Skip to content

Releases: ArteInfoRM/tec_datacleaning

v1.0.5 (BETA) – Secure admin validation & JSON-based configuration

18 Dec 09:46
@ArteInfoRM ArteInfoRM
v1.0.5
e99ec3f

Choose a tag to compare

View all tags
v1.0.5 (BETA) – Secure admin validation & JSON-based configuration Latest
Latest

⚠️ BETA Release – v1.0.5

This release introduces significant security, validation, and configuration handling improvements.
It is marked as BETA and is recommended for testing and staging environments before production use.

✨ Added

  • Improved admin form validation: configuration is now persisted only if all validations pass, preventing partial or inconsistent saves.
  • New helper computeModuleSecureKey() to deterministically compute or retrieve the module secure_key.
    • Returns the sentinel value NOKEY when no valid key is available.
  • Safe-guard logging when legacy (non-JSON) configuration is detected: such values are logged and ignored for safety.

🔄 Changed

  • Security hardening: replaced all uses of serialize() / unserialize() with json_encode() / json_decode() for configuration storage, preventing unsafe PHP deserialization.
  • Admin form handling now validates the posted secure_key and saves it only if the entire form is valid, avoiding misleading mixed success/error messages.
  • Selected tables are now stored exclusively as JSON.
    • Legacy serialized values are intentionally ignored and must be re-saved from Back Office to migrate.
  • Cron controller updated to read selected tables from JSON and to safely ignore/log legacy serialized values.
  • Improved uninstall process: all module configuration keys are removed (MONTHS, BATCH_SIZE, SELECTED_TABLES, SECURE_KEY) with best-effort hook unregistration.
  • Better handling of checkbox POST formats generated by PrestaShop helper forms.

🐛 Fixed

  • Fixed an edge case where an invalid secure_key could be saved even when other validation errors were present.
  • Prevented automatic unserialization of legacy configuration data for security reasons.

🔐 Security

  • Eliminated unsafe PHP deserialization from configuration storage.
  • Centralized and hardened cron endpoint authentication logic.
  • Clear API response (NOKEY) and HTTP error when no usable secure_key is available.
  • Continued recommendation: protect the cron endpoint (IP whitelist, HTTPS, additional access controls).

⚠️ Notes / Warnings

  • Legacy configuration values stored using serialize() are no longer loaded.
    To migrate, open the module configuration in Back Office, re-select the tables and save.
  • Always run cron operations with dry_run=1 and perform a database backup before executing destructive actions (DELETE or TRUNCATE).
Assets 3
Loading