Information for developers and control maniacs

Architecture and implementation highlights for Joomla Little Helper

Welcome developer!

If you want to contribute to this project, let us know. Our repo is on github

If you do add any useful features, fix bugs, improve in any way the extension we'd love to hear your feedback and include your code.


This package consists of one component (with several controllers, one per function), and some helper modules.

It is heavily commented in code, but to get a good grasp of the main ideas keep reading.

Joomla Security and compatibility

The extension has been tested against malicious attacks, including hijacking, xss, and dom manipulation.  All input coming from a user, be it parameters, get, post etc, is parsed to prevent bypassing our security.

No input from the user is _ever_ used to perform actions on the filesystem: i.e. if the input of a user matches one of the predefined options we have previously enabled and tested, it will be carried through.  This means that extending it could be hindered by our security precautions; if you wish to make some local edits, you are welcome to contact us with your requirements and we'll gladly assist you in getting your task completed according to our best practices.

The package

A basic installation consists of two instances of the module, one published in position cpanel , the other in position status in the Joomla! administrator.  These provide quick ajax access to the component's features.  You have shortcuts to create these files from the components main view.

Trash & Cache: Joomla Recycle Bin, Joomla Trash and Joomla Cache Cleaner

This is the most system intensive feature.  It clears the Joomla recycle bin (trash) and the cache.

The recycle bin is cleared with the Joomla JTable descendants, not with direct queries to the database.  Only if this fails, do we failback to direct queries.

The selected cache folders that need to be deleted are processed like this:

First, an attempt to rm -rf the folder is made, using one of the php exec(), passthrough(), system() functions. This raises an alert in some antiviruses; it can be safely ignored, since the only purpose for those functions is to remove a folder quickly; no user input is passed to system commands for safety.

Whether this fails or not, a php function which traverses the whole tree and clears its files and empty branches will run afterwards.  In case the deletion runs into errors, this last function will also try to make files writeable (chmod 0777) before deleting.


The new v.2 features a new drag-n-drop support, with an interface to crop an image and real-time preview.

Joomla Security / .htaccess / Joomla SEF

The source .htaccess files are stored in components/com_littlehelper/assets/txt

Please read the F.A.Q. to learn about the risks, issues and solutions you might need.