Joomla extension to check components, modules or plugins for possible problems for submission to the JED -> Translations: https://joomla.crowdin.com/joomla-official-extensions
Currently this rule detects just an error_reporting(0) code only (note: error_reporting(1-1) or error_reporting( 0 ) are passed). I suggest to revise this rule to detect usage of any function that may affect PHP code execution (independently of arguments passed):
assert_options
error_reporting
gc_disable
gc_enable
ini_set (ini_alter)
putenv
I'm not sure about:
set_time_limit: it is frequently used in the case of heavy server-side processing, I'd keep it as allowed one,set_include_path: may be used to run some legacy libraries,There may be rarely cases where ini_set is necessary, so it may be allowed (if followed by restoring settings back before script returns to Joomla).
What do you think?
Hi,
As far as I know, Joom is not a registered trademark, and only the word "Joomla" is the actual trademark,
Extensions that use 'Joomla' or a derivative of Joomla! in the extension name ('Content - JoomHelper Media') need to be licensed by OSMSo, this extension name is not an error.
@dryabov Please, could you correct this false positive error.
This happens because there is no index.html in /tmp/jed_checker/unzipped/mod_yourmodule.zip/. Copying the index.html file to this folder, helps to pass the test.. But it's a bug, ofcourse I have placed a index.html file in the root folder of my module.
Joomla 3.10 and 4.x supports non-prefixed language files, such as plg_system_whatever.sys.ini. Jed checker is trying to load only old-style prefixed file like en-GB.plg_system_whatever.sys.ini, so it is not able to load language constants from the extensions language file, and reports false positive errors in extension name check.
Another common issue is that people don't use JED Checker to check the extension before submitting it to JED.
The idea is to add a simple signature and render the signature ONLY when the extension is OK to be submitted (no red errors)—for instance, something like SHA1(MD5("file.zip")).
We are going to require the signature in the form. If it is not validated, then the extension can't be submitted.
What do you think? Is it doable?
Hello,
not an issue but rather a request.. :
Adding a check based on the extension name (https://extensions.joomla.org/support/knowledgebase/item/extension-names/ )
Do:
Don't:
Regards
SCREAM: Error suppression ignored for
( ! ) Warning: Invalid argument supplied for foreach() in C:\wamp\www\j256\administrator\components\com_jedchecker\libraries\rules\jexec.php on line 38
The JED checker returns false positive for file encoding:
You've used encoding in this file. This is not an error, but a JED editor will have to review this file
What does it see as encoding?
In the file there are comment lines written as //-------[ text here ]------/ and that's the only characters that differ.
Hi, just noticed that icons seems to be not working in the recent build:
If I add any external library, do I need to add defined('_JEXEC') or die('Restricted access'); to every file
Hi,
For the record, this is a similar case found on the latest develop build.
I think it could be already solved by one of the pending PRs.
Rule XMLFILES - XML Files references
1 Errors - Click to View Details
#001 /mod_ol_stickysidebar.xml
Folder not found: modules/mod_ol_stickysidebar/helper/formfield
CC: @dryabov
Hi,
This piece of code fired the rule:
/**
* Подсчитывает количество товаров в массиве
* @return int
*
* @since 1.0.0
*/
public function getTotal() : int
{
if (!empty($this->products))
{
return count($this->products);
} else{
return 0;
}
}When checking my extension i show this Compatibility Issue
"DS is deprecated in Joomla 3"
But i always use the DS constant with another command at the begining of my code to be compatible with all Joomla versions:
if (!defined('DS')) define('DS', DIRECTORY_SEPARATOR);
Do am i right ?
If so, can you display the warning on 'DS' only if the constant is not defined ?
Thank you.
The Crowdin Enterprise system has the possible to display a readme like in GitHub.
It will be displayed as a separate tab, as seen here: https://joomla.crowdin.com/joomla-official-extensions#readme
Project: https://joomla.crowdin.com/joomla-official-extensions
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates are awaiting their schedule. Click on a checkbox to get an update now.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
composer.json
joomla/cms-coding-standards ~2.0.0-alpha2@devfriendsofphp/php-cs-fixer ~2.12squizlabs/php_codesniffer ~3.0dealerdirect/phpcodesniffer-composer-installer ^0.5.0
Hi,
I have checked an extension and it got a false positive on the PH2 error.
It contained this code as the start of the file:
<?php
<?php
/**
* @author ****
* @copyright 2016
* @version 2.0 (10-01-2022)
* @license <a href="http://www.gnu.org/licenses/gpl-3.0.html" target="_blank">GNU/GPLv3</a>
*
*/
defined("_JEXEC") or die("Restricted access");
It caught the error as in that it got double php opening tags but it listed it as PH2 error.
Kind regards,
Tom
Within "Rule Framework - Joomla Framework deprecated and unsafe" chapters "Compatibility Issues" and "Warnings" use the same id (warning_...) so clicking in "Warning - Click to..." will open/close Compatibility Issues Details.
I've considered to offer my extension, which runs since joomla 3.0 now also with joomla 4.2RC1 without any problems. to the JED. So I ran a check with JED-Checker and I was quite surprised that the checker qualified my extension to be in error caused by "whitespace in the language key".
But first let me explain why my extension is using white spaces in language keys with Joomla's very powerful multilanguage support.
My extension retrieves country info from geolocation server, which e.g. provide county names and county codes. Country names are only provided in english language. To display those names also in german language, joomla multi lanaguage support ist used.
So If I get:
$country['name'] = "Bosnia and Herzegovina" or
$country['name'] = "Austria"
I'm using Joomla's TEXT-function:
echo Text::_($country['name']); to display the country name.
The TEXT-function will cause Joomla to lookup for a language key "BOSNIA AND HERZEGOVINA" or 'AUSTRIA' (upper case of key). But as Joomla will not find this key, it will display instead the original key as key-value. So you will see a display showing
Bosnia and Herzegovina and Austria
But now if you add to your used ("de-DE") language ini file the entry:
BOSNIA AND HERZEGOVINA="Bosnien und Herzegovina"
AUSTRIA="Östereich"
You will see the correct display on your german site "Bosnien und Herzegovina" and "Östereich"
You see "whitespace in the language key" is not a restriction it works perfectly and I do not see any reason why to avoid it and I do not see a better solution than mine for this.
Can you please explain, why you classify this as error (or is JED checker doing wrong and will be corrected)?
The new rule doesn't find the files when the extension is distributed on a package, with zipped files and the following files declaration:
<files folder="components/com_sso">
<filename>controller.php</filename>
<filename>router.php</filename>
<filename>sso.php</filename>
<folder>controllers</folder>
<folder>language</folder>
<folder>models</folder>
<folder>views</folder>
</files>Hi,
An extension with the following form of " \defined('_JEXEC') or die;" is generating false ERROR: PH2.
//\defined('JPATH_PLATFORM') or die;
\defined('_JEXEC') or die;@dryabov Please, could you check this issue.
The following code will generate a JEXEC security error
<?php
/*******
* your standard header info
******/
defined('_JEXEC') or die;
class MycompControllerView extends JControllerAdmin {
//standard expected code
}
because there is whitespace on the first line before the <?php
Either this needs to be a separate warning <?php not at start of first line or the test needs modifying so that it is only checking for what it says it is checking for - missing JEXEC security check.
Currently it can cause hours of frustration looking for an error in the JEXEC line and missing the single space at the start of the file.
I've tested the latest JED Checker on Joomla 4.
I've found only one UI issue. When you click on "Click to View Details", it doesn't open the details.
Thanks in advance for your help on this.
CC @dryabov
I'd like to present my implementation of the JED Checker redesign (it's very similar to what @anibalsanchez suggested as an example in 2019). After click on the "Check" button (not sure this step is necessary at all, I'd suggest starting validation automatically after uploading), displayed cards (JED Checker and Wall of Honour) are collapsed and new ones are displayed (with loading animation).
It's a working prototype for Joomla! 4 beta 7, but it uses Bootstrap's collapse and tab js modules, and so porting it to Joomla! 3.x may lead to some conflicts (most likely it's better to create a simple polyfill in jQuery).
And don't ask me why .alert-info blocks have a gray background, it's because of this patch joomla/joomla-cms#28907 that redefined info color entirely (instead of just adjusting --info whenever it's necessary).
What do you think about this?
On the site, there is a general error coding system, the "Submission Error Codes": https://extensions.joomla.org/support/knowledgebase/item/submission-error-codes/
It is a quick way to refer to the error and classify the submission.
In the current UI, there is no easy way to associate the code with the error description.
Please, could you associate each error with a "Submission Error Code".
Thanks in advance.
CC: @dryabov
The source (English) language files has changed on the project, but they haven't been uploaded to Transifex.
As a result, both old and new translations are based on the outdated English version.
For example: the string COM_JEDCHECKER_RULE_PH1_DESC contains a broken link in the translations, while it contains a valid link in the project English language files.
It is required that the Transifex user "compojoom" runs the tx sync client. The translators will be automatically notified about the change.
Hi there,
The component would be much more helpful and saving time by:
Hope that helps. If I can contribute codes to this useful, let me know.
Trying to install JEDchecker on Joomla! 3.7.0 on php 7.1.3 as administrator, I get:
"You don't have permission to access /administrator/index.php on this server."
I was looking for information how to install, no such finds. Any help would be appreciated!
In the installation script (file: script.php, method: preflight) it checks for the presence of PHP 5.3.1 or newer, but if an older version is detected, it notices that the version 5.3.6 or newer is required. 😦
So what is the actual requirement, PHP 5.3.1 or 5.3.6?
Considering that the minimum requirements to run Joomla itself is PHP 5.3.10, and that this extension does not work as stand-alone, the PHP version check could be safely removed at all. It probably comes from the 2.5 release.
Peter van Westen (NoNumber) must be Peter van Westen (RegularLabs)
In the extension XML the update server is still on compojoom.com .
It should be one of our servers.
I'd suggest to change id of PH3 rule to XM1, and INFO_XML to NM1 to match Submission Error Codes. The only negative effect is that PH3 and INFO_XML are used as a part of keys in language strings. So, either keys should be renamed in all language files, or just allow such a mismatch.
Now, that we are polishing the new UI, the UI is currently based on colors (I'm color blind). There are concepts that are only expressed with colors (green, yellow, or red).
It would be better if the notices are always marked with labels "ERROR:", "WARN:", "INFO:" and with Icons for better signaling.
My Joomla! version is the 3.5.0-rc.
From JED Checker (component), I've got this.
Rule Jamss - JAMSS - Joomla! Anti-Malware Scan Script
001
example.php in line: 63
Pattern found#17 - PHP: multiple encoded, most probably obfuscated code found
My code in line 63 is:
$test = preg_replace("/(plg_|com_|mod_)/", "$replacement_string", $string);
echo $test;
Why is the code obfuscated? Can you give me another code example to pass the test?
Thanks.
I uploaded my extension, unzipped, checked and it said index.html was missing from all folders. I went and checked and it was missing from root but then I put it there, uploaded, unzipped and checked again, and it still says the same thing... What am I doing wrong?
I've been testing the extensions with the recent improvements and they are working great. So, I have an idea about a new improvement that can greatly improve how we work today.
There is a complex issue around how to check the Extension Name and the matching Listing Name. Since they are entered on JED and the extensions manifests, they are frequently different and that's a big error that today can only be detected manually. The problem affects 90% of the first extension submissions.
The most common problem when we check the extension is that the developer submits a listing name "A1234" and then submits a zip file to install the extension name "BBBBBBB". In strict terms, even if the extension is named "A12 3" or "A12345", they are different names, then the extension is rejected and the developer has to fix the issue.
Additionally:
To solve the issue, I think that we must introduce a new mandatory field before the file upload Listing Name.
In this way, the Extension Checker can validate if the extension and sub-extensions installation names match the declared "Listing Name".
What do you think? Is it doable in the light of the recent improvements?
There are few errors on JEDChecker itself.
What do you think? @dryabov @Llewellynvdm
Rule encoding - Base64 or other type of encoding in the files
3 Errors - Click to View Details
#1 /jedchecker-develop/administrator/components/com_jedchecker/libraries/rules/encoding.php
You've used encoding in this file. This is not an error, but a JED editor will have to review this file.
#2 /jedchecker-develop/administrator/components/com_jedchecker/libraries/rules/errorreporting.php
You've used encoding in this file. This is not an error, but a JED editor will have to review this file.
#3 /jedchecker-develop/administrator/components/com_jedchecker/libraries/rules/jamss.php
You've used encoding in this file. This is not an error, but a JED editor will have to review this file.
Rule LANG - Language files
5 Errors - Click to View Details
#1 /jedchecker-develop/administrator/components/com_jedchecker/language/da-DK/da-DK.com_jedchecker.ini in line: 93
Whitespace in the key is not allowed
<<<<<<< HEAD=
#2 /jedchecker-develop/administrator/components/com_jedchecker/language/en-GB/en-GB.com_jedchecker.ini in line: 93
Incorrect line without '=' character
<<<<<<< HEAD
#3 /jedchecker-develop/administrator/components/com_jedchecker/language/en-GB/en-GB.com_jedchecker.ini in line: 94
Incorrect line without '=' character
<<<<<<< HEAD
#4 /jedchecker-develop/administrator/components/com_jedchecker/language/en-US/en-US.com_jedchecker.ini in line: 93
Whitespace in the key is not allowed
<<<<<<< HEAD=
#5 /jedchecker-develop/administrator/components/com_jedchecker/language/nl-NL/nl-NL.com_jedchecker.ini in line: 93
Whitespace in the key is not allowed
<<<<<<< HEAD=
See the J! forum discussion here: https://forum.joomla.org/viewtopic.php?f=262&t=996982
I agree that the JED Checker extension downloaded from the JED (https://github.com/joomla-extensions/jedchecker/archive/refs/heads/master.zip) contains differences from the files in GitHub. See, especially, the file ../administrator/components/com_jedchecker/libraries/rules/jamss.php
Compare the file from the master repo with the one in the development repo.
The question asked by the forum user on the J! forum is relevant: is the master release for JED Checker 2.4.1 reliable?
Hi,
The extension has this declaration:
<media folder="media" destination="plg_fields_plupload">
<folder>css</folder>
<folder>js</folder>
</media>The ZIP file has the folders css and js, and Joomla installs the extension.
But, JED Checker (develop branch) reports this error:
Rule XMLFILES - XML Files references
1 Errors - Click to View Details
#1 /plg_fields_plupload-main/plupload.xml
Folder not found: media/css
Folder not found: media/js
CC: @dryabov
not sent on server for security reason
if you code similar to this below, jed checker assumes keyword "priority" as an error:
" <server type="extension" priority="2" name="My Extension's Updates">http://example.com/extension.xml</server> "
if you code this way JED checker does not produce error:
" <server type="extension" name="My Extension's Updates" priority="2" >http://example.com/extension.xml</server> "
Though documentaion (https://docs.joomla.org/Deploying_an_Update_Server) is explaining this a a valid definition. Also Joomla xml-parsing and processing according update server definition with settting of "priority" works succesfully and without any errors.
What's the reason for the minimum of 5.3.6?
i'm using the latest version and i got this info on Validation of extension's XML manifest file
Node <extension> contains unknown <api> element
Node <extension> contains unknown <changelogurl> element
these are valid tag for j4 extensions
for api there is a pr #134
Hi,
Testing an extension, I found this false positive error.
Libraries are accepted on JED. It is a valid extension type.
CC @dryabov
Hi @dryabov,
I don't understand what is being reported here. The install looks fine as the rest of the extensions in the package.
Listing name ('pkg_joommyname') starts with extension type prefix
<?xml version="1.0" encoding="UTF-8" ?>
<extension type="package" version="3.0" method="upgrade" client="site">
<name>pkg_joommyname</name>
....Is the translation label missing?
Do you guys want help making this extension compliant with the code style the Platform uses?
I'm testing a new development version.
Processing an extension, there's an error message: The byte order mark (BOM) is detected
This is a lack of knowledge from my side. What is the problem with the BOM?
CC @dryabov
Hi,
Tike the rule that checks for Joomla is overzealous and too strict. In this case, joomcore is an allowed domain. What is not allowed is the literal use of joomla in domains.
Domain names that use 'Joomla' or a derivative of Joomla ('http://www.joomcore.com/') need to be licensed by OSM. Please, check your domain name is listed on the Joomla! Trademark Approval Registry page.
May be something like assets folder should be excluded from checks?
As for example use adding 3rd party library (TCPDF for example) will make extension not passing checks, or a lot of workarounds and code changes are needed?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.