Skip to content

055 Dynamic File and Folder Inclusion concept

Jump to bottom Edit New page
Amigo edited this page Jul 30, 2019 · 17 revisions

DYNAMIC FILE AND FOLDER INCLUSION CONCEPT

Introducing To A Feature - Adding Files, Folders As Code Or File To Your System

00:00:00

I would like to introduce you to a feature that we've been working on for quite some time now. I'm very sure it will come as a surprise to some of you that actually can do this. Most of the features already existed for quite a while. It's just that I've been trying to make it stable so that it will work well. 00:00:32 In doing so I had to extend it a bit. I want to look at this feature. It has two or three concepts which maybe is best if I explain that. What is this all about? It's about adding dynamic files, 00:00:55 folders or even external files which maybe is on a website or on GitHub, and you want to get the content from that file and add it as code or even as a file 00:01:17 to your system.

Here's the thing, I'm working with components that is pulling data from all over the place. Most of these features are really what what I've been needing to get projects going. Trying to save myself 00:01:39 time that I don't need to copy, paste, and move things around to ensure that it's a correct copy being used and on compilation. JCB itself is maybe one of the best explanations. Let's look at this. You know that there is a feature that you can add files and folders. This feature is like I said it's always been there. 00:02:03 But currently I have expanded this by adding an Advance tab to this feature. It's got this Basic tab which is the normal one. If you watched some of the previous tutorials, the older tutorials, I did explain how this works, and how you get these files. I'm not going to go into that.

New Area - Advance

00:02:24

There is now a new area called Advance. 00:02:35 Advance area is able to grab files from anywhere in your system an add it to the component. It can be files outside of the root directory of your Joomla website.

Note - Adding Files

00:02:53

Just being sure that the PHP which usually is a php has permission, has the right to the file and can read it. This is the only thing. But for most cases we won't need to grab files outside of the Joomla root directory, because we just editing a custom script, custom file inside of our Joomla Component which we've created. 00:03:24 But this file or this folders are not generated by JCB. We want those files where they are actively running inside of our component. We want them to be taken and put into the package without us having to move it around. That's what this featuring will now do. So you can like a I'm doing here(see video). You can use constants, 00:03:52 you'll see there's a little note here, that tells you that. That you can use constant paths and the full path directly without quotes. That means you don't need to do like in PHP, you do something like that, and you put this part in quotes, like that. Well you don't need to do any of that. You put the constant directly like that and the compiler will deal with this 00:04:21 and make it right. You can do that also with folders as well as with files.

Need To Set The Target Path And Relation To The Zip Package

00:04:29 ???? Then you need to still set the target path and relation to the ZIP package. You will have folders called admin. But as you can see here, I'm doing a folder called libraries. 00:04:45 That means I am targeting a folder which isn't part of a component package. But because I want that folder to be installed with my component every time And I don't want to do actually have a separate A package for For this library I've actually 00:05:15 Improved JCB to include this Package Which is basically if you guys go look at this You see that is It's basically a Composer file and I'm including some Composer Classes there which we are now using in JCB And I'm moving it Every time with each install 00:05:39 Into its place Now That might be I'll sort of convention I suppose But there is neither rules against it I think in Yeah so That's what we're doing What's nice though is that when JCB detects that you are not targeting the normal Admin Or Media 00:06:02 Or Image folder or site Those are the normal folders Then oh wait not Image folder is neither is that normal But did you got your three that is site admin and Media If If JCB detects you're gonna be moving content Into a folder that's not part of the Expected package component package folders 00:06:28 It will actually add a little script To the script install So that it all move this folder into its correct place On upon installation of the component Or whether the component is updated So you can go look at that In fact I can show you just briefly So here I got the component open The Script file for component Builder I'm gonna scroll down it's obviously a huge file 00:06:58 But here at the bottom we know have this new little script It's named a little weird so it doesn't conflict with any other method in it at anytime And basically It gets the The details from the above methods And then it checks whether The folders obviously it gets there the dynamic install folder It checks whether there is more than one And Then 00:07:29 If it's One of these it ignores it because those already being deal dealt with by Joomla And if it isn't It actually moves it into it's correct place Now this is a dangerous featuring As you can see here I'm saying you must use this with caution because you can literally Grab With this new function Any Thing anywhere from your Joomla website and overwrite 00:07:59 It anywhere On the Users installation website Which could be problematic And Something you shouldn't do Unless you are You know unless it is your right to do so Ok so this is the new feature in in doing dynamic Movement of folders 00:08:25 And files What's make this all so nice if you're using these constants in your naming of your paths And you export and import this component into another Joomla website Then I mean as a JCB package right If you export a JCB package and you imported at another JCB install It actually remaps these files it actually export them Remaps them and move them back into place on the other install Which Really makes it very comfortable in you know working in a team and you wanna have these 00:09:06 Is files always be the same everywhere This is so gonna be very helpful for that I can also Obviously because of the feature I give you the heads Up But if you import a package From anyone And and you do not know or you do not trust them they could actually move files Through this method into your system 00:09:32 And is therefore part of first security which you need to consider With whom you are sharing packages Anyway So this is so some of the Feature regarding the new folder implementation folder and file implementation The other aspect which I mentioned earlier Were you actually able to get content from anywhere Works as follow So anywhere in any custom area of JCB Where you can actually add custom script 00:10:06 You can also now used to this external code Snippet Now this could be a URL Or it could be a folder inside of your system This folder does not yet work with With Constance I should actually make it that it does And it actually needs to be the exact for the path of the stage But the reality is that with this external code Concept You can take 00:10:36 For example variable From a Gits snippet let me let me show you So here I have what I've called fancy date Which is basically a few functions static functions Which are not wrapped in the class yet so it's basically outside of a class And why because I want to include it Into my 00:11:07 Helper class With the snippet So That I can have others work with me on this code on GitHub And If any changes be made to this code it automatically updates my system Now I know that there is some question of security in doing so But we've added a few little Tricks in the compiler They actually notify you 00:11:36 If there's been a change to the code So what that means is the first time you use that snippet To include this Snippet that you've got here You obviously do something like Raw And then here I have basically a text file So you'd grab that URL An add it like this You can take away 00:12:11 The actual because currently It is bound to a specific version Which obviously If anybody makes a change to the snippet You won't get the new version Well that's the way of locking it in But if you wanted to have it be Dynamic you can actually remove a part of this I think it's this part Let me just check Yeah that's right 00:12:35 Then you can use it like that Now this specific piece of text that you see here Will dynamically be added to my component Let me demonstrate So here I've opened component Builder in it's back end I'm gonna scroll I've gone to this libs and helpers tab I'm gonna scroll down To this area which is called Admin class so I just do in the admin area so that's easily Detectable 00:13:07 I'm gonna add that snippet like that so it says external code With the path of the URL And That's it I'm gonna save and close Then let's go to the compiler Now what should happen Is that the moment you've compiled this it should tell you That you've added This kind of external code to your component If it doesn't tell you that then something's wrong it should tell you the first time you've add the snippet 00:13:43 Because it actually creates a hash Of that snippet So that in the future if it changes You get notified So when we grab the snippet from Github An anybody in the middle you know tampers with it It will notify you that the snippet was changed now if you know that it should have changed because You made a change to the gits you know snippet or someone else in your team did 00:14:15 That obviously you'll be expecting that But you could still for safety sake go check in the code of the component Where the snippet is being added to ensure that it is actually still accurate So I'll show you that Let's compile this So we see two messages that are relevant to the issue at hand This one is a new message which I'm not gonna go into now But it's basically dealing with that That is actually detected That 00:14:50 Remember we said we have this folder we Pulling inside of the Library folders And Everytime You'd compile You actually tell you that You tell you That it is detected it and it's added The Script to the script PHP So Yeah I wasn't gonna explain it I did 00:15:11 Anyway so that's what that is about but this first line here Is showing you the snippet And it's telling you there's been added for the first time And that you should be investigate to insure the correct code string was used So you should go To the place where in JCB the sorry in the package The compile package where this should have been added Go and check that it is the correct That what you see here on GitHub The string here 00:15:44 Is also what you gonna see in the code That's the first thing Every time there after it should give you this little message here And it should tell you how many code strings are being added to this component as an external code And to avoid shipping your component with malicious code string always make sure that the correct code string values Were used Now I did tell you that if we did take the change it will also notify you so First let's go do what it said here Let's go check that it is to correct code Because I'm in the ZIP package 00:16:25 So we see that this the library folder been added we gonna go to the admin area helpers and then open Component Builders helper File which is where I added the snippet right So let's just open that And then Here we have it fancy date And fancy datetime So 00:16:53 Basically from here To here Was taken from GitHub and put inside of the component Now I'm gonna go make it change to the snippet on GitHub I'm gonna just do something small So that we can see what happens if it change is made To this code And how JCB response I'm just adding this 00:17:20 New little string here saying change was made And I'm updating this public Gist So it now tells us that it's been revised for a second time And a change was made Now let's compile the component without doing anything else just make the changes here on GitHub Then go back to the component and compile it So here we are Selecting version Compile 00:17:51 I can see I will have the maybe add some space in between the messages here Doesn't always seem clear enough That the messages are not related to each other like Here it's showing that other message again like it said it would But you might miss that So I think I'll have to look at that anyway Here in the warnings area We see this We see that 00:18:18 It has changed Since the last compilation Please investigate To ensure that changes safe That means JCB is automatically detected That the snippet that you originally added has actually been updated At this point we anticipated that so If we go and look at the code We see that it just added this little part here the change was made 00:18:49 And the rest of it is exactly the way we want that And so everything is fine It's a change we anticipated So we know that nobody else has tampered with the script And neither was there a man in the middle attack An in any case If there is someone tampering with the script It will end up as a string here So let's say they put something in here it will it'll do 00:19:16 Something like that whatever they put in And you will see this error In your file So that's Basically how it will play out But in the actual reality JCB will detect that It will see that the hash for the script is changed And it will notify you with that message I'm gonna do my part and trying to make sure that it's more obvious you won't miss that message But that anyway when you use this kind of implementation 00:19:52 It is not the most ideal implementation it's just that sometimes we want included an external value in our component Which is dynamically changing And And we wanna do it without really thinking about all the time And this is what this feature is ideal for I'm so use it with caution and You know know what you doing Or don't use it at all So that was a quick overview 00:20:21 Of the new Folder file Inclusion As well external code Inclusion Features which I really trust would be useful to you It's powerful tools so I realize There are the danger of it being abused But at the same time I think component development works upon reputation and if you wanna have a good 00:20:54 reputation in the community You shouldn't do anything that will hurt others Or damage their Contribution And their applications but you should steer Within the parameters of your own component And your own implementation and any case because people are gonna look at your code they are gonna unzip your package they are gonna see If you're doing things that are not 00:21:22 You no good they're gonna notice that and your reputation will get hurt And that's the last thing you would want When you're developing components for Joomla Anyway thank you for watching

Add a custom footer
Clone this wiki locally