Prevent plugins without an admin url from displaying in admin navigation. And disallow 'theme' as a plugin name.

2025-01-17 20:58:30 +01:00 · 2012-11-27 23:03:17 -08:00 · 2012-11-27 23:03:17 -08:00 · 2986dd62be
commit 2986dd62be
parent eb8cf3179f
2 changed files with 22 additions and 1 deletions
--- a/e107_core/shortcodes/batch/admin_shortcodes.php
+++ b/e107_core/shortcodes/batch/admin_shortcodes.php
@ -1307,14 +1307,22 @@ class admin_shortcodes
 		{
 			while($row = $sql->db_Fetch())
 			{
+				
+				
 				if($plug->parse_plugin($row['plugin_path']))
 				{
 					$plug_vars = $plug->plug_vars;
+					
+					if($row['plugin_path']=='tinymce')
+					{
+					//	print_a($plug_vars);
+					}
+					
 					e107::loadLanFiles($row['plugin_path'], 'admin');
 					if(varset($plug_vars['adminLinks']['link']))
 					{
 						
-						if($row['plugin_category'] == 'menu')
+						if($row['plugin_category'] == 'menu' || !vartrue($plug_vars['adminLinks']['link'][0]['@attributes']['url']))
 						{
 							continue;
 						}
--- a/e107_handlers/plugin_class.php
+++ b/e107_handlers/plugin_class.php
@ -58,6 +58,11 @@ class e107plugin
 		'e_featurebox'
 	);

+
+	var $disAllowed = array(
+		'theme'
+	);
+
 	// List of all plugin variables which need to be checked - install required if one or more set and non-empty
 	// Deprecated in 0.8 (used in plugin.php only). Probably delete in 0.9
 	var $all_eplug_install_variables = array(
@ -181,6 +186,14 @@ class e107plugin
 				$mes->add("Folder error: <i>{$p['path']}</i>.  'e107_' is not permitted within plugin folder names.", E_MESSAGE_WARNING);
 				continue;
 			}
+			
+			if(in_array($path,$this->disAllowed))
+			{
+				$mes->addWarning("Folder error: <i>{$p['path']}</i> is not permitted as an acceptable folder name.");
+				continue;	
+			}
+			
+			
 			$plug['plug_action'] = 'scan'; // Make sure plugin.php knows what we're up to

 			if (!$this->parse_plugin($p['path']))