Plugins:

- display author and and author url (if present) on plugin admin page - uniformized versions/authors... for all plugins in svn - security fix (html escape name, version, uri, author... to avoid javascript injection which could automatically simulate click on Install) - added confirmation for install/uninstall plugins Web services: - web service explorer now caches method details in order to avoid unnecessary web calls - web service explorer can now send parameters as arrays - web service explorer uses now prototype.js version 1.5 - small improvements - added and use function bad_request (sends http status code 400) git-svn-id: http://piwigo.org/svn/trunk@1852 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-02-23 13:18:34 +00:00 · 2007-02-23 13:18:34 +00:00 · cb2408a82c
commit cb2408a82c
parent 6f03e29735
15 changed files with 1375 additions and 528 deletions
--- a/admin/include/functions_plugins.inc.php
+++ b/admin/include/functions_plugins.inc.php
@ -41,25 +41,41 @@ function get_fs_plugins()
          and file_exists($path.'/main.inc.php')
          )
      {
-        $plugin = array('name'=>$file, 'version'=>'0', 'uri'=>'', 'description'=>'');
+        $plugin = array(
+            'name'=>$file,
+            'version'=>'0',
+            'uri'=>'',
+            'description'=>'',
+            'author'=>'',
+          );
        $plg_data = implode( '', file($path.'/main.inc.php') );

-        if ( preg_match("|Plugin Name: (.*)|i", $plg_data, $val) )
+        if ( preg_match("|Plugin Name: (.*)|", $plg_data, $val) )
        {
          $plugin['name'] = trim( $val[1] );
        }
-        if (preg_match("|Version: (.*)|i", $plg_data, $val))
+        if (preg_match("|Version: (.*)|", $plg_data, $val))
        {
          $plugin['version'] = trim($val[1]);
        }
-        if ( preg_match("|Plugin URI: (.*)|i", $plg_data, $val) )
+        if ( preg_match("|Plugin URI: (.*)|", $plg_data, $val) )
        {
-          $plugin['uri'] = $val[1];
+          $plugin['uri'] = trim($val[1]);
        }
-        if ( preg_match("|Description: (.*)|i", $plg_data, $val) )
+        if ( preg_match("|Description: (.*)|", $plg_data, $val) )
        {
          $plugin['description'] = trim($val[1]);
        }
+        if ( preg_match("|Author: (.*)|", $plg_data, $val) )
+        {
+          $plugin['author'] = trim($val[1]);
+        }
+        if ( preg_match("|Author URI: (.*)|", $plg_data, $val) )
+        {
+          $plugin['author uri'] = trim($val[1]);
+        }
+        // IMPORTANT SECURITY !
+        $plugin = array_map('htmlspecialchars', $plugin);
        $plugins[$file] = $plugin;
      }
    }