Conversation
|
Amazing work! Add a option to set automaticly reschedule backup task daily Display warning on update page to backup site first? :D |
Added those settings @partydragen! |
There was a problem hiding this comment.
Pull Request Overview
Adds a full backup feature including UI integration, scheduled/manual backups, and retention settings.
- Integrates backup prompts in the update panel and maintenance dashboard.
- Introduces a dedicated backups page for creation, download, and configuration.
- Implements the
Backuptask, adjusts permissions in migrations/initialiser, and adds supporting utilities and language entries.
Reviewed Changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| modules/Core/pages/panel/update.php | Display backup recommendation in update panel |
| modules/Core/pages/panel/debugging_and_maintenance.php | Add backups link to maintenance panel |
| modules/Core/pages/panel/backups.php | New backup management UI and actions |
| modules/Core/module.php | Register backups page and permission |
| modules/Core/language/en_UK.json | Add translation strings for backup feature |
| modules/Core/classes/Tasks/Backup.php | Backup creation, scheduling, and cleanup logic |
| core/includes/updates/230.php | Migration to grant backup permission to Admin group |
| core/classes/Database/DatabaseInitialiser.php | Initialize backup permission for default Admin group |
| core/classes/Core/Util.php | Add human-readable byte formatting |
| composer.json | Add mysqldump PHP library dependency |
|
We must be very careful to deny access to /backups in .htaccess and the nginx configuration file. Maybe Nameless can try making a request to /backups/somefile, and refuse to make a backup if it succeeds? |
I changed this so that it stores backups in |
partydragen
left a comment
partydragen
left a comment
There was a problem hiding this comment.
Should prop have sam review this too, Dont want any security leaks of this,
Also are we sure backup folder is properly protected that people cant guess the link to download the zip directly
Like i see it uses time hard to guess exact time but if its displayed in staffcp then any staff might find out about the direct download link
| if (!isset($permissions['admincp.core.backups'])) { | ||
| $permissions['admincp.core.backups'] = 1; | ||
| DB::getInstance()->update('groups', $admin_group->id, [ | ||
| 'permissions' => json_encode($permissions), |
There was a problem hiding this comment.
All of this can still be removed, We have not updated admin group perms for ages as it already had Adminstrator perm
Uh oh!
There was an error while loading. Please reload this page.