Skip to content

055 Dynamic File and Folder Inclusion concept

Amigo edited this page Sep 6, 2019 · 17 revisions

DYNAMIC FILE AND FOLDER INCLUSION CONCEPT

Introducing To A Feature - Adding Files, Folders As Code Or File To Your System

00:00:00 (Click on these time links to see Youtube video)

I would like to introduce you to a feature that we have been working on for quite some time now. Most of the features already existed for quite a while. It is just that I have been trying to make it stable so that it will work well. 00:00:32 In doing so I had to extend it a bit. This feature has two or three concepts that I would like to explain. 00:00:49 It is about adding dynamic files, folders or even external files which maybe is on a website or on GitHub, and you want the content from that file and add it as code or even as a file to your system.00:01:17

I am working with components that are pulling data from all over the place. Most of these features are really what I needed to get projects going. There is a feature that can be used to add files and folders. This feature has always been there. 00:02:03 But currently I have expanded this by adding an Advance tab to this feature. It got this Basic tab which is the normal one. I did explain in previous tutorials, how you get these files.

New Area - Advance

00:02:24

There is now a new area called 'Advance'. 00:02:35 The 'Advance' area is able to grab files from anywhere in your system an add it to the component. It can be files outside of the root directory of your Joomla website.

Note - Adding Files

00:02:53

Just make sure that the PHP has the right to the file and can read it(See Video). But for most cases it is not necessary to grab files outside the Joomla root directory, because we are just editing a custom file inside of our Joomla Component which we have created. 00:03:24 But this file or this folders are not generated by JCB. We want those files where they are actively running inside of our component. We want them to be taken and put into the package without us having to move it around. So you can like a I am doing here(see video). 00:03:52, There is a note; 'Please note... use constant paths'. That you can use constant paths and the full path directly without quotes. That means you do not need to do like in PHP,(follow on video) you put this part in quotes. Well you do not need to do any of that. You can put the constant directly like that and the compiler will deal with this and make it right.00:04:21 You can do that also with folders as well as with files.

Need To Set The Target Path And Relation To The Zip Package

00:04:29

Then you need to still set the target path and relation to the ZIP package. You will have folders called 'Admin'. But here I am doing a folder called 'libraries/vdm_io'. 00:04:45 That means I am targeting a folder which is not part of a component package but because I want that folder to be installed with my component every time, I do not want to have a separate package for this library. 00:05:15 JCB has been improved to include this package, which is, if you look at this(see video) will see that it is a composer file and I am including some Composer Classes there, which is now used in JCB. With each install it is moved into its place.00:05:39 That might be outside of convention, but there is neither rules against it.

JCB Detects You Are Not Targeting Normal Folders - Add A Little Script To Script Install

00:05:53

When JCB detects that you are not targeting the normal Admin, Media or Site Folders,nwhich is not part of the expected component package folders, it will add a little script to the script install.00:06:28 So that it move this folder into its correct place upon installation of the component or whether the component is updated. I have the script file for Component Builder open and I am going to scroll down. 00:06:58 This new little script is way at the bottom ,(setDynamicF0ld3rs) it does not conflict with any other method at anytime. It gets the details from the above methods. Then it checks whether the folders gets the dynamic install folder. It checks whether there is more than one. Then 00:07:29 if it is one of these Media, Admin,or Site, it ignores it, because those already being dealt with by Joomla. If it is not, it moves it into its correct place. This is a dangerous feature, you must use this with caution because you can literally grab with this new function, anything anywhere from your Joomla website and overwrite it anywhere on the users installation website, which could be problematic.00:07:59 Something you should not do unless it is your right to do so.

This is the new feature in dynamic movement of folders and files.00:08:25 What makes this all so nice is if you are using these constants in the naming of your paths, if you export a JCB package and you import it at another JCB install, it remaps these files. It export them, remaps them and move them back into place on the other install. That really makes it very comfortable in working in a team and you want to have these files always to be the same everywhere.

Heads Up - Consider With Whom You Are Sharing Packages - Part Of Security

00:09:13

NB. If you import a package from anyone they could move files through this method into your system, and for security reasons you need to consider with whom you are sharing packages. This is just a heads up regarding the new folder and file implementation.

Use EXTERNALCODE Snippet

00:09:49

The other aspect which I mentioned earlier, where you are able to get content from anywhere works as follows. So anywhere in any custom area of JCB, where you can add custom script, you can also use this 'EXTERNALCODE' Snippet. Now, this could be a URL or it could be a folder in your system. This folder does not yet work with Constants. It needs to be exact for the path at this stage but the reality is that with this EXTERNALCODE concept, you can take for example the variable from a Gits snippet. 00:10:36
Let me illustrate. Here is what I have called 'fancydate' which is a few static functions that are not wrapped in the class yet. It is outside a class because I want to include it in my helper class with the snippet, that I can have others work with me on this code on GitHub. 00:11:07 If any changes are made to this code, it automatically updates my system. Now there might be some security concern in doing it. But a few tricks has been added in the compiler to notify you if there has been a change to the code. 00:11:36 It means that the first time you use that snippet to include this snippet that you have got here, you do something like 'Raw'. Here is a text file. Grab that URL(see video) an add it like this. 00:12:11 Currently it is bound to a specific version which if anybody makes a change to the snippet, you will not get the new version. Well, that is the way to lock it in. But if you want it to be dynamic, you can remove a part of this(see video) and then you can use it like that.

Specific Piece Of Text Dynamically Added To The Back End Of Component Builder

00:12:38

Now this specific piece of text that you see here, will dynamically be added to my component. Let me demonstrate. I have opened Component Builder in its back end gone to this Libs & Helpers tab and scroll down to this area which is called Admin class. I will do it in the admin area so that is easily detectable. 00:13:07 I am going to add that snippet like that so it says EXTERNALCODE with the path of the URL. Save and close.

When Compiled - It Should Tell You Have Added The EXTERNALCODE To Your Component

00:13:19

Go to the Compiler. The moment it is compiled , it should indicate that this kind of external code has been added to your component. If not something is wrong. It is suppose to tell you the first time you have added the snippet because it creates a hash of that snippet.00:13:43 In the future if it changes, you get notified. When we grab the snippet from Github and anybody in the middle tampers with it, it will notify you that the snippet was changed.<<<<<<<<<<<<<<<<<<<<<<<<<<

If you know that it should have changed because you made a change to the Gits snippet or someone else in your team did, 00:14:15 then obviously you'll be expecting that. You could still for safety sake go check in the code of the component where the snippet is being added to ensure that it is still accurate. I'll show you that. Let's compile this.

When Compile Two Messages Are Relevant To The Issue

  • First Message

00:14:34

So we see two messages that are relevant to the issue at hand. This one is a new message which I'm not going to go into now, but it's dealing that it detected that. 00:14:50 Remember we said we have this folder we putting inside of the Library folders and every time you'd compile, it will actually tell you that. It will tell you that it is detected it and it's added the script to the script PHP. 00:15:11 This first line here(see video), is showing you the snippet, and it's telling you there's been added for the first time, and that you should be investigate to insure the correct code string was used. You should go to the place where the compile package, where this should have been added, go and check that it is the correct, that what you see here on GitHub, the string here, 00:15:44 is also what you going to see in the code. That's the first thing.

  • Second Message

00:15:51

Every time there after it should give you this little message here. It should tell you how many code strings are being added to this component as an external code, and to avoid shipping your component with malicious code string, always make sure that the correct code string values were used. Now I did tell you that if we detect a change, it will also notify you.

Do As Note Says: Check If It Is The Correct Code

00:16:16

First let's go do what it said here. Let's go check that it is the correct code. I'm in the ZIP package. 00:16:25 We see that this library folder has been added. We going to go to the admin area, helpers, open componentbuilders helper file where I added the snippet. Let's just open that and then here we have it, fancydate, and fancydatetime. 00:16:53 From here to here(see video) was taken from GitHub and put inside of the component. I'm going to make a change to this snippet on GitHub. I'm going to just do something small so that we can see what happens if a change is made to this code, and how JCB response. I'm just adding this 00:17:20 new little string saying (change was made) and I'm updating this public Gist. So it now tells us that it's been revised for a second time, and a change was made. Now let's compile the component without doing anything else, just make the changes here on GitHub, then go back to the component and compile it. We are selecting this and Compile. 00:17:51 I can see I will have to add some spacing between the messages here. It doesn't always seem clear enough that the messages are not related to each other like here it's showing that other message again. Like I said it would but you might miss that. I think I'll have to look at that anyway.

Warnings Area

00:18:12

Here in the warnings area we see that it has changed since the last compilation. Please investigate to ensure that change is safe. That means JCB is automatically detected that the snippet that you originally added has actually been updated. At this point we anticipated that so. If we go and look at the code, we see that it just added this little part here the 'change was made'. 00:18:49 The rest of it is exactly the way we want that. Everything is fine, it's a change we anticipated. We know that nobody else has tampered with the script. Neither was there a man in the middle attack. In any case if there is someone tampering with the script, it will end up as a string. Let's say they put something in here it will do 00:19:16 something like that whatever they put in, and you will see this error in your file. That's how it will play out. In the actual reality JCB will detect that, it will see that the hash for the script is changed, and it will notify you with that message. I'm going to do my part and trying to make sure that it's more obvious you won't miss that message, when you use this kind of implementation, 00:19:52 it is not the most ideal implementation. It's just that sometimes we want included an external value in our component which is dynamically changing. We want to do it without really thinking about it all the time. This is what this feature is ideal for. Use it with caution and know what you are doing or don't use it at all.

That was a quick overview 00:20:21 of the new folder file inclusion, as well external code inclusion features which I really trust would be useful to you. It's powerful tools. I realize there are the danger of it being abused. But at the same time I think component development works upon reputation and if you want to have a good 00:20:54 reputation in the community, you shouldn't do anything that will hurt others or damage their contribution, and their applications but you should steer within the parameters of your own component, and your own implementation. In any case because people are going to look at your code they are going to unzip your package they are going to see if you're doing things that are not 00:21:22 good. They're going to notice that and your reputation will get hurt. That's the last thing you would want when you're developing components for Joomla.

Clone this wiki locally