aboutsummaryrefslogtreecommitdiffstats
path: root/admin
diff options
context:
space:
mode:
authorrvelices <rv-github@modusoptimus.com>2007-02-23 13:18:34 +0000
committerrvelices <rv-github@modusoptimus.com>2007-02-23 13:18:34 +0000
commitcb2408a82c9bc93bef177dc33a8981bc36800839 (patch)
tree85728267a379dd1b39ac089ab2021f000e6cb668 /admin
parent6f03e29735ea395f31d09bbfd15a4e15eaf961e3 (diff)
Plugins:
- display author and and author url (if present) on plugin admin page - uniformized versions/authors... for all plugins in svn - security fix (html escape name, version, uri, author... to avoid javascript injection which could automatically simulate click on Install) - added confirmation for install/uninstall plugins Web services: - web service explorer now caches method details in order to avoid unnecessary web calls - web service explorer can now send parameters as arrays - web service explorer uses now prototype.js version 1.5 - small improvements - added and use function bad_request (sends http status code 400) git-svn-id: http://piwigo.org/svn/trunk@1852 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin')
-rw-r--r--admin/include/functions_plugins.inc.php28
-rw-r--r--admin/plugins.php31
2 files changed, 45 insertions, 14 deletions
diff --git a/admin/include/functions_plugins.inc.php b/admin/include/functions_plugins.inc.php
index 80027b6e2..dfbfbb8a3 100644
--- a/admin/include/functions_plugins.inc.php
+++ b/admin/include/functions_plugins.inc.php
@@ -41,25 +41,41 @@ function get_fs_plugins()
and file_exists($path.'/main.inc.php')
)
{
- $plugin = array('name'=>$file, 'version'=>'0', 'uri'=>'', 'description'=>'');
+ $plugin = array(
+ 'name'=>$file,
+ 'version'=>'0',
+ 'uri'=>'',
+ 'description'=>'',
+ 'author'=>'',
+ );
$plg_data = implode( '', file($path.'/main.inc.php') );
- if ( preg_match("|Plugin Name: (.*)|i", $plg_data, $val) )
+ if ( preg_match("|Plugin Name: (.*)|", $plg_data, $val) )
{
$plugin['name'] = trim( $val[1] );
}
- if (preg_match("|Version: (.*)|i", $plg_data, $val))
+ if (preg_match("|Version: (.*)|", $plg_data, $val))
{
$plugin['version'] = trim($val[1]);
}
- if ( preg_match("|Plugin URI: (.*)|i", $plg_data, $val) )
+ if ( preg_match("|Plugin URI: (.*)|", $plg_data, $val) )
{
- $plugin['uri'] = $val[1];
+ $plugin['uri'] = trim($val[1]);
}
- if ( preg_match("|Description: (.*)|i", $plg_data, $val) )
+ if ( preg_match("|Description: (.*)|", $plg_data, $val) )
{
$plugin['description'] = trim($val[1]);
}
+ if ( preg_match("|Author: (.*)|", $plg_data, $val) )
+ {
+ $plugin['author'] = trim($val[1]);
+ }
+ if ( preg_match("|Author URI: (.*)|", $plg_data, $val) )
+ {
+ $plugin['author uri'] = trim($val[1]);
+ }
+ // IMPORTANT SECURITY !
+ $plugin = array_map('htmlspecialchars', $plugin);
$plugins[$file] = $plugin;
}
}
diff --git a/admin/plugins.php b/admin/plugins.php
index 72695c3fa..da16841de 100644
--- a/admin/plugins.php
+++ b/admin/plugins.php
@@ -3,7 +3,6 @@
// | PhpWebGallery - a PHP based picture gallery |
// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
// +-----------------------------------------------------------------------+
-// | branch : BSF (Best So Far)
// | file : $Id$
// | last update : $Date$
// | last modifier : $Author$
@@ -38,9 +37,9 @@ $my_base_url = PHPWG_ROOT_PATH.'admin.php?page=plugins';
// +-----------------------------------------------------------------------+
// | perform requested actions |
// +-----------------------------------------------------------------------+
-if ( isset($_REQUEST['action']) and isset($_REQUEST['plugin']) )
+if ( isset($_GET['action']) and isset($_GET['plugin']) )
{
- $plugin_id = $_REQUEST['plugin'];
+ $plugin_id = $_GET['plugin'];
$crt_db_plugin = get_db_plugins('', $plugin_id);
if (!empty($crt_db_plugin))
{
@@ -54,7 +53,7 @@ if ( isset($_REQUEST['action']) and isset($_REQUEST['plugin']) )
$errors = array();
$file_to_include = PHPWG_PLUGINS_PATH.$plugin_id.'/maintain.inc.php';
- switch ( $_REQUEST['action'] )
+ switch ( $_GET['action'] )
{
case 'install':
if ( !empty($crt_db_plugin))
@@ -89,7 +88,7 @@ INSERT INTO '.PLUGINS_TABLE.' (id,version) VALUES ("'
case 'activate':
if ( !isset($crt_db_plugin) )
{
- array_push($errors, 'CANNOT '. $_REQUEST['action'] .' - NOT INSTALLED');
+ array_push($errors, 'CANNOT '. $_GET['action'] .' - NOT INSTALLED');
}
if ($crt_db_plugin['state']!='inactive')
{
@@ -114,7 +113,7 @@ UPDATE '.PLUGINS_TABLE.' SET state="active" WHERE id="'.$plugin_id.'"';
case 'deactivate':
if ( !isset($crt_db_plugin) )
{
- die ('CANNOT '. $_REQUEST['action'] .' - NOT INSTALLED');
+ die ('CANNOT '. $_GET['action'] .' - NOT INSTALLED');
}
if ($crt_db_plugin['state']!='active')
{
@@ -134,7 +133,7 @@ UPDATE '.PLUGINS_TABLE.' SET state="inactive" WHERE id="'.$plugin_id.'"';
case 'uninstall':
if ( !isset($crt_db_plugin) )
{
- die ('CANNOT '. $_REQUEST['action'] .' - NOT INSTALLED');
+ die ('CANNOT '. $_GET['action'] .' - NOT INSTALLED');
}
$query = '
DELETE FROM '.PLUGINS_TABLE.' WHERE id="'.$plugin_id.'"';
@@ -181,11 +180,25 @@ foreach( $fs_plugins as $plugin_id => $fs_plugin )
{
$display_name='<a href="'.$fs_plugin['uri'].'">'.$display_name.'</a>';
}
+ $desc = $fs_plugin['description'];
+ if (!empty($fs_plugin['author']))
+ {
+ $desc.= ' (<em>';
+ if (!empty($fs_plugin['author uri']))
+ {
+ $desc.= '<a href="'.$fs_plugin['author uri'].'">'.$fs_plugin['author'].'</a>';
+ }
+ else
+ {
+ $desc.= $fs_plugin['author'];
+ }
+ $desc.= '</em>)';
+ }
$template->assign_block_vars( 'plugins.plugin',
array(
'NAME' => $display_name,
'VERSION' => $fs_plugin['version'],
- 'DESCRIPTION' => $fs_plugin['description'],
+ 'DESCRIPTION' => $desc,
'CLASS' => ($num++ % 2 == 1) ? 'row2' : 'row1',
)
);
@@ -218,6 +231,7 @@ foreach( $fs_plugins as $plugin_id => $fs_plugin )
'L_ACTION' => l10n('Uninstall'),
)
);
+ $template->assign_block_vars( 'plugins.plugin.action.confirm', array());
break;
}
}
@@ -229,6 +243,7 @@ foreach( $fs_plugins as $plugin_id => $fs_plugin )
'L_ACTION' => l10n('Install'),
)
);
+ $template->assign_block_vars( 'plugins.plugin.action.confirm', array());
}
}