aboutsummaryrefslogtreecommitdiffstats
path: root/admin/include
diff options
context:
space:
mode:
authorrvelices <rv-github@modusoptimus.com>2007-02-23 13:18:34 +0000
committerrvelices <rv-github@modusoptimus.com>2007-02-23 13:18:34 +0000
commitcb2408a82c9bc93bef177dc33a8981bc36800839 (patch)
tree85728267a379dd1b39ac089ab2021f000e6cb668 /admin/include
parent6f03e29735ea395f31d09bbfd15a4e15eaf961e3 (diff)
Plugins:
- display author and and author url (if present) on plugin admin page - uniformized versions/authors... for all plugins in svn - security fix (html escape name, version, uri, author... to avoid javascript injection which could automatically simulate click on Install) - added confirmation for install/uninstall plugins Web services: - web service explorer now caches method details in order to avoid unnecessary web calls - web service explorer can now send parameters as arrays - web service explorer uses now prototype.js version 1.5 - small improvements - added and use function bad_request (sends http status code 400) git-svn-id: http://piwigo.org/svn/trunk@1852 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--admin/include/functions_plugins.inc.php28
1 files changed, 22 insertions, 6 deletions
diff --git a/admin/include/functions_plugins.inc.php b/admin/include/functions_plugins.inc.php
index 80027b6e2..dfbfbb8a3 100644
--- a/admin/include/functions_plugins.inc.php
+++ b/admin/include/functions_plugins.inc.php
@@ -41,25 +41,41 @@ function get_fs_plugins()
and file_exists($path.'/main.inc.php')
)
{
- $plugin = array('name'=>$file, 'version'=>'0', 'uri'=>'', 'description'=>'');
+ $plugin = array(
+ 'name'=>$file,
+ 'version'=>'0',
+ 'uri'=>'',
+ 'description'=>'',
+ 'author'=>'',
+ );
$plg_data = implode( '', file($path.'/main.inc.php') );
- if ( preg_match("|Plugin Name: (.*)|i", $plg_data, $val) )
+ if ( preg_match("|Plugin Name: (.*)|", $plg_data, $val) )
{
$plugin['name'] = trim( $val[1] );
}
- if (preg_match("|Version: (.*)|i", $plg_data, $val))
+ if (preg_match("|Version: (.*)|", $plg_data, $val))
{
$plugin['version'] = trim($val[1]);
}
- if ( preg_match("|Plugin URI: (.*)|i", $plg_data, $val) )
+ if ( preg_match("|Plugin URI: (.*)|", $plg_data, $val) )
{
- $plugin['uri'] = $val[1];
+ $plugin['uri'] = trim($val[1]);
}
- if ( preg_match("|Description: (.*)|i", $plg_data, $val) )
+ if ( preg_match("|Description: (.*)|", $plg_data, $val) )
{
$plugin['description'] = trim($val[1]);
}
+ if ( preg_match("|Author: (.*)|", $plg_data, $val) )
+ {
+ $plugin['author'] = trim($val[1]);
+ }
+ if ( preg_match("|Author URI: (.*)|", $plg_data, $val) )
+ {
+ $plugin['author uri'] = trim($val[1]);
+ }
+ // IMPORTANT SECURITY !
+ $plugin = array_map('htmlspecialchars', $plugin);
$plugins[$file] = $plugin;
}
}