diff options
| -rw-r--r-- | admin/include/functions_plugins.inc.php | 21 | ||||
| -rw-r--r-- | admin/plugin.php | 20 | ||||
| -rw-r--r-- | plugins/add_index/main.admin.inc.php | 8 | ||||
| -rw-r--r-- | plugins/event_tracer/main.inc.php | 8 |
4 files changed, 36 insertions, 21 deletions
diff --git a/admin/include/functions_plugins.inc.php b/admin/include/functions_plugins.inc.php index f5b43a6af..80027b6e2 100644 --- a/admin/include/functions_plugins.inc.php +++ b/admin/include/functions_plugins.inc.php @@ -70,13 +70,24 @@ function get_fs_plugins() /** * Retrieves an url for a plugin page. - * @param string plugin_id - * @param string page - the php script file name (without .php extension) + * @param string file - php script full name */ -function get_admin_plugin_menu_link($plugin_id, $page) +function get_admin_plugin_menu_link($file) { - $url = get_root_url().'admin.php?page=plugin&section=' - .urlencode($plugin_id .'~'. $page); + global $page; + $real_file = realpath($file); + $url = get_root_url().'admin.php?page=plugin'; + if (false!==$real_file) + { + $real_plugin_path = realpath(PHPWG_PLUGINS_PATH); + $file = substr($real_file, strlen($real_plugin_path)+1); + $file = str_replace('\\', '/', $file);//Windows + $url .= '&section='.urlencode($file); + } + else if (isset($page['errors'])) + { + array_push($page['errors'], 'PLUGIN ERROR: "'.$file.'" is not a valid file'); + } return $url; } diff --git a/admin/plugin.php b/admin/plugin.php index a057e87c8..1657f10c8 100644 --- a/admin/plugin.php +++ b/admin/plugin.php @@ -33,27 +33,35 @@ if( !defined("PHPWG_ROOT_PATH") ) include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); check_status(ACCESS_ADMINISTRATOR); -$section = explode('~', $_GET['section'] ); -if (count($section)!=2) +$sections = explode('/', $_GET['section'] ); +for ($i=0; $i<count($sections); $i++) +{ + if (empty($sections[$i]) or $sections[$i]=='..') + { + unset($sections[$i]); + $i--; + } +} + +if (count($sections)<2) { die('Invalid plugin URL'); } -$plugin_id = $section[0]; +$plugin_id = $sections[0]; $check_db_plugin = get_db_plugins('active', $plugin_id ); if (empty($check_db_plugin)) { die('Invalid URL - plugin '.$plugin_id.' not active'); } -$section[1]=str_replace('./', '', $section[1]); // no up in dir structure -$filename = PHPWG_PLUGINS_PATH.$plugin_id.'/'.$section[1].'.php'; +$filename = PHPWG_PLUGINS_PATH.implode('/', $sections); if (is_file($filename)) { include_once($filename); } else { - die('Missing '.$filename); + die('Missing file '.$filename); } ?>
\ No newline at end of file diff --git a/plugins/add_index/main.admin.inc.php b/plugins/add_index/main.admin.inc.php index 457ea760a..a79d1f237 100644 --- a/plugins/add_index/main.admin.inc.php +++ b/plugins/add_index/main.admin.inc.php @@ -33,7 +33,6 @@ if ((!defined('PHPWG_ROOT_PATH')) or (!(defined('IN_ADMIN') and IN_ADMIN))) class AdminAddIndex extends AddIndex
{
- var $my_id;
function load_params()
{
global $conf;
@@ -63,7 +62,7 @@ class AdminAddIndex extends AddIndex array
(
'CAPTION' => l10n('Advanced_Add_Index'),
- 'URL' => get_admin_plugin_menu_link($this->my_id, 'admin/main_page').'&overwrite'
+ 'URL' => get_admin_plugin_menu_link(dirname(__FILE__).'/admin/main_page.php').'&overwrite'
));
return $advanced_features;
@@ -76,7 +75,7 @@ class AdminAddIndex extends AddIndex array_push($site_manager_plugin_links,
array
(
- 'U_HREF' => get_admin_plugin_menu_link($this->my_id, 'admin/main_page').'&site_id='.$site_id,
+ 'U_HREF' => get_admin_plugin_menu_link(dirname(__FILE__).'/admin/main_page.php').'&site_id='.$site_id,
'U_CAPTION' => l10n('Manager_Add_Index'),
'U_HINT' => l10n('Add_Index')
));
@@ -90,7 +89,7 @@ class AdminAddIndex extends AddIndex array_push($menu,
array(
'NAME' => l10n('Menu_Add_Index'),
- 'URL' => get_admin_plugin_menu_link($this->my_id, 'admin/admin_menu')
+ 'URL' => get_admin_plugin_menu_link(dirname(__FILE__).'/admin/admin_menu.php')
)
);
return $menu;
@@ -99,7 +98,6 @@ class AdminAddIndex extends AddIndex // Create object
$add_index = new AdminAddIndex();
-$add_index->my_id = $plugin['id'];
// Load Add Index parameters
$add_index->load_params();
diff --git a/plugins/event_tracer/main.inc.php b/plugins/event_tracer/main.inc.php index 1eb89f094..0976cae1c 100644 --- a/plugins/event_tracer/main.inc.php +++ b/plugins/event_tracer/main.inc.php @@ -11,12 +11,10 @@ class EventTracer { var $me_working; var $my_config; - var $my_id; - function EventTracer($id) + function EventTracer() { $this->me_working=0; - $this->my_id=$id; } function load_config() @@ -83,14 +81,14 @@ class EventTracer array_push($menu, array( 'NAME' => 'Event Tracer', - 'URL' => get_admin_plugin_menu_link($this->my_id, 'tracer_admin') + 'URL' => get_admin_plugin_menu_link(dirname(__FILE__).'/tracer_admin.php') ) ); return $menu; } } -$obj = new EventTracer($plugin['id']); +$obj = new EventTracer(); $obj->load_config(); add_event_handler('get_admin_plugin_menu_links', array(&$obj, 'plugin_admin_menu') ); |