or Site Folders,nwhich is not part of the expected component package folders, it will add a little script to the script install.[00:06:28](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h06m28s) So that it move this folder into its correct place upon installation of the component or whether the component is updated. I have the script file for Component Builder open and I am going to scroll down. [00:06:58](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h06m58s) This new little script is way at the bottom ,(setDynamicF0ld3rs) it does not conflict with any other method at anytime. It gets the details from the above methods. Then it checks whether the folders gets the dynamic install folder. It checks whether there is more than one. Then [00:07:29](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h07m29s) if it is one of these Media, Admin,or Site, it ignores it, because those already being dealt with by Joomla. If it is not, it moves it into its correct place. This is a dangerous feature, you must use this with caution because you can literally grab with this new function, anything anywhere from your Joomla website and overwrite it anywhere on the users installation website, which could be problematic.[00:07:59](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h07m59s) Something you should not do unless it is your right to do so.
When JCB detects that you are not targeting the normal Admin, Media or Site Folders, which is not part of the expected component package folders, it will add a little script to the script install.[00:06:28](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h06m28s) So that it move this folder into its correct place upon installation of the component or whether the component is updated. I have the script file for Component Builder open and I am going to scroll down. [00:06:58](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h06m58s) This new little script is way at the bottom, (setDynamicF0ld3rs) it does not conflict with any other method at any time. It gets the details from the above methods. Then it checks whether the folders get the dynamic install folder. It checks whether there is more than one. Then [00:07:29](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h07m29s) if it is one of these Media, Admin, or Site, it ignores it, because those already being dealt with by Joomla. If it is not, it moves it into its correct place. This is a dangerous feature, you must use this with caution because you can literally grab with this new function, anything anywhere from your Joomla website and overwrite it anywhere on the users installation website, which could be problematic.[00:07:59](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h07m59s) Something you should not do unless it is your right to do so.
This is the new feature in dynamic movement of folders and files.[00:08:25](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h08m25s) What makes this all so nice is if you are using these constants in the naming of your paths, if you export a JCB package and you import it at another JCB install, it remaps these files. It export them, remaps them and move them back into place on the other install. That really makes it very comfortable in working in a team and you want to have these files always to be the same everywhere.
This is the new feature in dynamic movement of folders and files.[00:08:25](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h08m25s) What makes this all so nice is if you are using these constants in the naming of your paths, if you export a JCB package and you import it at another JCB install, it remaps these files. It export them, remaps them and moves them back into place on the other install. That really makes it very comfortable in working in a team and you want to have these files always to be the same everywhere.
### Heads Up - Consider With Whom You Are Sharing Packages - Part Of Security
@ -46,23 +46,21 @@ This is the new feature in dynamic movement of folders and files.[00:08:25](http
[00:09:49](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h09m49s)
The other aspect which I mentioned earlier, where you are able to get content from anywhere works as follows. So anywhere in any custom area of JCB, where you can add custom script, you can also use this 'EXTERNALCODE' Snippet. Now, this could be a URL or it could be a folder in your system. This folder does not yet work with Constants. It needs to be exact for the path at this stage but the reality is that with this EXTERNALCODE concept, you can take for example the variable from a Gits snippet. [00:10:36](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h10m36s)
Let me illustrate. Here is what I have called 'fancydate' which is a few static functions that are not wrapped in the class yet. It is outside a class because I want to include it in my helper class with the snippet, that I can have others work with me on this code on GitHub. [00:11:07](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h11m07s) If any changes are made to this code, it automatically updates my system. Now there might be some security concern in doing it. But a few tricks has been added in the compiler to notify you if there has been a change to the code. [00:11:36](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h11m36s)
It means that the first time you use that snippet to include this snippet that you have got here, you do something like 'Raw'. Here is a text file. Grab that URL(see video) an add it like this. [00:12:11](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h12m11s) Currently it is bound to a specific version which if anybody makes a change to the snippet, you will not get the new version. Well, that is the way to lock it in. But if you want it to be dynamic, you can remove a part of this(see video) and then you can use it like that.
The other aspect which I mentioned earlier, where you are able to get content from anywhere works as follows. So anywhere in any custom area of JCB, where you can add a custom script, you can also use this 'EXTERNALCODE' Snippet. Now, this could be a URL or it could be a folder in your system. This folder does not yet work with Constants. It needs to be exact for the path at this stage but the reality is that with this EXTERNALCODE concept, you can take for example the variable from a Gits snippet. [00:10:36](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h10m36s)
Let me illustrate. Here is what I have called 'fancydate' which is a few static functions that are not wrapped in the class yet. It is outside a class because I want to include it in my helper class with the snippet, that I can have others work with me on this code on GitHub. [00:11:07](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h11m07s) If any changes are made to this code, it automatically updates my system. Now there might be some security concern in doing it. But a few tricks have been added in the compiler to notify you if there has been a change to the code. [00:11:36](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h11m36s)
It means that the first time you use that snippet to include this snippet that you have got here, you do something like 'Raw'. Here is a text file. Grab that URL(see video) an add it like this. [00:12:11](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h12m11s) Currently it is bound to a specific version which if anybody makes a change to the snippet, you will not get the new version. Well, that is the way to lock it in. But if you want it to be dynamic, you can remove a part of this(see video) and then you can use it like that.
### Specific Piece Of Text Dynamically Added To The Back End Of Component Builder
[00:12:38](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h12m38s)
Now this specific piece of text that you see here, will dynamically be added to my component. Let me demonstrate. I have opened Component Builder in its back end gone to this Libs & Helpers tab and scroll down to this area which is called Admin class. I will do it in the admin area so that is easily detectable. [00:13:07](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h13m07s) I am going to add that snippet like that so it says EXTERNALCODE with the path of the URL. Save and close.
Now this specific piece of text that you see here, will dynamically be added to my component. Let me demonstrate. I have opened Component Builder in its back end gone to this Libs & Helpers tab and scroll down to this area which is called Admin class. I will do it in the admin area so that it is easily detectable. [00:13:07](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h13m07s) I am going to add that snippet like that so it says EXTERNALCODE with the path of the URL. Save and close.
### When Compiled - It Should Tell You Have Added The EXTERNALCODE To Your Component
[00:13:19](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h13m19s)
Go to the Compiler. The moment it is compiled , it should indicate that this kind of external code has been added to your component. If not something is wrong. It is suppose to tell you the first time you have added the snippet because it creates a hash of that snippet.[00:13:43](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h13m43s) In the future if it changes, you get notified. When we grab the snippet from Github and anybody in the middle tampers with it, it will notify you that the snippet was changed.<<<<<<<<<<<<<<<<<<<<<<<<<<
If you know that it should have changed because you made a change to the Gits snippet or someone else in your team did, [00:14:15](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h14m15s) then obviously you'll be expecting that. You could still for safety sake go check in the code of the component where the snippet is being added to ensure that it is still accurate. I'll show you that. Let's compile this.
Go to the Compiler. The moment it is compiled, it should indicate that this kind of external code has been added to your component. If not something is wrong. It is supposed to tell you the first time you have added the snippet because it creates a hash of that snippet. [00:13:43](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h13m43s) In the future if it changes, you get notified. When we grab the snippet from Github and anybody in the middle tampers with it, it will notify you that the snippet was changed. If you know that it should have changed because you made a change to the Gits snippet or someone else in your team did, [00:14:15](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h14m15s) then obviously you can be expecting that. You could still for safety sake go check in the code of the component where the snippet is being added to ensure that it is still accurate. Let's compile this.
### When Compile Two Messages Are Relevant To The Issue
@ -70,13 +68,16 @@ Go to the Compiler. The moment it is compiled , it should indicate that this kin
[00:14:34](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h14m34s)
So we see two messages that are relevant to the issue at hand. This one is a new message which I'm not going to go into now, but it's dealing that it detected that. [00:14:50](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h14m50s) Remember we said we have this folder we putting inside of the Library folders and every time you'd compile, it will actually tell you that. It will tell you that it is detected it and it's added the script to the script PHP. [00:15:11](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h15m11s) This first line here(see video), is showing you the snippet, and it's telling you there's been added for the first time, and that you should be investigate to insure the correct code string was used. You should go to the place where the compile package, where this should have been added, go and check that it is the correct, that what you see here on GitHub, the string here, [00:15:44](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h15m44s) is also what you going to see in the code. That's the first thing.
So we see two messages that are relevant to the issue at hand. The one deals with this folder which when it is placed in the Library folders and every time you would compile, it will notify you that it has been done. It will tell you that it has detected it and it has added the script to the script PHP. [00:15:11](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h15m11s) This first line here(see video), is showing you the snippet, and it is telling you there it has been added for the first time, and that you should examine it to ensure the correct code string was used. You should go to the place where the compiled package, where this should have been added, go and check that it is the correct, that what you see here on GitHub, the string here, [00:15:44](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h15m44s) is also what you going to see in the code.
* Second Message
[00:15:51](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h15m51s)
Every time there after it should give you this little message here. It should tell you how many code strings are being added to this component as an external code, and to avoid shipping your component with malicious code string, always make sure that the correct code string values were used. Now I did tell you that if we detect a change, it will also notify you.
Every time thereafter it should give you this little message here. It should tell you how many code strings are being added to this component as an external code, and to avoid shipping your component with malicious code string, always make sure that the correct code string values were used. If we detect a change, it will also notify you. <<<<<<<<<<<<<<<<<
### Do As Note Says: Check If It Is The Correct Code
@ -90,4 +91,4 @@ First let's go do what it said here. Let's go check that it is the correct code.
Here in the warnings area we see that it has changed since the last compilation. Please investigate to ensure that change is safe. That means JCB is automatically detected that the snippet that you originally added has actually been updated. At this point we anticipated that so. If we go and look at the code, we see that it just added this little part here the 'change was made'. [00:18:49](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h18m49s) The rest of it is exactly the way we want that. Everything is fine, it's a change we anticipated. We know that nobody else has tampered with the script. Neither was there a man in the middle attack. In any case if there is someone tampering with the script, it will end up as a string. Let's say they put something in here it will do [00:19:16](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h19m16s) something like that whatever they put in, and you will see this error in your file. That's how it will play out. In the actual reality JCB will detect that, it will see that the hash for the script is changed, and it will notify you with that message. I'm going to do my part and trying to make sure that it's more obvious you won't miss that message, when you use this kind of implementation, [00:19:52](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h19m52s) it is not the most ideal implementation. It's just that sometimes we want included an external value in our component which is dynamically changing. We want to do it without really thinking about it all the time. This is what this feature is ideal for. Use it with caution and know what you are doing or don't use it at all.
That was a quick overview [00:20:21](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h20m21s) of the new folder file inclusion, as well external code inclusion features which I really trust would be useful to you. It's powerful tools. I realize there are the danger of it being abused. But at the same time I think component development works upon reputation and if you want to have a good [00:20:54](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h20m54s) reputation in the community, you shouldn't do anything that will hurt others or damage their contribution, and their applications but you should steer within the parameters of your own component, and your own implementation. In any case because people are going to look at your code they are going to unzip your package they are going to see if you're doing things that are not [00:21:22](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h21m22s) good. They're going to notice that and your reputation will get hurt. That's the last thing you would want when you're developing components for Joomla.
That was a quick overview [00:20:21](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h20m21s) of the new folder file inclusion, as well external code inclusion features which I really trust would be useful to you. It's powerful tools. I realize there are the danger of it being abused. But at the same time I think component development works upon reputation and if you want to have a good [00:20:54](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h20m54s) reputation in the community, you shouldn't do anything that will hurt others or damage their contribution, and their applications but you should steer within the parameters of your own component, and your own implementation. In any case because people are going to look at your code they are going to unzip your package they are going to see if you're doing things that are not [00:21:22](https://www.youtube.com/watch?v=_c7wzW075lA&list=PLQRGFI8XZ_wtGvPQZWBfDzzlERLQgpMRE&t=00h21m22s) good. They're going to notice that and your reputation will get hurt. That's the last thing you would want when you're developing components for Joomla.