To improve input validation for Joomla and PHP releases, we can grab the release list for these platforms via the GitHub API and build an allowed version array. Since this is machine parseable, we can put it on a cron job to run updates as needed.
To sum things up a bit:
The joomla/github package is pulled in for interfacing with the GitHub API
The package is extended to allow the API's method that returns tags to be paginated over AND to gain access to the full API response object
The github config structure matches the options keys in use by the joomla/github package and this is injected as a Registry object into the base class when instantiated (so if you need to throw in credentials to get past the anonymous API rate limit use those keys)
The response headers are used to determine if we need to paginate and will loop making API requests if needed to get all the data
A CLI command for fetching Joomla's releases is added which filters out everything that isn't a 3.x release and adds that to our allowed version array
Also added are the latest release plus the next patch release and minor release (so with 3.5.1 as the latest release 3.5.2 and 3.6.0 are also allowed)
The method validating a string looks like a version number is moved to a trait so we can use it in the tag commands as well as the POST controller
The POST controller now validates the version against this data array
Testing Instructions
Running bin/stats tags:joomla should fetch the tags from the joomla/joomla-cms repo, process them, and write to the versions/joomla.json file and include all 3.x releases plus the next patch and minor version numbers (unreleased). Data should still be submitted and processed correctly.
Pull Request for Issue #24
Summary of Changes
To improve input validation for Joomla and PHP releases, we can grab the release list for these platforms via the GitHub API and build an allowed version array. Since this is machine parseable, we can put it on a cron job to run updates as needed.
To sum things up a bit:
joomla/github
package is pulled in for interfacing with the GitHub APIgithub
config structure matches the options keys in use by thejoomla/github
package and this is injected as a Registry object into the base class when instantiated (so if you need to throw in credentials to get past the anonymous API rate limit use those keys)Testing Instructions
Running
bin/stats tags:joomla
should fetch the tags from thejoomla/joomla-cms
repo, process them, and write to theversions/joomla.json
file and include all 3.x releases plus the next patch and minor version numbers (unreleased). Data should still be submitted and processed correctly.