mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 22:10:45 +02:00
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'prototech/ticket/12009' into develop

Browse Source 
* prototech/ticket/12009:
  [ticket/12009] Prevent user from enabling invalid extension through direct URL
  [ticket/12009] Update functional test to check for invalid extensions.
  [ticket/12009] Fix functional tests.
  [ticket/12009] Move valid extensions in tests to correct dir structure.
  [ticket/12009] Do not allow incorrectly structured extensions to be installed.
This commit is contained in:
Joas Schilling
2013-12-16 10:18:56 +01:00
parent 8da2f349fe c42bd28d17
commit 4a73ce0933
34 changed files with 234 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
phpBB/phpbb/extension/manager.php
View File

@@ -411,9 +411,24 @@ class manager
if ($file_info->isFile() && $file_info->getFilename() == 'ext.' . $this->php_ext)
{
$ext_name = $iterator->getInnerIterator()->getSubPath();
$composer_file = $iterator->getPath() . '/composer.json';
// Ignore the extension if there is no composer.json.
if (!is_readable($composer_file) || !($ext_info = file_get_contents($composer_file)))
{
continue;
}
$ext_info = json_decode($ext_info, true);
$ext_name = str_replace(DIRECTORY_SEPARATOR, '/', $ext_name);
// Ignore the extension if directory depth is not correct or if the directory structure
// does not match the name value specified in composer.json.
if (substr_count($ext_name, '/') !== 1 || !isset($ext_info['name']) || $ext_name != $ext_info['name'])
{
continue;
}
$available[$ext_name] = $this->phpbb_root_path . 'ext/' . $ext_name . '/';
}
}

14
phpBB/phpbb/extension/metadata_manager.php
View File

@@ -266,8 +266,8 @@ class metadata_manager
*/
public function validate_enable()
{
// Check for phpBB, PHP versions
if (!$this->validate_require_phpbb() || !$this->validate_require_php())
// Check for valid directory & phpBB, PHP versions
if (!$this->validate_dir() || !$this->validate_require_phpbb() || !$this->validate_require_php())
{
return false;
}
@@ -275,6 +275,16 @@ class metadata_manager
return true;
}
/**
* Validates the most basic directory structure to ensure it follows <vendor>/<ext> convention.
*
* @return boolean True when passes validation
*/
public function validate_dir()
{
return (substr_count($this->ext_name, '/') === 1 && $this->ext_name == $this->get_metadata('name'));
}
/**
* Validates the contents of the phpbb requirement field