From 4d65727accb097641f72e8bf24c5a194873affc7 Mon Sep 17 00:00:00 2001 From: Cesar G Date: Wed, 11 Dec 2013 21:07:21 -0800 Subject: [PATCH 1/5] [ticket/12009] Do not allow incorrectly structured extensions to be installed. PHPBB3-12009 --- phpBB/phpbb/extension/manager.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/phpBB/phpbb/extension/manager.php b/phpBB/phpbb/extension/manager.php index 7f009867c9..23b281deaa 100644 --- a/phpBB/phpbb/extension/manager.php +++ b/phpBB/phpbb/extension/manager.php @@ -411,9 +411,24 @@ class manager if ($file_info->isFile() && $file_info->getFilename() == 'ext.' . $this->php_ext) { $ext_name = $iterator->getInnerIterator()->getSubPath(); + $composer_file = $iterator->getPath() . '/composer.json'; + // Ignore the extension if there is no composer.json. + if (!is_readable($composer_file) || !($ext_info = file_get_contents($composer_file))) + { + continue; + } + + $ext_info = json_decode($ext_info, true); $ext_name = str_replace(DIRECTORY_SEPARATOR, '/', $ext_name); + // Ignore the extension if directory depth is not correct or if the directory structure + // does not match the name value specified in composer.json. + if (substr_count($ext_name, '/') !== 1 || !isset($ext_info['name']) || $ext_name != $ext_info['name']) + { + continue; + } + $available[$ext_name] = $this->phpbb_root_path . 'ext/' . $ext_name . '/'; } } From 31234b26d892bb4d98c9bc869d340a8ccf3cfe88 Mon Sep 17 00:00:00 2001 From: Cesar G Date: Thu, 12 Dec 2013 04:29:48 -0800 Subject: [PATCH 2/5] [ticket/12009] Move valid extensions in tests to correct dir structure. PHPBB3-12009 --- tests/extension/ext/vendor/moo/composer.json | 2 +- .../{barfoo => vendor2/bar}/acp/a_info.php | 6 +- .../{foo/mcp => vendor2/bar/acp}/a_module.php | 2 +- tests/extension/ext/vendor2/bar/composer.json | 21 +++++++ tests/extension/ext/{ => vendor2}/bar/ext.php | 2 +- .../ext/{ => vendor2}/foo/a_class.php | 2 +- .../ext/{ => vendor2}/foo/acp/a_info.php | 4 +- .../ext/{ => vendor2}/foo/acp/a_module.php | 2 +- .../ext/{ => vendor2}/foo/acp/fail_info.php | 4 +- .../ext/{ => vendor2}/foo/acp/fail_module.php | 2 +- .../ext/{ => vendor2}/foo/b_class.php | 2 +- .../ext/{ => vendor2}/foo/composer.json | 2 +- tests/extension/ext/{ => vendor2}/foo/ext.php | 2 +- .../ext/{ => vendor2}/foo/mcp/a_info.php | 4 +- .../acp => vendor2/foo/mcp}/a_module.php | 2 +- .../foo/sub/type/alternative.php | 0 .../{ => vendor2}/foo/type/alternative.php | 0 .../{ => vendor2}/foo/type/dummy/empty.txt | 0 .../ext/{ => vendor2}/foo/typewrong/error.php | 0 tests/extension/ext/vendor3/bar/ext.php | 26 ++++++++ .../ext/{ => vendor3}/bar/my/hidden_class.php | 2 +- .../prosilver/template/foobar_body.html | 0 tests/extension/finder_test.php | 44 +++++++------- tests/extension/fixtures/extensions.xml | 2 +- tests/extension/manager_test.php | 43 ++++++------- tests/extension/metadata_manager_test.php | 6 +- tests/extension/modules_test.php | 60 +++++++++---------- 27 files changed, 145 insertions(+), 97 deletions(-) rename tests/extension/ext/{barfoo => vendor2/bar}/acp/a_info.php (69%) rename tests/extension/ext/{foo/mcp => vendor2/bar/acp}/a_module.php (50%) create mode 100644 tests/extension/ext/vendor2/bar/composer.json rename tests/extension/ext/{ => vendor2}/bar/ext.php (93%) rename tests/extension/ext/{ => vendor2}/foo/a_class.php (53%) rename tests/extension/ext/{ => vendor2}/foo/acp/a_info.php (76%) rename tests/extension/ext/{ => vendor2}/foo/acp/a_module.php (50%) rename tests/extension/ext/{ => vendor2}/foo/acp/fail_info.php (83%) rename tests/extension/ext/{ => vendor2}/foo/acp/fail_module.php (86%) rename tests/extension/ext/{ => vendor2}/foo/b_class.php (53%) rename tests/extension/ext/{ => vendor2}/foo/composer.json (95%) rename tests/extension/ext/{ => vendor2}/foo/ext.php (88%) rename tests/extension/ext/{ => vendor2}/foo/mcp/a_info.php (76%) rename tests/extension/ext/{barfoo/acp => vendor2/foo/mcp}/a_module.php (50%) rename tests/extension/ext/{ => vendor2}/foo/sub/type/alternative.php (100%) rename tests/extension/ext/{ => vendor2}/foo/type/alternative.php (100%) rename tests/extension/ext/{ => vendor2}/foo/type/dummy/empty.txt (100%) rename tests/extension/ext/{ => vendor2}/foo/typewrong/error.php (100%) create mode 100644 tests/extension/ext/vendor3/bar/ext.php rename tests/extension/ext/{ => vendor3}/bar/my/hidden_class.php (54%) rename tests/extension/ext/{ => vendor3}/bar/styles/prosilver/template/foobar_body.html (100%) diff --git a/tests/extension/ext/vendor/moo/composer.json b/tests/extension/ext/vendor/moo/composer.json index 4dc36963b3..901cb7f17a 100644 --- a/tests/extension/ext/vendor/moo/composer.json +++ b/tests/extension/ext/vendor/moo/composer.json @@ -1,5 +1,5 @@ { - "name": "moo/example", + "name": "vendor/moo", "type": "phpbb-extension", "description": "An example/sample extension to be used for testing purposes in phpBB Development.", "version": "1.0.0", diff --git a/tests/extension/ext/barfoo/acp/a_info.php b/tests/extension/ext/vendor2/bar/acp/a_info.php similarity index 69% rename from tests/extension/ext/barfoo/acp/a_info.php rename to tests/extension/ext/vendor2/bar/acp/a_info.php index ea07189f7a..8132df587f 100644 --- a/tests/extension/ext/barfoo/acp/a_info.php +++ b/tests/extension/ext/vendor2/bar/acp/a_info.php @@ -1,14 +1,14 @@ 'barfoo\\acp\\a_module', - 'title' => 'Barfoo', + 'filename' => 'vendor2\\bar\\acp\\a_module', + 'title' => 'Bar', 'version' => '3.1.0-dev', 'modes' => array( 'config' => array('title' => 'Config', 'auth' => '', 'cat' => array('ACP_MODS')), diff --git a/tests/extension/ext/foo/mcp/a_module.php b/tests/extension/ext/vendor2/bar/acp/a_module.php similarity index 50% rename from tests/extension/ext/foo/mcp/a_module.php rename to tests/extension/ext/vendor2/bar/acp/a_module.php index ca397e7004..3a3d105790 100644 --- a/tests/extension/ext/foo/mcp/a_module.php +++ b/tests/extension/ext/vendor2/bar/acp/a_module.php @@ -1,6 +1,6 @@ =5.3", + "phpbb/phpbb": "3.1.*@dev" + }, + "extra": { + "display-name": "phpBB Bar Extension" + } +} diff --git a/tests/extension/ext/bar/ext.php b/tests/extension/ext/vendor2/bar/ext.php similarity index 93% rename from tests/extension/ext/bar/ext.php rename to tests/extension/ext/vendor2/bar/ext.php index 22ff5e8077..f94ab9ad81 100644 --- a/tests/extension/ext/bar/ext.php +++ b/tests/extension/ext/vendor2/bar/ext.php @@ -1,6 +1,6 @@ 'foo\\acp\\a_module', + 'filename' => 'vendor2\\foo\\acp\\a_module', 'title' => 'Foobar', 'version' => '3.1.0-dev', 'modes' => array( diff --git a/tests/extension/ext/foo/acp/a_module.php b/tests/extension/ext/vendor2/foo/acp/a_module.php similarity index 50% rename from tests/extension/ext/foo/acp/a_module.php rename to tests/extension/ext/vendor2/foo/acp/a_module.php index 7aa2351ab3..78d91af2fe 100644 --- a/tests/extension/ext/foo/acp/a_module.php +++ b/tests/extension/ext/vendor2/foo/acp/a_module.php @@ -1,6 +1,6 @@ 'foo\acp\fail_module', + 'filename' => 'vendor2\foo\acp\fail_module', 'title' => 'Foobar', 'version' => '3.1.0-dev', 'modes' => array( diff --git a/tests/extension/ext/foo/acp/fail_module.php b/tests/extension/ext/vendor2/foo/acp/fail_module.php similarity index 86% rename from tests/extension/ext/foo/acp/fail_module.php rename to tests/extension/ext/vendor2/foo/acp/fail_module.php index 8070929d3c..c8a5eae745 100644 --- a/tests/extension/ext/foo/acp/fail_module.php +++ b/tests/extension/ext/vendor2/foo/acp/fail_module.php @@ -1,6 +1,6 @@ 'foo\\mcp\\a_module', + 'filename' => 'vendor2\\foo\\mcp\\a_module', 'title' => 'Foobar', 'version' => '3.1.0-dev', 'modes' => array( diff --git a/tests/extension/ext/barfoo/acp/a_module.php b/tests/extension/ext/vendor2/foo/mcp/a_module.php similarity index 50% rename from tests/extension/ext/barfoo/acp/a_module.php rename to tests/extension/ext/vendor2/foo/mcp/a_module.php index 0ae8775013..fe29783827 100644 --- a/tests/extension/ext/barfoo/acp/a_module.php +++ b/tests/extension/ext/vendor2/foo/mcp/a_module.php @@ -1,6 +1,6 @@ extension_manager = new phpbb_mock_extension_manager( dirname(__FILE__) . '/', array( - 'foo' => array( - 'ext_name' => 'foo', + 'vendor2/foo' => array( + 'ext_name' => 'vendor2/foo', 'ext_active' => '1', - 'ext_path' => 'ext/foo/', + 'ext_path' => 'ext/vendor2/foo/', ), - 'bar' => array( - 'ext_name' => 'bar', + 'vendor3/bar' => array( + 'ext_name' => 'vendor3/bar', 'ext_active' => '1', - 'ext_path' => 'ext/bar/', + 'ext_path' => 'ext/vendor3/bar/', ), )); @@ -43,10 +43,10 @@ class phpbb_extension_finder_test extends phpbb_test_case sort($classes); $this->assertEquals( array( - '\bar\my\hidden_class', - '\foo\a_class', - '\foo\b_class', '\phpbb\default\implementation', + '\vendor2\foo\a_class', + '\vendor2\foo\b_class', + '\vendor3\bar\my\hidden_class', ), $classes ); @@ -60,7 +60,7 @@ class phpbb_extension_finder_test extends phpbb_test_case sort($dirs); $this->assertEquals(array( - dirname(__FILE__) . '/ext/foo/type/', + dirname(__FILE__) . '/ext/vendor2/foo/type/', ), $dirs); } @@ -72,9 +72,9 @@ class phpbb_extension_finder_test extends phpbb_test_case sort($dirs); $this->assertEquals(array( - dirname(__FILE__) . '/ext/foo/sub/type/', - dirname(__FILE__) . '/ext/foo/type/', - dirname(__FILE__) . '/ext/foo/typewrong/', + dirname(__FILE__) . '/ext/vendor2/foo/sub/type/', + dirname(__FILE__) . '/ext/vendor2/foo/type/', + dirname(__FILE__) . '/ext/vendor2/foo/typewrong/', ), $dirs); } @@ -88,8 +88,8 @@ class phpbb_extension_finder_test extends phpbb_test_case sort($classes); $this->assertEquals( array( - '\bar\my\hidden_class', '\phpbb\default\implementation', + '\vendor3\bar\my\hidden_class', ), $classes ); @@ -105,9 +105,9 @@ class phpbb_extension_finder_test extends phpbb_test_case sort($classes); $this->assertEquals( array( - '\foo\sub\type\alternative', - '\foo\type\alternative', '\phpbb\default\implementation', + '\vendor2\foo\sub\type\alternative', + '\vendor2\foo\type\alternative', ), $classes ); @@ -122,7 +122,7 @@ class phpbb_extension_finder_test extends phpbb_test_case sort($classes); $this->assertEquals( array( - '\foo\type\alternative', + '\vendor2\foo\type\alternative', ), $classes ); @@ -137,7 +137,7 @@ class phpbb_extension_finder_test extends phpbb_test_case sort($classes); $this->assertEquals( array( - '\foo\sub\type\alternative', + '\vendor2\foo\sub\type\alternative', ), $classes ); @@ -152,7 +152,7 @@ class phpbb_extension_finder_test extends phpbb_test_case sort($classes); $this->assertEquals( array( - '\foo\sub\type\alternative', + '\vendor2\foo\sub\type\alternative', ), $classes ); @@ -162,14 +162,14 @@ class phpbb_extension_finder_test extends phpbb_test_case { $files = $this->finder ->extension_directory('/type') - ->find_from_extension('foo', dirname(__FILE__) . '/ext/foo/'); + ->find_from_extension('vendor2/foo', dirname(__FILE__) . '/ext/vendor2/foo/'); $classes = $this->finder->get_classes_from_files($files); sort($classes); $this->assertEquals( array( - '\foo\type\alternative', - '\foo\type\dummy\empty', + '\vendor2\foo\type\alternative', + '\vendor2\foo\type\dummy\empty', ), $classes ); diff --git a/tests/extension/fixtures/extensions.xml b/tests/extension/fixtures/extensions.xml index 6eb6fd11a5..6846162f0f 100644 --- a/tests/extension/fixtures/extensions.xml +++ b/tests/extension/fixtures/extensions.xml @@ -5,7 +5,7 @@ ext_active ext_state - foo + vendor2/foo 1 diff --git a/tests/extension/manager_test.php b/tests/extension/manager_test.php index b127daf2ed..cc32a6af4e 100644 --- a/tests/extension/manager_test.php +++ b/tests/extension/manager_test.php @@ -7,8 +7,8 @@ * */ -require_once dirname(__FILE__) . '/ext/bar/ext.php'; -require_once dirname(__FILE__) . '/ext/foo/ext.php'; +require_once dirname(__FILE__) . '/ext/vendor2/bar/ext.php'; +require_once dirname(__FILE__) . '/ext/vendor2/foo/ext.php'; require_once dirname(__FILE__) . '/ext/vendor/moo/ext.php'; class phpbb_extension_manager_test extends phpbb_database_test_case @@ -30,52 +30,53 @@ class phpbb_extension_manager_test extends phpbb_database_test_case public function test_available() { - $this->assertEquals(array('bar', 'barfoo', 'foo', 'vendor/moo'), array_keys($this->extension_manager->all_available())); + // barfoo and vendor3/bar should not listed due to missing composer.json. barfoo also has incorrect dir structure. + $this->assertEquals(array('vendor/moo', 'vendor2/bar', 'vendor2/foo'), array_keys($this->extension_manager->all_available())); } public function test_enabled() { - $this->assertEquals(array('foo'), array_keys($this->extension_manager->all_enabled())); + $this->assertEquals(array('vendor2/foo'), array_keys($this->extension_manager->all_enabled())); } public function test_configured() { - $this->assertEquals(array('foo', 'vendor/moo'), array_keys($this->extension_manager->all_configured())); + $this->assertEquals(array('vendor/moo', 'vendor2/foo'), array_keys($this->extension_manager->all_configured())); } public function test_enable() { - bar\ext::$state = 0; + vendor2\bar\ext::$state = 0; - $this->assertEquals(array('foo'), array_keys($this->extension_manager->all_enabled())); - $this->extension_manager->enable('bar'); - $this->assertEquals(array('bar', 'foo'), array_keys($this->extension_manager->all_enabled())); - $this->assertEquals(array('bar', 'foo', 'vendor/moo'), array_keys($this->extension_manager->all_configured())); + $this->assertEquals(array('vendor2/foo'), array_keys($this->extension_manager->all_enabled())); + $this->extension_manager->enable('vendor2/bar'); + $this->assertEquals(array('vendor2/bar', 'vendor2/foo'), array_keys($this->extension_manager->all_enabled())); + $this->assertEquals(array('vendor/moo', 'vendor2/bar', 'vendor2/foo'), array_keys($this->extension_manager->all_configured())); - $this->assertEquals(4, bar\ext::$state); + $this->assertEquals(4, vendor2\bar\ext::$state); } public function test_disable() { - foo\ext::$disabled = false; + vendor2\foo\ext::$disabled = false; - $this->assertEquals(array('foo'), array_keys($this->extension_manager->all_enabled())); - $this->extension_manager->disable('foo'); + $this->assertEquals(array('vendor2/foo'), array_keys($this->extension_manager->all_enabled())); + $this->extension_manager->disable('vendor2/foo'); $this->assertEquals(array(), array_keys($this->extension_manager->all_enabled())); - $this->assertEquals(array('foo', 'vendor/moo'), array_keys($this->extension_manager->all_configured())); + $this->assertEquals(array('vendor/moo', 'vendor2/foo'), array_keys($this->extension_manager->all_configured())); - $this->assertTrue(foo\ext::$disabled); + $this->assertTrue(vendor2\foo\ext::$disabled); } public function test_purge() { vendor\moo\ext::$purged = false; - $this->assertEquals(array('foo'), array_keys($this->extension_manager->all_enabled())); - $this->assertEquals(array('foo', 'vendor/moo'), array_keys($this->extension_manager->all_configured())); + $this->assertEquals(array('vendor2/foo'), array_keys($this->extension_manager->all_enabled())); + $this->assertEquals(array('vendor/moo', 'vendor2/foo'), array_keys($this->extension_manager->all_configured())); $this->extension_manager->purge('vendor/moo'); - $this->assertEquals(array('foo'), array_keys($this->extension_manager->all_enabled())); - $this->assertEquals(array('foo'), array_keys($this->extension_manager->all_configured())); + $this->assertEquals(array('vendor2/foo'), array_keys($this->extension_manager->all_enabled())); + $this->assertEquals(array('vendor2/foo'), array_keys($this->extension_manager->all_configured())); $this->assertTrue(vendor\moo\ext::$purged); } @@ -84,7 +85,7 @@ class phpbb_extension_manager_test extends phpbb_database_test_case { $extension_manager = $this->create_extension_manager(false); - $this->assertEquals(array('foo'), array_keys($extension_manager->all_enabled())); + $this->assertEquals(array('vendor2/foo'), array_keys($extension_manager->all_enabled())); } protected function create_extension_manager($with_cache = true) diff --git a/tests/extension/metadata_manager_test.php b/tests/extension/metadata_manager_test.php index 09eb83cd86..592421f9e7 100644 --- a/tests/extension/metadata_manager_test.php +++ b/tests/extension/metadata_manager_test.php @@ -82,7 +82,7 @@ class phpbb_extension_metadata_manager_test extends phpbb_database_test_case // Should fail from missing composer.json public function test_bar() { - $ext_name = 'bar'; + $ext_name = 'vendor3/bar'; $manager = $this->get_metadata_manager($ext_name); @@ -98,7 +98,7 @@ class phpbb_extension_metadata_manager_test extends phpbb_database_test_case // Should be the same as a direct json_decode of the composer.json file public function test_foo() { - $ext_name = 'foo'; + $ext_name = 'vendor2/foo'; $manager = $this->get_metadata_manager($ext_name); @@ -111,7 +111,7 @@ class phpbb_extension_metadata_manager_test extends phpbb_database_test_case $this->fail($e); } - $json = json_decode(file_get_contents($this->phpbb_root_path . 'ext/foo/composer.json'), true); + $json = json_decode(file_get_contents($this->phpbb_root_path . 'ext/vendor2/foo/composer.json'), true); $this->assertEquals($metadata, $json); } diff --git a/tests/extension/modules_test.php b/tests/extension/modules_test.php index ef21c943c2..5dcb24c691 100644 --- a/tests/extension/modules_test.php +++ b/tests/extension/modules_test.php @@ -7,10 +7,10 @@ * */ -require_once dirname(__FILE__) . '/ext/foo/acp/a_info.php'; -require_once dirname(__FILE__) . '/ext/foo/mcp/a_info.php'; -require_once dirname(__FILE__) . '/ext/foo/acp/fail_info.php'; -require_once dirname(__FILE__) . '/ext/barfoo/acp/a_info.php'; +require_once dirname(__FILE__) . '/ext/vendor2/foo/acp/a_info.php'; +require_once dirname(__FILE__) . '/ext/vendor2/foo/mcp/a_info.php'; +require_once dirname(__FILE__) . '/ext/vendor2/foo/acp/fail_info.php'; +require_once dirname(__FILE__) . '/ext/vendor2/bar/acp/a_info.php'; require_once dirname(__FILE__) . '/../../phpBB/includes/acp/acp_modules.php'; class phpbb_extension_modules_test extends phpbb_test_case @@ -25,15 +25,15 @@ class phpbb_extension_modules_test extends phpbb_test_case $this->extension_manager = new phpbb_mock_extension_manager( dirname(__FILE__) . '/', array( - 'foo' => array( - 'ext_name' => 'foo', + 'vendor2/foo' => array( + 'ext_name' => 'vendor2/foo', 'ext_active' => '1', - 'ext_path' => 'ext/foo/', + 'ext_path' => 'ext/vendor2/foo/', ), - 'bar' => array( - 'ext_name' => 'bar', + 'vendor3/bar' => array( + 'ext_name' => 'vendor3/bar', 'ext_active' => '1', - 'ext_path' => 'ext/bar/', + 'ext_path' => 'ext/vendor3/bar/', ), )); $phpbb_extension_manager = $this->extension_manager; @@ -54,8 +54,8 @@ class phpbb_extension_modules_test extends phpbb_test_case $this->acp_modules->module_class = 'acp'; $acp_modules = $this->acp_modules->get_module_infos(); $this->assertEquals(array( - 'foo\\acp\\a_module' => array( - 'filename' => 'foo\\acp\\a_module', + 'vendor2\\foo\\acp\\a_module' => array( + 'filename' => 'vendor2\\foo\\acp\\a_module', 'title' => 'Foobar', 'version' => '3.1.0-dev', 'modes' => array( @@ -76,8 +76,8 @@ class phpbb_extension_modules_test extends phpbb_test_case $this->acp_modules->module_class = 'mcp'; $acp_modules = $this->acp_modules->get_module_infos(); $this->assertEquals(array( - 'foo\\mcp\\a_module' => array( - 'filename' => 'foo\\mcp\\a_module', + 'vendor2\\foo\\mcp\\a_module' => array( + 'filename' => 'vendor2\\foo\\mcp\\a_module', 'title' => 'Foobar', 'version' => '3.1.0-dev', 'modes' => array( @@ -90,8 +90,8 @@ class phpbb_extension_modules_test extends phpbb_test_case $this->acp_modules->module_class = 'mcp'; $acp_modules = $this->acp_modules->get_module_infos('mcp_a_module'); $this->assertEquals(array( - 'foo\\mcp\\a_module' => array( - 'filename' => 'foo\\mcp\\a_module', + 'vendor2\\foo\\mcp\\a_module' => array( + 'filename' => 'vendor2\\foo\\mcp\\a_module', 'title' => 'Foobar', 'version' => '3.1.0-dev', 'modes' => array( @@ -104,8 +104,8 @@ class phpbb_extension_modules_test extends phpbb_test_case $this->acp_modules->module_class = ''; $acp_modules = $this->acp_modules->get_module_infos('mcp_a_module', 'mcp'); $this->assertEquals(array( - 'foo\\mcp\\a_module' => array( - 'filename' => 'foo\\mcp\\a_module', + 'vendor2\\foo\\mcp\\a_module' => array( + 'filename' => 'vendor2\\foo\\mcp\\a_module', 'title' => 'Foobar', 'version' => '3.1.0-dev', 'modes' => array( @@ -128,8 +128,8 @@ class phpbb_extension_modules_test extends phpbb_test_case $this->acp_modules->module_class = 'acp'; $acp_modules = $this->acp_modules->get_module_infos('foo_acp_a_module'); $this->assertEquals(array( - 'foo\\acp\\a_module' => array ( - 'filename' => 'foo\\acp\\a_module', + 'vendor2\\foo\\acp\\a_module' => array ( + 'filename' => 'vendor2\\foo\\acp\\a_module', 'title' => 'Foobar', 'version' => '3.1.0-dev', 'modes' => array ( @@ -148,12 +148,12 @@ class phpbb_extension_modules_test extends phpbb_test_case $this->assertEquals(array(), $acp_modules); // No specific module, module class set to false (will default to the above acp) - // Setting $use_all_available will cause get_module_infos() to also load not enabled extensions (barfoo) + // Setting $use_all_available will cause get_module_infos() to also load not enabled extensions (vendor2/bar) $this->acp_modules->module_class = 'acp'; $acp_modules = $this->acp_modules->get_module_infos('', false, true); $this->assertEquals(array( - 'foo\\acp\\a_module' => array( - 'filename' => 'foo\\acp\\a_module', + 'vendor2\\foo\\acp\\a_module' => array( + 'filename' => 'vendor2\\foo\\acp\\a_module', 'title' => 'Foobar', 'version' => '3.1.0-dev', 'modes' => array( @@ -168,9 +168,9 @@ class phpbb_extension_modules_test extends phpbb_test_case 'test' => array('title' => 'Test', 'auth' => '', 'cat' => array('ACP_GENERAL')), ), ), - 'barfoo\\acp\\a_module' => array( - 'filename' => 'barfoo\\acp\\a_module', - 'title' => 'Barfoo', + 'vendor2\\bar\\acp\\a_module' => array( + 'filename' => 'vendor2\\bar\\acp\\a_module', + 'title' => 'Bar', 'version' => '3.1.0-dev', 'modes' => array( 'config' => array('title' => 'Config', 'auth' => '', 'cat' => array('ACP_MODS')), @@ -179,11 +179,11 @@ class phpbb_extension_modules_test extends phpbb_test_case ), $acp_modules); // Specific module set to disabled extension - $acp_modules = $this->acp_modules->get_module_infos('barfoo_acp_a_module', 'acp', true); + $acp_modules = $this->acp_modules->get_module_infos('vendor2_bar_acp_a_module', 'acp', true); $this->assertEquals(array( - 'barfoo\\acp\\a_module' => array( - 'filename' => 'barfoo\\acp\\a_module', - 'title' => 'Barfoo', + 'vendor2\\bar\\acp\\a_module' => array( + 'filename' => 'vendor2\\bar\\acp\\a_module', + 'title' => 'Bar', 'version' => '3.1.0-dev', 'modes' => array( 'config' => array('title' => 'Config', 'auth' => '', 'cat' => array('ACP_MODS')), From 495ded59f3fc6a3c905700caa2f9fd9c613b3380 Mon Sep 17 00:00:00 2001 From: Cesar G Date: Thu, 12 Dec 2013 12:24:16 -0800 Subject: [PATCH 3/5] [ticket/12009] Fix functional tests. PHPBB3-12009 --- tests/functional/extension_acp_test.php | 34 +++++++++++++------------ 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/tests/functional/extension_acp_test.php b/tests/functional/extension_acp_test.php index 5d391e42f7..95eb45a73d 100644 --- a/tests/functional/extension_acp_test.php +++ b/tests/functional/extension_acp_test.php @@ -45,7 +45,7 @@ class phpbb_functional_extension_acp_test extends phpbb_functional_test_case // Insert our base data $insert_rows = array( array( - 'ext_name' => 'foo', + 'ext_name' => 'vendor2/foo', 'ext_active' => true, 'ext_state' => 'b:0;', ), @@ -57,12 +57,12 @@ class phpbb_functional_extension_acp_test extends phpbb_functional_test_case // do not exist array( - 'ext_name' => 'test2', + 'ext_name' => 'vendor/test2', 'ext_active' => true, 'ext_state' => 'b:0;', ), array( - 'ext_name' => 'test3', + 'ext_name' => 'vendor/test3', 'ext_active' => false, 'ext_state' => 'b:0;', ), @@ -80,30 +80,32 @@ class phpbb_functional_extension_acp_test extends phpbb_functional_test_case $crawler = self::request('GET', 'adm/index.php?i=acp_extensions&mode=main&sid=' . $this->sid); $this->assertCount(1, $crawler->filter('.ext_enabled')); - $this->assertCount(5, $crawler->filter('.ext_disabled')); + $this->assertCount(4, $crawler->filter('.ext_disabled')); $this->assertContains('phpBB Foo Extension', $crawler->filter('.ext_enabled')->eq(0)->text()); $this->assertContainsLang('EXTENSION_DISABLE', $crawler->filter('.ext_enabled')->eq(0)->text()); - $this->assertContains('The “test2” extension is not valid.', $crawler->filter('.ext_disabled')->eq(0)->text()); + $this->assertContains('phpBB Moo Extension', $crawler->filter('.ext_disabled')->eq(1)->text()); + $this->assertContainsLang('DETAILS', $crawler->filter('.ext_disabled')->eq(1)->text()); + $this->assertContainsLang('EXTENSION_ENABLE', $crawler->filter('.ext_disabled')->eq(1)->text()); + $this->assertContainsLang('EXTENSION_DELETE_DATA', $crawler->filter('.ext_disabled')->eq(1)->text()); - $this->assertContains('The “test3” extension is not valid.', $crawler->filter('.ext_disabled')->eq(1)->text()); + $this->assertContains('The “vendor/test2” extension is not valid.', $crawler->filter('.ext_disabled')->eq(0)->text()); - $this->assertContains('phpBB Moo Extension', $crawler->filter('.ext_disabled')->eq(2)->text()); - $this->assertContainsLang('DETAILS', $crawler->filter('.ext_disabled')->eq(2)->text()); - $this->assertContainsLang('EXTENSION_ENABLE', $crawler->filter('.ext_disabled')->eq(2)->text()); - $this->assertContainsLang('EXTENSION_DELETE_DATA', $crawler->filter('.ext_disabled')->eq(2)->text()); + $this->assertContains('The “vendor/test3” extension is not valid.', $crawler->filter('.ext_disabled')->eq(2)->text()); - $this->assertContains('The “bar” extension is not valid.', $crawler->filter('.ext_disabled')->eq(3)->text()); + $this->assertContains('phpBB Bar Extension', $crawler->filter('.ext_disabled')->eq(3)->text()); + $this->assertContainsLang('DETAILS', $crawler->filter('.ext_disabled')->eq(3)->text()); + $this->assertContainsLang('EXTENSION_ENABLE', $crawler->filter('.ext_disabled')->eq(3)->text()); } public function test_details() { - $crawler = self::request('GET', 'adm/index.php?i=acp_extensions&mode=main&action=details&ext_name=foo&sid=' . $this->sid); + $crawler = self::request('GET', 'adm/index.php?i=acp_extensions&mode=main&action=details&ext_name=vendor2%2Ffoo&sid=' . $this->sid); $validation = array( 'DISPLAY_NAME' => 'phpBB Foo Extension', - 'CLEAN_NAME' => 'foo/example', + 'CLEAN_NAME' => 'vendor2/foo', 'TYPE' => 'phpbb-extension', 'DESCRIPTION' => 'An example/sample extension to be used for testing purposes in phpBB Development.', 'VERSION' => '1.0.0', @@ -143,7 +145,7 @@ class phpbb_functional_extension_acp_test extends phpbb_functional_test_case public function test_enable_pre() { // Foo is already enabled (redirect to list) - $crawler = self::request('GET', 'adm/index.php?i=acp_extensions&mode=main&action=enable_pre&ext_name=foo&sid=' . $this->sid); + $crawler = self::request('GET', 'adm/index.php?i=acp_extensions&mode=main&action=enable_pre&ext_name=vendor2%2Ffoo&sid=' . $this->sid); $this->assertContainsLang('EXTENSION_NAME', $crawler->filter('div.main thead')->text()); $this->assertContainsLang('EXTENSION_OPTIONS', $crawler->filter('div.main thead')->text()); $this->assertContainsLang('EXTENSION_ACTIONS', $crawler->filter('div.main thead')->text()); @@ -160,7 +162,7 @@ class phpbb_functional_extension_acp_test extends phpbb_functional_test_case $this->assertContainsLang('EXTENSION_OPTIONS', $crawler->filter('div.main thead')->text()); $this->assertContainsLang('EXTENSION_ACTIONS', $crawler->filter('div.main thead')->text()); - $crawler = self::request('GET', 'adm/index.php?i=acp_extensions&mode=main&action=disable_pre&ext_name=foo&sid=' . $this->sid); + $crawler = self::request('GET', 'adm/index.php?i=acp_extensions&mode=main&action=disable_pre&ext_name=vendor2%2Ffoo&sid=' . $this->sid); $this->assertContains($this->lang('EXTENSION_DISABLE_CONFIRM', 'phpBB Foo Extension'), $crawler->filter('.errorbox')->text()); } @@ -171,7 +173,7 @@ class phpbb_functional_extension_acp_test extends phpbb_functional_test_case $this->assertContains('The required file does not exist', $crawler->filter('.errorbox')->text()); // foo is not disabled (redirect to list) - $crawler = self::request('GET', 'adm/index.php?i=acp_extensions&mode=main&action=delete_data_pre&ext_name=foo&sid=' . $this->sid); + $crawler = self::request('GET', 'adm/index.php?i=acp_extensions&mode=main&action=delete_data_pre&ext_name=vendor2%2Ffoo&sid=' . $this->sid); $this->assertContainsLang('EXTENSION_NAME', $crawler->filter('div.main thead')->text()); $this->assertContainsLang('EXTENSION_OPTIONS', $crawler->filter('div.main thead')->text()); $this->assertContainsLang('EXTENSION_ACTIONS', $crawler->filter('div.main thead')->text()); From 2735982c551d6537bd49fda265c82fdd3471fa36 Mon Sep 17 00:00:00 2001 From: Cesar G Date: Thu, 12 Dec 2013 13:00:27 -0800 Subject: [PATCH 4/5] [ticket/12009] Update functional test to check for invalid extensions. PHPBB3-12009 --- tests/functional/extension_acp_test.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/functional/extension_acp_test.php b/tests/functional/extension_acp_test.php index 95eb45a73d..35735659b2 100644 --- a/tests/functional/extension_acp_test.php +++ b/tests/functional/extension_acp_test.php @@ -97,6 +97,12 @@ class phpbb_functional_extension_acp_test extends phpbb_functional_test_case $this->assertContains('phpBB Bar Extension', $crawler->filter('.ext_disabled')->eq(3)->text()); $this->assertContainsLang('DETAILS', $crawler->filter('.ext_disabled')->eq(3)->text()); $this->assertContainsLang('EXTENSION_ENABLE', $crawler->filter('.ext_disabled')->eq(3)->text()); + + // Check that invalid extensions are not listed. + $this->assertNotContains('phpBB BarFoo Extension', $crawler->filter('.table1')->text()); + $this->assertNotContains('barfoo', $crawler->filter('.table1')->text()); + + $this->assertNotContains('vendor3/bar', $crawler->filter('.table1')->text()); } public function test_details() From c42bd28d172a9ae7439cc3868ebfda87e93f3490 Mon Sep 17 00:00:00 2001 From: Cesar G Date: Thu, 12 Dec 2013 14:40:03 -0800 Subject: [PATCH 5/5] [ticket/12009] Prevent user from enabling invalid extension through direct URL PHPBB3-12009 --- phpBB/includes/acp/acp_extensions.php | 10 ++++++++++ phpBB/language/en/acp/extensions.php | 1 + phpBB/phpbb/extension/metadata_manager.php | 14 ++++++++++++-- tests/extension/ext/barfoo/composer.json | 22 ++++++++++++++++++++++ tests/extension/ext/barfoo/ext.php | 2 +- tests/functional/extension_acp_test.php | 4 ++++ 6 files changed, 50 insertions(+), 3 deletions(-) create mode 100644 tests/extension/ext/barfoo/composer.json diff --git a/phpBB/includes/acp/acp_extensions.php b/phpBB/includes/acp/acp_extensions.php index c21c9f4e9d..2ff479d824 100644 --- a/phpBB/includes/acp/acp_extensions.php +++ b/phpBB/includes/acp/acp_extensions.php @@ -88,6 +88,11 @@ class acp_extensions break; case 'enable_pre': + if (!$md_manager->validate_dir()) + { + trigger_error($user->lang['EXTENSION_DIR_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + if (!$md_manager->validate_enable()) { trigger_error($user->lang['EXTENSION_NOT_AVAILABLE'] . adm_back_link($this->u_action), E_USER_WARNING); @@ -108,6 +113,11 @@ class acp_extensions break; case 'enable': + if (!$md_manager->validate_dir()) + { + trigger_error($user->lang['EXTENSION_DIR_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + if (!$md_manager->validate_enable()) { trigger_error($user->lang['EXTENSION_NOT_AVAILABLE'] . adm_back_link($this->u_action), E_USER_WARNING); diff --git a/phpBB/language/en/acp/extensions.php b/phpBB/language/en/acp/extensions.php index 8279a68022..67b34ff0c7 100644 --- a/phpBB/language/en/acp/extensions.php +++ b/phpBB/language/en/acp/extensions.php @@ -41,6 +41,7 @@ $lang = array_merge($lang, array( 'EXTENSIONS_EXPLAIN' => 'The Extensions Manager is a tool in your phpBB Board which allows you to manage all of your extensions statuses and view information about them.', 'EXTENSION_INVALID_LIST' => 'The “%s” extension is not valid.
%s

', 'EXTENSION_NOT_AVAILABLE' => 'The selected extension is not available for this board, please verify your phpBB and PHP versions are allowed (see the details page).', + 'EXTENSION_DIR_INVALID' => 'The selected extension has an invalid directory structure and cannot be enabled.', 'DETAILS' => 'Details', diff --git a/phpBB/phpbb/extension/metadata_manager.php b/phpBB/phpbb/extension/metadata_manager.php index d0323120d8..66cdb86513 100644 --- a/phpBB/phpbb/extension/metadata_manager.php +++ b/phpBB/phpbb/extension/metadata_manager.php @@ -266,8 +266,8 @@ class metadata_manager */ public function validate_enable() { - // Check for phpBB, PHP versions - if (!$this->validate_require_phpbb() || !$this->validate_require_php()) + // Check for valid directory & phpBB, PHP versions + if (!$this->validate_dir() || !$this->validate_require_phpbb() || !$this->validate_require_php()) { return false; } @@ -275,6 +275,16 @@ class metadata_manager return true; } + /** + * Validates the most basic directory structure to ensure it follows / convention. + * + * @return boolean True when passes validation + */ + public function validate_dir() + { + return (substr_count($this->ext_name, '/') === 1 && $this->ext_name == $this->get_metadata('name')); + } + /** * Validates the contents of the phpbb requirement field diff --git a/tests/extension/ext/barfoo/composer.json b/tests/extension/ext/barfoo/composer.json new file mode 100644 index 0000000000..35d5d2a956 --- /dev/null +++ b/tests/extension/ext/barfoo/composer.json @@ -0,0 +1,22 @@ +{ + "name": "vendor/barfoo", + "type": "phpbb-extension", + "description": "An example/sample extension to be used for testing purposes in phpBB Development.", + "version": "1.0.0", + "time": "2012-02-15 01:01:01", + "licence": "GNU GPL v2", + "authors": [{ + "name": "John Smith", + "username": "JohnSmith27", + "email": "email@phpbb.com", + "homepage": "http://phpbb.com", + "role": "N/A" + }], + "require": { + "php": ">=5.3", + "phpbb/phpbb": "3.1.*@dev" + }, + "extra": { + "display-name": "phpBB BarFoo Extension" + } +} diff --git a/tests/extension/ext/barfoo/ext.php b/tests/extension/ext/barfoo/ext.php index 1b7bb7ca5e..0de403424c 100644 --- a/tests/extension/ext/barfoo/ext.php +++ b/tests/extension/ext/barfoo/ext.php @@ -1,6 +1,6 @@ selectButton('delete_data')->form(); $crawler = self::submit($form); $this->assertContainsLang('EXTENSION_DELETE_DATA_SUCCESS', $crawler->filter('.successbox')->text()); + + // Attempt to enable invalid extension + $crawler = self::request('GET', 'adm/index.php?i=acp_extensions&mode=main&action=enable_pre&ext_name=barfoo&sid=' . $this->sid); + $this->assertContainsLang('EXTENSION_DIR_INVALID', $crawler->filter('.errorbox')->text()); } }