-
-
Notifications
You must be signed in to change notification settings - Fork 178
055 Dynamic File and Folder Inclusion concept
00:00:00 (Click on these time links to see Youtube video)
I would like to introduce you to a feature that we've been working on for quite some time now. I'm very sure it will come as a surprise to some of you that actually can do this. Most of the features already existed for quite a while. It's just that I've been trying to make it stable so that it will work well. 00:00:32 In doing so I had to extend it a bit. I want to look at this feature. It has two or three concepts which maybe is best if I explain that. What is this all about? It's about adding dynamic files, 00:00:55 folders or even external files which maybe is on a website or on GitHub, and you want to get the content from that file and add it as code or even as a file 00:01:17 to your system.
Here's the thing, I'm working with components that is pulling data from all over the place. Most of these features are really what what I've been needing to get projects going. Trying to save myself 00:01:39 time that I don't need to copy, paste, and move things around to ensure that it's a correct copy being used and on compilation. JCB itself is maybe one of the best explanations. Let's look at this. You know that there is a feature that you can add files and folders. This feature is like I said it's always been there. 00:02:03 But currently I have expanded this by adding an Advance tab to this feature. It's got this Basic tab which is the normal one. If you watched some of the previous tutorials, the older tutorials, I did explain how this works, and how you get these files. I'm not going to go into that.
There is now a new area called Advance. 00:02:35 Advance area is able to grab files from anywhere in your system an add it to the component. It can be files outside of the root directory of your Joomla website.
Just being sure that the PHP which usually is a php has permission, has the right to the file and can read it. This is the only thing. But for most cases we won't need to grab files outside of the Joomla root directory, because we just editing a custom script, custom file inside of our Joomla Component which we've created. 00:03:24 But this file or this folders are not generated by JCB. We want those files where they are actively running inside of our component. We want them to be taken and put into the package without us having to move it around. That's what this featuring will now do. So you can like a I'm doing here(see video). You can use constants, 00:03:52 you'll see there's a little note here, that tells you that. That you can use constant paths and the full path directly without quotes. That means you don't need to do like in PHP, you do something like that, and you put this part in quotes, like that. Well you don't need to do any of that. You put the constant directly like that and the compiler will deal with this 00:04:21 and make it right. You can do that also with folders as well as with files.
Then you need to still set the target path and relation to the ZIP package. You will have folders called admin. But as you can see here, I'm doing a folder called libraries/vdm_io. 00:04:45 That means I am targeting a folder which isn't part of a component package. But because I want that folder to be installed with my component every time. I don't want to have a separate package for this library. 00:05:15 I've improved JCB to include this package, which is, if you guys go look at this(see video) you will see that it's a composer file and I'm including some Composer Classes there, which we are now using in JCB. I'm moving it every time with each install 00:05:39 into its place. That might be outside of convention I suppose, but there is neither rules against it. That's what we're doing.
What's nice though is that when JCB detects that you are not targeting the normal Admin or Media 00:06:02 or Site Folder, those are the normal folders. If JCB detects you're going to be moving content into a folder that's not part of the expected component package folders, 00:06:28 it will add a little script to the script install. So that it all move this folder into its correct place upon installation of the component or whether the component is updated. You can go look at that. In fact I can show you just briefly. I have the component open, the script file for Component Builder. I'm going to scroll down. It's obviously a huge file. 00:06:58 At the bottom we know have this new little script. Its named a little weird,(setDynamicF0ld3rs) it doesn't conflict with any other method at anytime. It gets the details from the above methods. Then it checks whether the folders gets the dynamic install folder. It checks whether there is more than one. Then 00:07:29 if it's one of these media, admin, site, it ignores it, because those already being deal dealt with by Joomla. If it isn't, it moves it into its correct place. This is a dangerous feature, as you can see here I'm saying you must use this with caution. Because you can literally grab with this new function, anything anywhere from your Joomla website and overwrite 00:07:59 it anywhere on the users installation website, which could be problematic. Something you shouldn't do unless it is your right to do so.
This is the new feature in doing dynamic movement of folders 00:08:25 and files. What's make this all so nice if you're using these constants in your naming of your paths, and you export and import this component into another Joomla website. I mean as a JCB package. If you export a JCB package and you import it at another JCB install, it remaps these files. It export them, remaps them and move them back into place on the other install. Which really makes it very comfortable in working in a team and you want to have these 00:09:06 files always to be the same everywhere. This is going to be very helpful for that.
I can also, because of the feature give you a little heads up that if you import a package from anyone and you do not know or you do not trust them they could move files through this method into your system, 00:09:32 and is therefore part of security which you need to consider with whom you are sharing packages. This is so some of the feature regarding the new folder and file implementation.
The other aspect which I mentioned earlier, were you are able to get content from anywhere works as follow. So anywhere in any custom area of JCB, where you can add custom script. 00:10:06 You can also use this EXTERNALCODE Snippet. Now this could be a URL or it could be a folder inside of your system. This folder does not yet work with Constance, I should make it that it does. It needs to be the exact for the path of the stage. But the reality is that with this EXTERNALCODE concept, you can take 00:10:36 for example the variable from a Gits snippet. Let me show you. Here I have what I've called fancydate. Which is a few static functions. Which are not wrapped in the class yet. It's outside of a class. Why? Because I want to include it into my 00:11:07 helper class with the snippet, that I can have others work with me on this code on GitHub. If any changes be made to this code, it automatically updates my system. Now I know that there is some question of security in doing so. But we've added a few little tricks in the compiler to notify you 00:11:36 if there's been a change to the code. What that means, the first time you use that snippet to include this snippet that you've got here, you do something like Raw. Here I have basically a text file. You'd grab that URL(see video) an add it like this. You can take away 00:12:11 the actual because currently it is bound to a specific version. Which if anybody makes a change to the snippet, you won't get the new version. Well that's the way of locking it in. But if you wanted to have it be dynamic, you can remove a part of this(see video). I think it's this part. Let me just check. Yeah that's right. 00:12:35 Then you can use it like that.
Now this specific piece of text that you see here, will dynamically be added to my component. Let me demonstrate. I've opened Component Builder in it's back end. I've gone to this Libs & Helpers tab. I'm going to scroll down to this area which is called Admin class. I will do it in the admin area so that's easily detectable. 00:13:07 I'm going to add that snippet like that so it says EXTERNALCODE with the path of the URL. That's it. I'm going to save and close.
Let's go to the Compiler. Now what should happen is that the moment you've compiled this, it should tell you that you've added This kind of external code to your component. If it doesn't tell you that then something's wrong. it should tell you the first time you've add the snippet. 00:13:43 Because it creates a hash of that snippet. In the future if it changes, you get notified. When we grab the snippet from Github and anybody in the middle tampers with it, it will notify you that the snippet was changed. If you know that it should have changed because you made a change to the Gits snippet or someone else in your team did, 00:14:15 then obviously you'll be expecting that. You could still for safety sake go check in the code of the component where the snippet is being added to ensure that it is still accurate. I'll show you that. Let's compile this.
- First Message
So we see two messages that are relevant to the issue at hand. This one is a new message which I'm not going to go into now, but it's dealing that it detected that. 00:14:50 Remember we said we have this folder we putting inside of the Library folders and every time you'd compile, it will actually tell you that. It will tell you that it is detected it and it's added the script to the script PHP. 00:15:11 This first line here(see video), is showing you the snippet, and it's telling you there's been added for the first time, and that you should be investigate to insure the correct code string was used. You should go to the place where the compile package, where this should have been added, go and check that it is the correct, that what you see here on GitHub, the string here, 00:15:44 is also what you going to see in the code. That's the first thing.
- Second Message
Every time there after it should give you this little message here. It should tell you how many code strings are being added to this component as an external code, and to avoid shipping your component with malicious code string, always make sure that the correct code string values were used. Now I did tell you that if we detect a change, it will also notify you.
First let's go do what it said here. Let's go check that it is the correct code. I'm in the ZIP package. 00:16:25 We see that this library folder has been added. We going to go to the admin area, helpers, open componentbuilders helper file where I added the snippet. Let's just open that and then here we have it, fancydate, and fancydatetime. 00:16:53 From here to here(see video) was taken from GitHub and put inside of the component. I'm going to make a change to this snippet on GitHub. I'm going to just do something small so that we can see what happens if a change is made to this code, and how JCB response. I'm just adding this 00:17:20 new little string saying (change was made) and I'm updating this public Gist. So it now tells us that it's been revised for a second time, and a change was made. Now let's compile the component without doing anything else, just make the changes here on GitHub, then go back to the component and compile it. We are selecting this and Compile. 00:17:51 I can see I will have to add some spacing between the messages here. It doesn't always seem clear enough that the messages are not related to each other like here it's showing that other message again. Like I said it would but you might miss that. I think I'll have to look at that anyway.
Here in the warnings area we see that it has changed since the last compilation. Please investigate to ensure that change is safe. That means JCB is automatically detected that the snippet that you originally added has actually been updated. At this point we anticipated that so. If we go and look at the code, we see that it just added this little part here the 'change was made'. 00:18:49 The rest of it is exactly the way we want that. Everything is fine, it's a change we anticipated. We know that nobody else has tampered with the script. Neither was there a man in the middle attack. In any case if there is someone tampering with the script, it will end up as a string. Let's say they put something in here it will do 00:19:16 something like that whatever they put in, and you will see this error in your file. That's how it will play out. In the actual reality JCB will detect that, it will see that the hash for the script is changed, and it will notify you with that message. I'm going to do my part and trying to make sure that it's more obvious you won't miss that message, when you use this kind of implementation, 00:19:52 it is not the most ideal implementation. It's just that sometimes we want included an external value in our component which is dynamically changing. We want to do it without really thinking about it all the time. This is what this feature is ideal for. Use it with caution and know what you are doing or don't use it at all.
That was a quick overview 00:20:21 of the new folder file inclusion, as well external code inclusion features which I really trust would be useful to you. It's powerful tools. I realize there are the danger of it being abused. But at the same time I think component development works upon reputation and if you want to have a good 00:20:54 reputation in the community, you shouldn't do anything that will hurt others or damage their contribution, and their applications but you should steer within the parameters of your own component, and your own implementation. In any case because people are going to look at your code they are going to unzip your package they are going to see if you're doing things that are not 00:21:22 good. They're going to notice that and your reputation will get hurt. That's the last thing you would want when you're developing components for Joomla.
- Home
- Beta Testing
- Custom Code
- PHP Settings
- Demo Component
-
Tutorials
- Hello World JCB
- Intro JCB Guide
- JCB Installation Steps
- Planning Components
- Field Type Overview
- Basic Fields Creation
- Admin View Management
- Advanced Field Usage
- Admin Component Integration
- Component Setting Customization
- Scripting Components
- Component FTP Options
- Dynamic Get Method
- Site View DynamicGet
- Site View Templates
- Template Setup Guide
- Layout Configuration Steps
- Custom Admin Management
- Adding Site Views
- Custom Admin Integration
- MySQL Demo Tweaking
- Global JCB Settings
- Custom Time Field
- User Helper Integration
- Email Helper Usage
- Message Store Email
- List View Unescape
- Export Import Customization
- Overwrite Custom Fields
- List Field Filtering
- Automatic Code Import
- Manual Code Implementation
- Component Export Import
- Custom Admin Buttons
- Translation Management
- Site View Permissions
- Component SQL Updates
- Site Edit Configuration
- JCB Backup System
- Helper Structure Integration
- JCB v2.5 Upgrade
- Tab Setup Guide
- JCB v2.6 Release
- Extended HelloWorld
- Field Rule Validation
- Community Snippets Intro
- Snippet Forking Tutorial
- Pull Request Snippets
- Library Manager Area
- Excel-based Translation
- Dynamic Router Details
- Database Auto Updates
- Subform Quick Demo
- VDM Package Import
- Dynamic File Inclusion
- File Field Upload
- Drag-n-Drop Upload
- Quick HelloWorld JCB
- Non-database Fields
- Dashboard Customization
- Menu Prefix Toggle
- Community JCB Packages
- Collaborative JCB Workflow
- JCB Package Install
- JCB JAB18 Event
- Convenient New Fields
- Component Language Strings
- Library Functionality Anticipation
- Join Field Relations
- License Template Change
- Code Reusability
- Local Dev Environment
- Extended Field Types
- Joomla Custom Fields
- Custom Field Expansion
- Site View Listing
- Run Expansion Method
- Form Site View
- Field URL Update
- Additional Helper Methods
- Field Validation Rules
- New Placeholder Feature
- Component Config Params
- Per-field Default Values