N°9567 - Extension Mgmt : Run setup

[odain-cbd]

No description provided.

[greptile-apps]

Greptile Summary

This PR adds a cleanup-to-setup flow for extension removal. The main changes are:

• A data feature removal result page can compile, clean data, and relaunch setup.
• A new setup landing step reconstructs wizard state before data audit.
• Extension discovery now reads module metadata from installation choices.
• Cleanup summaries now track cumulative execution counts.
• Form UI blocks can override the form encoding type.

Confidence Score: 2/5

These issues should be fixed before this is merged.

• The cleanup form can drop the setup selections before relaunching setup.
• The setup-token path skips the transaction guard on direct posts.
• The setup data audit form can emit broken or injected hidden inputs.
• Module discovery can reject valid external upgrade source directories.

Focus on the cleanup/setup handoff files and the new module discovery path check.

Security Review

• CSRF/setup-token boundary: DataFeatureRemovalController::OperationAnalysisResult skips transaction validation before creating a setup token.
• HTML injection/input handling: WizStepDataAudit::PostFormDisplay writes raw wizard values into hidden input attributes.

Important Files Changed

Filename	Overview
datamodels/2.x/combodo-data-feature-removal/src/Controller/DataFeatureRemovalController.php	Builds the analysis, cleanup, and setup relaunch parameters, with a skipped transaction check.
datamodels/2.x/combodo-data-feature-removal/templates/AnalysisResult.html.twig	Adds cleanup and setup-launch forms, but the cleanup form drops required setup state.
setup/wizardsteps/WizStepDataAudit.php	Posts wizard state to the cleanup module, but writes hidden input values without escaping.
setup/wizardsteps/WizStepModulesChoice.php	Adds wizard-state reconstruction helpers for returning from cleanup.
setup/modulediscovery.class.inc.php	Adds an APPROOT-bound path check to module file discovery.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
  A[Setup module choices] --> B[Data audit]
  B --> C[Data feature removal page]
  C --> D[DoDeletion form]
  D --> E[OperationDoDeletion]
  E --> F[OperationAnalysisResult]
  F --> G[Launch setup form]
  G --> H[WizStepLandingBeforeAudit]
  H --> I[Data audit / setup]
  D -. missing JSON setup fields .-> F

Loading

_{Reviews (1): Last reviewed commit: "N°9567 - Extension Mgmt : Run setup" | Re-trigger Greptile}