Changeset 1852 for trunk/admin/include


Ignore:
Timestamp:
Feb 23, 2007, 2:18:34 PM (17 years ago)
Author:
rvelices
Message:

Plugins:

  • display author and and author url (if present) on plugin admin page
  • uniformized versions/authors... for all plugins in svn
  • security fix (html escape name, version, uri, author... to avoid javascript injection which could automatically simulate click on Install)
  • added confirmation for install/uninstall plugins

Web services:

  • web service explorer now caches method details in order to avoid unnecessary web calls
  • web service explorer can now send parameters as arrays
  • web service explorer uses now prototype.js version 1.5
  • small improvements
  • added and use function bad_request (sends http status code 400)
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/admin/include/functions_plugins.inc.php

    r1731 r1852  
    4242          )
    4343      {
    44         $plugin = array('name'=>$file, 'version'=>'0', 'uri'=>'', 'description'=>'');
     44        $plugin = array(
     45            'name'=>$file,
     46            'version'=>'0',
     47            'uri'=>'',
     48            'description'=>'',
     49            'author'=>'',
     50          );
    4551        $plg_data = implode( '', file($path.'/main.inc.php') );
    4652
    47         if ( preg_match("|Plugin Name: (.*)|i", $plg_data, $val) )
     53        if ( preg_match("|Plugin Name: (.*)|", $plg_data, $val) )
    4854        {
    4955          $plugin['name'] = trim( $val[1] );
    5056        }
    51         if (preg_match("|Version: (.*)|i", $plg_data, $val))
     57        if (preg_match("|Version: (.*)|", $plg_data, $val))
    5258        {
    5359          $plugin['version'] = trim($val[1]);
    5460        }
    55         if ( preg_match("|Plugin URI: (.*)|i", $plg_data, $val) )
     61        if ( preg_match("|Plugin URI: (.*)|", $plg_data, $val) )
    5662        {
    57           $plugin['uri'] = $val[1];
     63          $plugin['uri'] = trim($val[1]);
    5864        }
    59         if ( preg_match("|Description: (.*)|i", $plg_data, $val) )
     65        if ( preg_match("|Description: (.*)|", $plg_data, $val) )
    6066        {
    6167          $plugin['description'] = trim($val[1]);
    6268        }
     69        if ( preg_match("|Author: (.*)|", $plg_data, $val) )
     70        {
     71          $plugin['author'] = trim($val[1]);
     72        }
     73        if ( preg_match("|Author URI: (.*)|", $plg_data, $val) )
     74        {
     75          $plugin['author uri'] = trim($val[1]);
     76        }
     77        // IMPORTANT SECURITY !
     78        $plugin = array_map('htmlspecialchars', $plugin);
    6379        $plugins[$file] = $plugin;
    6480      }
Note: See TracChangeset for help on using the changeset viewer.