Sanitize addon path items
This commit is contained in:
parent
b529c03a20
commit
cc64471e4c
3 changed files with 33 additions and 22 deletions
|
@ -6,6 +6,7 @@ namespace Friendica\Core;
|
||||||
|
|
||||||
use Friendica\BaseObject;
|
use Friendica\BaseObject;
|
||||||
use Friendica\Database\DBA;
|
use Friendica\Database\DBA;
|
||||||
|
use Friendica\Util\Strings;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Some functions to handle addons
|
* Some functions to handle addons
|
||||||
|
@ -81,6 +82,8 @@ class Addon extends BaseObject
|
||||||
*/
|
*/
|
||||||
public static function uninstall($addon)
|
public static function uninstall($addon)
|
||||||
{
|
{
|
||||||
|
$addon = Strings::sanitizeFilePathItem($addon);
|
||||||
|
|
||||||
Logger::notice("Addon {addon}: {action}", ['action' => 'uninstall', 'addon' => $addon]);
|
Logger::notice("Addon {addon}: {action}", ['action' => 'uninstall', 'addon' => $addon]);
|
||||||
DBA::delete('addon', ['name' => $addon]);
|
DBA::delete('addon', ['name' => $addon]);
|
||||||
|
|
||||||
|
@ -102,11 +105,13 @@ class Addon extends BaseObject
|
||||||
*/
|
*/
|
||||||
public static function install($addon)
|
public static function install($addon)
|
||||||
{
|
{
|
||||||
// silently fail if addon was removed
|
$addon = Strings::sanitizeFilePathItem($addon);
|
||||||
|
|
||||||
|
// silently fail if addon was removed of if $addon is funky
|
||||||
if (!file_exists('addon/' . $addon . '/' . $addon . '.php')) {
|
if (!file_exists('addon/' . $addon . '/' . $addon . '.php')) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
Logger::notice("Addon {addon}: {action}", ['action' => 'install', 'addon' => $addon]);
|
Logger::notice("Addon {addon}: {action}", ['action' => 'install', 'addon' => $addon]);
|
||||||
$t = @filemtime('addon/' . $addon . '/' . $addon . '.php');
|
$t = @filemtime('addon/' . $addon . '/' . $addon . '.php');
|
||||||
@include_once('addon/' . $addon . '/' . $addon . '.php');
|
@include_once('addon/' . $addon . '/' . $addon . '.php');
|
||||||
|
@ -130,6 +135,7 @@ class Addon extends BaseObject
|
||||||
if (!self::isEnabled($addon)) {
|
if (!self::isEnabled($addon)) {
|
||||||
self::$addons[] = $addon;
|
self::$addons[] = $addon;
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
Logger::error("Addon {addon}: {action} failed", ['action' => 'uninstall', 'addon' => $addon]);
|
Logger::error("Addon {addon}: {action} failed", ['action' => 'uninstall', 'addon' => $addon]);
|
||||||
|
@ -153,11 +159,9 @@ class Addon extends BaseObject
|
||||||
|
|
||||||
$addon_list = explode(',', $addons);
|
$addon_list = explode(',', $addons);
|
||||||
|
|
||||||
if (count($addon_list)) {
|
|
||||||
foreach ($addon_list as $addon) {
|
foreach ($addon_list as $addon) {
|
||||||
$addon = trim($addon);
|
$addon = Strings::sanitizeFilePathItem(trim($addon));
|
||||||
$fname = 'addon/' . $addon . '/' . $addon . '.php';
|
$fname = 'addon/' . $addon . '/' . $addon . '.php';
|
||||||
|
|
||||||
if (file_exists($fname)) {
|
if (file_exists($fname)) {
|
||||||
$t = @filemtime($fname);
|
$t = @filemtime($fname);
|
||||||
foreach ($installed as $i) {
|
foreach ($installed as $i) {
|
||||||
|
@ -181,7 +185,6 @@ class Addon extends BaseObject
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Parse addon comment in search of addon infos.
|
* @brief Parse addon comment in search of addon infos.
|
||||||
|
@ -204,6 +207,8 @@ class Addon extends BaseObject
|
||||||
{
|
{
|
||||||
$a = self::getApp();
|
$a = self::getApp();
|
||||||
|
|
||||||
|
$addon = Strings::sanitizeFilePathItem($addon);
|
||||||
|
|
||||||
$info = [
|
$info = [
|
||||||
'name' => $addon,
|
'name' => $addon,
|
||||||
'description' => "",
|
'description' => "",
|
||||||
|
|
|
@ -7,6 +7,7 @@ namespace Friendica\Core;
|
||||||
use Friendica\App;
|
use Friendica\App;
|
||||||
use Friendica\BaseObject;
|
use Friendica\BaseObject;
|
||||||
use Friendica\Database\DBA;
|
use Friendica\Database\DBA;
|
||||||
|
use Friendica\Util\Strings;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Some functions to handle hooks
|
* Some functions to handle hooks
|
||||||
|
@ -215,6 +216,8 @@ class Hook extends BaseObject
|
||||||
*/
|
*/
|
||||||
public static function isAddonApp($name)
|
public static function isAddonApp($name)
|
||||||
{
|
{
|
||||||
|
$name = Strings::sanitizeFilePathItem($name);
|
||||||
|
|
||||||
if (array_key_exists('app_menu', self::$hooks)) {
|
if (array_key_exists('app_menu', self::$hooks)) {
|
||||||
foreach (self::$hooks['app_menu'] as $hook) {
|
foreach (self::$hooks['app_menu'] as $hook) {
|
||||||
if ($hook[0] == 'addon/' . $name . '/' . $name . '.php') {
|
if ($hook[0] == 'addon/' . $name . '/' . $name . '.php') {
|
||||||
|
|
|
@ -6,6 +6,7 @@ namespace Friendica\Core;
|
||||||
|
|
||||||
use Friendica\BaseObject;
|
use Friendica\BaseObject;
|
||||||
use Friendica\Database\DBA;
|
use Friendica\Database\DBA;
|
||||||
|
use Friendica\Util\Strings;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Provide Language, Translation, and Localization functions to the application
|
* Provide Language, Translation, and Localization functions to the application
|
||||||
|
@ -193,6 +194,8 @@ class L10n extends BaseObject
|
||||||
*/
|
*/
|
||||||
private static function loadTranslationTable($lang)
|
private static function loadTranslationTable($lang)
|
||||||
{
|
{
|
||||||
|
$lang = Strings::sanitizeFilePathItem($lang);
|
||||||
|
|
||||||
if ($lang === self::$lang) {
|
if ($lang === self::$lang) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -203,7 +206,7 @@ class L10n extends BaseObject
|
||||||
// load enabled addons strings
|
// load enabled addons strings
|
||||||
$addons = DBA::select('addon', ['name'], ['installed' => true]);
|
$addons = DBA::select('addon', ['name'], ['installed' => true]);
|
||||||
while ($p = DBA::fetch($addons)) {
|
while ($p = DBA::fetch($addons)) {
|
||||||
$name = $p['name'];
|
$name = Strings::sanitizeFilePathItem($p['name']);
|
||||||
if (file_exists("addon/$name/lang/$lang/strings.php")) {
|
if (file_exists("addon/$name/lang/$lang/strings.php")) {
|
||||||
include "addon/$name/lang/$lang/strings.php";
|
include "addon/$name/lang/$lang/strings.php";
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue