craftsmancoding / modx_utils Goto Github PK

The config.core.php file contains both the MODX_CORE_PATH and the MODX_CONFIG_KEY, which are both essentially hardcoded right now and would prevent the script from working when either of those are different than the default.

You are telling people to adjust $path_to_core if it's different, but the more plug and play the better, right? ;)

When I tried to run it from the command line I encountered this error:
PHP Parse error: syntax error, unexpected ':' on line 870.
Any thoughts?

When using the command line tool it would be useful if the latest nightly build could be installed instead of just the latest stable build: http://modx.com/download/nightlies/

I wanted to try your backupmodx.php script, but I didn't succeed. The file does not even run (error in line 515, unexpected '}').
After having a closer look at the code, I got the impression that something went wrong while uploading it to GIT. Is it possible, that the lower half of the file backupmodx.php consists of code of installmodx.php? Or is it just too late and I should get some sleep :)

This is tough to do in a single file, but I've already gotten questions/problems with people trying to run this via PHP 5.2 (which fails). It might be possible to put the tests up front, and then once they pass, eval the rest of the script (contained in a heredoc block). Janky, but it would probably do the trick.

See http://www.phpclasses.org/blog/post/206-Using-Grep-to-Find-Security-Vulnerabilities-in-PHP-code.html

This is similar to a scanning utility I have for Fireproof Socks. Useful not just for MODX, but for any web app.

Probably need to add stuff like this:

ignore_user_abort(true);
set_time_limit(0);

I believe there's a bug on the test_config.php script. I've tried it on ModX Cloud and another remote installation and in both instances I got these errors:

If you use a < or a > in an XML field (e.g. as part of your password), the values must be encoded.

Is there a PHP function for this? What values need fixing?

http://stackoverflow.com/questions/2822774/php-is-htmlentities-sufficient-for-creating-xml-safe-values
http://msdn.microsoft.com/en-us/library/wkc3acws(VS.71).aspx

I've gone for this: htmlspecialchars($string,ENT_NOQUOTES)

If any files can't be copied they're skipped by the script. It would be great if the script checked if all are writeable first and aborted if any were not.

• pass-thru all arguments available to the setup/index.php script: i.e. support for updates
• support for installations to sub-dirs
• allow for versions to be specified, e.g. --version
• remind user to save their config.xml

P.S. thanks for awesome script!