diff options
author | mistic100 <mistic@piwigo.org> | 2014-07-06 14:05:05 +0000 |
---|---|---|
committer | mistic100 <mistic@piwigo.org> | 2014-07-06 14:05:05 +0000 |
commit | 1633d8ffaa38edb8abb530ef4e28cdc4ee816923 (patch) | |
tree | d6768d721c437d1494a9c379c2bd667ae70ea4d3 /admin/include/plugins.class.php | |
parent | dbedfd173f087b7b7d6d1aefde09922d986c8429 (diff) |
improves regexes parsing plugins metadata
git-svn-id: http://piwigo.org/svn/trunk@28969 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | admin/include/plugins.class.php | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/admin/include/plugins.class.php b/admin/include/plugins.class.php index 4aabcd9b7..25030b6a2 100644 --- a/admin/include/plugins.class.php +++ b/admin/include/plugins.class.php @@ -257,15 +257,15 @@ DELETE FROM '. PLUGINS_TABLE .' ); $plg_data = file_get_contents($path.'/main.inc.php', null, null, 0, 2048); - if ( preg_match("|Plugin Name: (.*)|", $plg_data, $val) ) + if (preg_match("|Plugin Name:\\s*(.+)|", $plg_data, $val)) { $plugin['name'] = trim( $val[1] ); } - if (preg_match("|Version: (.*)|", $plg_data, $val)) + if (preg_match("|Version:\\s*([\\w.-]+)|", $plg_data, $val)) { $plugin['version'] = trim($val[1]); } - if ( preg_match("|Plugin URI: (.*)|", $plg_data, $val) ) + if (preg_match("|Plugin URI:\\s*(https?:\\/\\/.+)|", $plg_data, $val)) { $plugin['uri'] = trim($val[1]); } @@ -273,15 +273,15 @@ DELETE FROM '. PLUGINS_TABLE .' { $plugin['description'] = trim($desc); } - elseif ( preg_match("|Description: (.*)|", $plg_data, $val) ) + elseif (preg_match("|Description:\\s*(.+)|", $plg_data, $val)) { $plugin['description'] = trim($val[1]); } - if ( preg_match("|Author: (.*)|", $plg_data, $val) ) + if (preg_match("|Author:\\s*(.+)|", $plg_data, $val)) { $plugin['author'] = trim($val[1]); } - if ( preg_match("|Author URI: (.*)|", $plg_data, $val) ) + if (preg_match("|Author URI:\\s*(https?:\\/\\/.+)|", $plg_data, $val)) { $plugin['author uri'] = trim($val[1]); } @@ -290,6 +290,7 @@ DELETE FROM '. PLUGINS_TABLE .' list( , $extension) = explode('extension_view.php?eid=', $plugin['uri']); if (is_numeric($extension)) $plugin['extension'] = $extension; } + // IMPORTANT SECURITY ! $plugin = array_map('htmlspecialchars', $plugin); $this->fs_plugins[$file] = $plugin; |