From cb2408a82c9bc93bef177dc33a8981bc36800839 Mon Sep 17 00:00:00 2001
From: rvelices <rv-github@modusoptimus.com>
Date: Fri, 23 Feb 2007 13:18:34 +0000
Subject: Plugins:  - display author and and author url (if present) on plugin
 admin page  - uniformized versions/authors... for all plugins in svn  -
 security fix (html escape name, version, uri, author... to avoid javascript
 injection which could automatically simulate click on Install)  - added
 confirmation for install/uninstall plugins

Web services:
 - web service explorer now caches method details in order to avoid unnecessary web calls
 - web service explorer can now send parameters as arrays
 - web service explorer uses now prototype.js version 1.5
 - small improvements

- added and use function bad_request (sends http status code 400)

git-svn-id: http://piwigo.org/svn/trunk@1852 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 admin/include/functions_plugins.inc.php | 28 ++++++++++++++++++++++------
 1 file changed, 22 insertions(+), 6 deletions(-)

(limited to 'admin/include/functions_plugins.inc.php')

diff --git a/admin/include/functions_plugins.inc.php b/admin/include/functions_plugins.inc.php
index 80027b6e2..dfbfbb8a3 100644
--- a/admin/include/functions_plugins.inc.php
+++ b/admin/include/functions_plugins.inc.php
@@ -41,25 +41,41 @@ function get_fs_plugins()
           and file_exists($path.'/main.inc.php')
           )
       {
-        $plugin = array('name'=>$file, 'version'=>'0', 'uri'=>'', 'description'=>'');
+        $plugin = array(
+            'name'=>$file,
+            'version'=>'0',
+            'uri'=>'',
+            'description'=>'',
+            'author'=>'',
+          );
         $plg_data = implode( '', file($path.'/main.inc.php') );
 
-        if ( preg_match("|Plugin Name: (.*)|i", $plg_data, $val) )
+        if ( preg_match("|Plugin Name: (.*)|", $plg_data, $val) )
         {
           $plugin['name'] = trim( $val[1] );
         }
-        if (preg_match("|Version: (.*)|i", $plg_data, $val))
+        if (preg_match("|Version: (.*)|", $plg_data, $val))
         {
           $plugin['version'] = trim($val[1]);
         }
-        if ( preg_match("|Plugin URI: (.*)|i", $plg_data, $val) )
+        if ( preg_match("|Plugin URI: (.*)|", $plg_data, $val) )
         {
-          $plugin['uri'] = $val[1];
+          $plugin['uri'] = trim($val[1]);
         }
-        if ( preg_match("|Description: (.*)|i", $plg_data, $val) )
+        if ( preg_match("|Description: (.*)|", $plg_data, $val) )
         {
           $plugin['description'] = trim($val[1]);
         }
+        if ( preg_match("|Author: (.*)|", $plg_data, $val) )
+        {
+          $plugin['author'] = trim($val[1]);
+        }
+        if ( preg_match("|Author URI: (.*)|", $plg_data, $val) )
+        {
+          $plugin['author uri'] = trim($val[1]);
+        }
+        // IMPORTANT SECURITY !
+        $plugin = array_map('htmlspecialchars', $plugin);
         $plugins[$file] = $plugin;
       }
     }
-- 
cgit v1.2.3