diff options
author | rvelices <rv-github@modusoptimus.com> | 2007-02-23 13:18:34 +0000 |
---|---|---|
committer | rvelices <rv-github@modusoptimus.com> | 2007-02-23 13:18:34 +0000 |
commit | cb2408a82c9bc93bef177dc33a8981bc36800839 (patch) | |
tree | 85728267a379dd1b39ac089ab2021f000e6cb668 /admin | |
parent | 6f03e29735ea395f31d09bbfd15a4e15eaf961e3 (diff) |
Plugins:
- display author and and author url (if present) on plugin admin page
- uniformized versions/authors... for all plugins in svn
- security fix (html escape name, version, uri, author... to avoid javascript injection which could automatically simulate click on Install)
- added confirmation for install/uninstall plugins
Web services:
- web service explorer now caches method details in order to avoid unnecessary web calls
- web service explorer can now send parameters as arrays
- web service explorer uses now prototype.js version 1.5
- small improvements
- added and use function bad_request (sends http status code 400)
git-svn-id: http://piwigo.org/svn/trunk@1852 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | admin/include/functions_plugins.inc.php | 28 | ||||
-rw-r--r-- | admin/plugins.php | 31 |
2 files changed, 45 insertions, 14 deletions
diff --git a/admin/include/functions_plugins.inc.php b/admin/include/functions_plugins.inc.php index 80027b6e2..dfbfbb8a3 100644 --- a/admin/include/functions_plugins.inc.php +++ b/admin/include/functions_plugins.inc.php @@ -41,25 +41,41 @@ function get_fs_plugins() and file_exists($path.'/main.inc.php') ) { - $plugin = array('name'=>$file, 'version'=>'0', 'uri'=>'', 'description'=>''); + $plugin = array( + 'name'=>$file, + 'version'=>'0', + 'uri'=>'', + 'description'=>'', + 'author'=>'', + ); $plg_data = implode( '', file($path.'/main.inc.php') ); - if ( preg_match("|Plugin Name: (.*)|i", $plg_data, $val) ) + if ( preg_match("|Plugin Name: (.*)|", $plg_data, $val) ) { $plugin['name'] = trim( $val[1] ); } - if (preg_match("|Version: (.*)|i", $plg_data, $val)) + if (preg_match("|Version: (.*)|", $plg_data, $val)) { $plugin['version'] = trim($val[1]); } - if ( preg_match("|Plugin URI: (.*)|i", $plg_data, $val) ) + if ( preg_match("|Plugin URI: (.*)|", $plg_data, $val) ) { - $plugin['uri'] = $val[1]; + $plugin['uri'] = trim($val[1]); } - if ( preg_match("|Description: (.*)|i", $plg_data, $val) ) + if ( preg_match("|Description: (.*)|", $plg_data, $val) ) { $plugin['description'] = trim($val[1]); } + if ( preg_match("|Author: (.*)|", $plg_data, $val) ) + { + $plugin['author'] = trim($val[1]); + } + if ( preg_match("|Author URI: (.*)|", $plg_data, $val) ) + { + $plugin['author uri'] = trim($val[1]); + } + // IMPORTANT SECURITY ! + $plugin = array_map('htmlspecialchars', $plugin); $plugins[$file] = $plugin; } } diff --git a/admin/plugins.php b/admin/plugins.php index 72695c3fa..da16841de 100644 --- a/admin/plugins.php +++ b/admin/plugins.php @@ -3,7 +3,6 @@ // | PhpWebGallery - a PHP based picture gallery | // | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net | // +-----------------------------------------------------------------------+ -// | branch : BSF (Best So Far) // | file : $Id$ // | last update : $Date$ // | last modifier : $Author$ @@ -38,9 +37,9 @@ $my_base_url = PHPWG_ROOT_PATH.'admin.php?page=plugins'; // +-----------------------------------------------------------------------+ // | perform requested actions | // +-----------------------------------------------------------------------+ -if ( isset($_REQUEST['action']) and isset($_REQUEST['plugin']) ) +if ( isset($_GET['action']) and isset($_GET['plugin']) ) { - $plugin_id = $_REQUEST['plugin']; + $plugin_id = $_GET['plugin']; $crt_db_plugin = get_db_plugins('', $plugin_id); if (!empty($crt_db_plugin)) { @@ -54,7 +53,7 @@ if ( isset($_REQUEST['action']) and isset($_REQUEST['plugin']) ) $errors = array(); $file_to_include = PHPWG_PLUGINS_PATH.$plugin_id.'/maintain.inc.php'; - switch ( $_REQUEST['action'] ) + switch ( $_GET['action'] ) { case 'install': if ( !empty($crt_db_plugin)) @@ -89,7 +88,7 @@ INSERT INTO '.PLUGINS_TABLE.' (id,version) VALUES ("' case 'activate': if ( !isset($crt_db_plugin) ) { - array_push($errors, 'CANNOT '. $_REQUEST['action'] .' - NOT INSTALLED'); + array_push($errors, 'CANNOT '. $_GET['action'] .' - NOT INSTALLED'); } if ($crt_db_plugin['state']!='inactive') { @@ -114,7 +113,7 @@ UPDATE '.PLUGINS_TABLE.' SET state="active" WHERE id="'.$plugin_id.'"'; case 'deactivate': if ( !isset($crt_db_plugin) ) { - die ('CANNOT '. $_REQUEST['action'] .' - NOT INSTALLED'); + die ('CANNOT '. $_GET['action'] .' - NOT INSTALLED'); } if ($crt_db_plugin['state']!='active') { @@ -134,7 +133,7 @@ UPDATE '.PLUGINS_TABLE.' SET state="inactive" WHERE id="'.$plugin_id.'"'; case 'uninstall': if ( !isset($crt_db_plugin) ) { - die ('CANNOT '. $_REQUEST['action'] .' - NOT INSTALLED'); + die ('CANNOT '. $_GET['action'] .' - NOT INSTALLED'); } $query = ' DELETE FROM '.PLUGINS_TABLE.' WHERE id="'.$plugin_id.'"'; @@ -181,11 +180,25 @@ foreach( $fs_plugins as $plugin_id => $fs_plugin ) { $display_name='<a href="'.$fs_plugin['uri'].'">'.$display_name.'</a>'; } + $desc = $fs_plugin['description']; + if (!empty($fs_plugin['author'])) + { + $desc.= ' (<em>'; + if (!empty($fs_plugin['author uri'])) + { + $desc.= '<a href="'.$fs_plugin['author uri'].'">'.$fs_plugin['author'].'</a>'; + } + else + { + $desc.= $fs_plugin['author']; + } + $desc.= '</em>)'; + } $template->assign_block_vars( 'plugins.plugin', array( 'NAME' => $display_name, 'VERSION' => $fs_plugin['version'], - 'DESCRIPTION' => $fs_plugin['description'], + 'DESCRIPTION' => $desc, 'CLASS' => ($num++ % 2 == 1) ? 'row2' : 'row1', ) ); @@ -218,6 +231,7 @@ foreach( $fs_plugins as $plugin_id => $fs_plugin ) 'L_ACTION' => l10n('Uninstall'), ) ); + $template->assign_block_vars( 'plugins.plugin.action.confirm', array()); break; } } @@ -229,6 +243,7 @@ foreach( $fs_plugins as $plugin_id => $fs_plugin ) 'L_ACTION' => l10n('Install'), ) ); + $template->assign_block_vars( 'plugins.plugin.action.confirm', array()); } } |