mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-31 03:40:37 +02:00
Code Issues Releases Wiki Activity

Issue #233 - Fixed LAN issue and added additional checks for plugins. Useful for developers also.

Browse Source
This commit is contained in:
Cameron
2013-05-04 15:42:55 -07:00
parent ea0cf34569
commit d76d4c4ef2
2 changed files with 78 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
e107_admin/db.php
View File

@@ -861,8 +861,10 @@ class system_tools
private function plugin_viewscan($mode = 'update') private function plugin_viewscan($mode = 'update')
{ {
$error_messages = array(0 => DBLAN_31, 1 => DBLAN_32, 2 => DBLAN_33, 3 => DBLAN_34); $error_messages = array(0 => DBLAN_31, 1 => DBLAN_32, 2 => DBLAN_33, 3 => DBLAN_34);
$error_image = array("integrity_pass.png", "integrity_fail.png", "warning.png", "blank.png"); // $error_image = array("integrity_pass.png", "integrity_fail.png", "warning.png", "blank.png");
$error_glyph = array(ADMIN_TRUE_ICON,ADMIN_FALSE_ICON,"<i class='S16 e-warning-16'></i>","<i style='display:inline-block;width:17px;height:16px;'> </i>");
$error_type = array('warning'=>2, 'error'=>1);
global $e107; global $e107;
@@ -908,12 +910,13 @@ class system_tools
<tbody> <tbody>
"; ";
$sql->db_Select("plugin", "*", "plugin_id !='' order by plugin_path ASC"); // Must order by path to pick up duplicates. (plugin names may change). $sql->select("plugin", "*", "plugin_id !='' order by plugin_path ASC"); // Must order by path to pick up duplicates. (plugin names may change).
$previous = ''; $previous = '';
while($row = $sql->db_Fetch()) while($row = $sql->fetch())
{ {
e107::loadLanFiles($row['plugin_path'],'admin'); e107::loadLanFiles($row['plugin_path'],'admin');
e107::plugLan($row['plugin_path'],'global',true);
$text .= " $text .= "
<tr> <tr>
<td>".$tp->toHtml($row['plugin_name'], FALSE, "defs,emotes_off")."</td> <td>".$tp->toHtml($row['plugin_name'], FALSE, "defs,emotes_off")."</td>
@@ -926,7 +929,7 @@ class system_tools
foreach(explode(',', $row['plugin_addons']) as $this_addon) foreach(explode(',', $row['plugin_addons']) as $this_addon)
{ {
$ret_code = 3; // Default to 'not checked $ret_code = 3; // Default to 'not checked
if((strpos($this_addon, 'e_') === 0) && (substr($this_addon, - 4, 4) != '_sql')) if((strpos($this_addon, 'e_') === 0) || (substr($this_addon, - 4, 4) == '_sql'))
{ {
$ret_code = $ep->checkAddon($row['plugin_path'], $this_addon); // See whether spaces before opening tag or after closing tag $ret_code = $ep->checkAddon($row['plugin_path'], $this_addon); // See whether spaces before opening tag or after closing tag
} }
@@ -934,10 +937,23 @@ class system_tools
{ {
$this_addon = substr($this_addon, 3). ' (sc)'; $this_addon = substr($this_addon, 3). ' (sc)';
} }
$text .= "<div class='clear'>";
$text .= "<img class='icon action S16' src='".e_IMAGE_ABS."fileinspector/".$error_image[$ret_code]."' alt='".$error_messages[$ret_code]."' title='".$error_messages[$ret_code]."' />"; if(!is_numeric($ret_code))
{
$errorMessage = $ret_code['msg'];
$ret_code = $error_type[$ret_code['type']];
}
else
{
$errorMessage = $error_messages[$ret_code];
}
$text .= "<span class='clear e-tip' style='cursor:pointer' title='".$errorMessage."'>";
$text .= $error_glyph[$ret_code]."&nbsp;";
// $text .= "<img class='icon action S16' src='".e_IMAGE_ABS."fileinspector/".$error_image[$ret_code]."' alt='".$error_messages[$ret_code]."' title='".$error_messages[$ret_code]."' />";
$text .= trim($this_addon); // $ret_code - 0=OK, 1=content error, 2=access error $text .= trim($this_addon); // $ret_code - 0=OK, 1=content error, 2=access error
$text .= "</div>"; $text .= "</span><br />";
} }
} }
@@ -957,7 +973,7 @@ class system_tools
} }
else else
{ {
$text .= ($row['plugin_installflag'] == 1) ? DBLAN_27 : " "; // "Installed and not installed"; $text .= ($row['plugin_installflag'] == 1) ? "<span class='label label-warning'>".DBLAN_27."</span>" : " "; // "Installed and not installed";
} }
$text .= " $text .= "
</td> </td>

61
e107_handlers/plugin_class.php
View File

@@ -2614,18 +2614,61 @@ class e107plugin
return implode(",", $p_addons); return implode(",", $p_addons);
} }
function checkAddon($plugin_path, $e_xxx)
{ // Return 0 = OK, 1 = Fail, 2 = inaccessible /**
* Check Plugin Addon for errors.
* @return array or numeric. 0 = OK, 1 = Fail, 2 = inaccessible
*/
function checkAddon($plugin_path, $e_xxx)
{
if (is_readable(e_PLUGIN.$plugin_path."/".$e_xxx.".php")) if (is_readable(e_PLUGIN.$plugin_path."/".$e_xxx.".php"))
{ {
$file_text = file_get_contents(e_PLUGIN.$plugin_path."/".$e_xxx.".php"); $content = file_get_contents(e_PLUGIN.$plugin_path."/".$e_xxx.".php");
if ((substr($file_text, 0, 5) != '<'.'?php') || ((substr($file_text, -2, 2) != '?'.'>') && (strrpos($file_text, '?'.'>') !== FALSE)))
{
return 1;
}
return 0;
} }
return 2; else
{
return 2;
}
if(substr($e_xxx, - 4, 4) == '_sql')
{
if(strpos($content,'INSERT INTO')!==false)
{
return array('type'=> 'error', 'msg'=>"INSERT sql commands are not permitted here. Use a ".$plugin_path."_setup.php file instead.");
}
else
{
return 0;
}
}
// Generic markup check
if ((substr($content, 0, 5) != '<'.'?php') || ((substr($content, -2, 2) != '?'.'>') && (strrpos($content, '?'.'>') !== FALSE)))
{
return 1;
}
if($e_xxx == 'e_meta' && strpos($content,'<script')!==false)
{
return array('type'=> 'warning', 'msg'=>"Contains script tags. Use e_header.php with the e107::js() function instead.");
}
if($e_xxx == 'e_latest' && strpos($content,'<div')!==false)
{
return array('type'=> 'warning', 'msg'=>"Using deprecated method. See e_latest.php in the forum plugin for an example.");
}
if($e_xxx == 'e_status' && strpos($content,'<div')!==false)
{
return array('type'=> 'warning', 'msg'=>"Using deprecated method. See e_status.php in the forum plugin for an example.");
}
return 0;
} }
// Entry point to read plugin configuration data // Entry point to read plugin configuration data