mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 22:10:45 +02:00
Code Issues Releases Wiki Activity

[ticket/12009] Prevent user from enabling invalid extension through direct URL

Browse Source 
PHPBB3-12009
This commit is contained in:
Cesar G
2013-12-12 14:40:03 -08:00
parent 2735982c55
commit c42bd28d17
6 changed files with 50 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
phpBB/phpbb/extension/metadata_manager.php
View File

@@ -266,8 +266,8 @@ class metadata_manager
*/
public function validate_enable()
{
// Check for phpBB, PHP versions
if (!$this->validate_require_phpbb() || !$this->validate_require_php())
// Check for valid directory & phpBB, PHP versions
if (!$this->validate_dir() || !$this->validate_require_phpbb() || !$this->validate_require_php())
{
return false;
}
@@ -275,6 +275,16 @@ class metadata_manager
return true;
}
/**
* Validates the most basic directory structure to ensure it follows <vendor>/<ext> convention.
*
* @return boolean True when passes validation
*/
public function validate_dir()
{
return (substr_count($this->ext_name, '/') === 1 && $this->ext_name == $this->get_metadata('name'));
}
/**
* Validates the contents of the phpbb requirement field