From de50cad65ae679a602e71adddffdd74df7ea3fbb Mon Sep 17 00:00:00 2001 From: Michael Hamann Date: Sat, 8 Sep 2012 13:20:28 +0200 Subject: Check plugin naming conventions during load FS#2464 This checks if plugin names are valid and only loads valid plugin files, this could prevent some errors from wrong upgrades as described in FS#2464. --- inc/load.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/load.php') diff --git a/inc/load.php b/inc/load.php index b676518e7..57295bd8a 100644 --- a/inc/load.php +++ b/inc/load.php @@ -95,7 +95,7 @@ function load_autoload($name){ } // Plugin loading - if(preg_match('/^(helper|syntax|action|admin|renderer|remote)_plugin_([^_]+)(?:_([^_]+))?$/', + if(preg_match('/^(helper|syntax|action|admin|renderer|remote)_plugin_([a-z0-9]+)(?:_([^_]+))?$/', $name, $m)) { // try to load the wanted plugin file $c = ((count($m) === 4) ? "/{$m[3]}" : ''); -- cgit v1.2.3 From baf1d9a01127509f8f14cf4b6754a9eea0f1277a Mon Sep 17 00:00:00 2001 From: Michael Hamann Date: Sun, 9 Sep 2012 13:01:11 +0200 Subject: Less restrictive plugin name checking This partially reverts de50cad65ae679a602e71adddffdd74df7ea3fbb as the strict check breaks existing plugins and this shouldn't be changed without prior discussion and a warning for plugin authors with some time to adjust their plugins. Now all characters that are valid in PHP class names except "_" are allowed. --- inc/load.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/load.php') diff --git a/inc/load.php b/inc/load.php index 57295bd8a..8df68d1b3 100644 --- a/inc/load.php +++ b/inc/load.php @@ -95,7 +95,7 @@ function load_autoload($name){ } // Plugin loading - if(preg_match('/^(helper|syntax|action|admin|renderer|remote)_plugin_([a-z0-9]+)(?:_([^_]+))?$/', + if(preg_match('/^(helper|syntax|action|admin|renderer|remote)_plugin_([a-zA-Z0-9\x7f-\xff]+)(?:_([^_]+))?$/', $name, $m)) { // try to load the wanted plugin file $c = ((count($m) === 4) ? "/{$m[3]}" : ''); -- cgit v1.2.3 From 92faea0e5fc27ca47d6fa6c18b1da1d6b6cac4a0 Mon Sep 17 00:00:00 2001 From: Michael Hamann Date: Sun, 9 Sep 2012 13:04:24 +0200 Subject: Load plugins using include_once instead of include The problem with using include is that when the file that is loaded does not contain the plugin class (e.g. because the directory name is wrong), the file could be loaded again when the plugin class is requested a second time which will lead to a fatal error because of class redeclaration. --- inc/load.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/load.php') diff --git a/inc/load.php b/inc/load.php index 8df68d1b3..ddd12b546 100644 --- a/inc/load.php +++ b/inc/load.php @@ -101,7 +101,7 @@ function load_autoload($name){ $c = ((count($m) === 4) ? "/{$m[3]}" : ''); $plg = DOKU_PLUGIN . "{$m[2]}/{$m[1]}$c.php"; if(@file_exists($plg)){ - include DOKU_PLUGIN . "{$m[2]}/{$m[1]}$c.php"; + include_once DOKU_PLUGIN . "{$m[2]}/{$m[1]}$c.php"; } return; } -- cgit v1.2.3 From 7521090b08245f81410c713f00d3d7fbaf1afda6 Mon Sep 17 00:00:00 2001 From: Michael Hamann Date: Mon, 10 Sep 2012 12:40:01 +0200 Subject: Move plugin name regex to a constant as suggested by @glensc --- inc/load.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/load.php') diff --git a/inc/load.php b/inc/load.php index ddd12b546..b8a279523 100644 --- a/inc/load.php +++ b/inc/load.php @@ -95,7 +95,7 @@ function load_autoload($name){ } // Plugin loading - if(preg_match('/^(helper|syntax|action|admin|renderer|remote)_plugin_([a-zA-Z0-9\x7f-\xff]+)(?:_([^_]+))?$/', + if(preg_match('/^(helper|syntax|action|admin|renderer|remote)_plugin_('.DOKU_PLUGIN_NAME_REGEX.')(?:_([^_]+))?$/', $name, $m)) { // try to load the wanted plugin file $c = ((count($m) === 4) ? "/{$m[3]}" : ''); -- cgit v1.2.3 From bee9f377bc547c99fe99b4e38199cb92cf668554 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sat, 3 Nov 2012 17:54:02 +0100 Subject: Completely rewritten Tar library This new class is only losely based on our previous library. The whole API was changed to make it more flexible and memory saving. Some fisrt unit tests are included --- inc/load.php | 1 + 1 file changed, 1 insertion(+) (limited to 'inc/load.php') diff --git a/inc/load.php b/inc/load.php index b8a279523..49c307054 100644 --- a/inc/load.php +++ b/inc/load.php @@ -71,6 +71,7 @@ function load_autoload($name){ 'IXR_IntrospectionServer' => DOKU_INC.'inc/IXR_Library.php', 'Doku_Plugin_Controller'=> DOKU_INC.'inc/plugincontroller.class.php', 'GeSHi' => DOKU_INC.'inc/geshi.php', + 'Tar' => DOKU_INC.'inc/Tar.class.php', 'TarLib' => DOKU_INC.'inc/TarLib.class.php', 'ZipLib' => DOKU_INC.'inc/ZipLib.class.php', 'DokuWikiFeedCreator' => DOKU_INC.'inc/feedcreator.class.php', -- cgit v1.2.3 From fba11f64c26a8dde5f64c57233b0da84fae35959 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sat, 3 Nov 2012 18:42:57 +0100 Subject: removed old TarLib and changed plugin manager to use new one --- inc/load.php | 1 - 1 file changed, 1 deletion(-) (limited to 'inc/load.php') diff --git a/inc/load.php b/inc/load.php index 49c307054..2ea0d8efd 100644 --- a/inc/load.php +++ b/inc/load.php @@ -72,7 +72,6 @@ function load_autoload($name){ 'Doku_Plugin_Controller'=> DOKU_INC.'inc/plugincontroller.class.php', 'GeSHi' => DOKU_INC.'inc/geshi.php', 'Tar' => DOKU_INC.'inc/Tar.class.php', - 'TarLib' => DOKU_INC.'inc/TarLib.class.php', 'ZipLib' => DOKU_INC.'inc/ZipLib.class.php', 'DokuWikiFeedCreator' => DOKU_INC.'inc/feedcreator.class.php', 'Doku_Parser_Mode' => DOKU_INC.'inc/parser/parser.php', -- cgit v1.2.3 From 35349ab097171f0f9cb6114cffd780abb69c56a6 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Tue, 6 Nov 2012 20:57:25 +0100 Subject: added simple compatibility wrapper for old TarLib --- inc/load.php | 1 + 1 file changed, 1 insertion(+) (limited to 'inc/load.php') diff --git a/inc/load.php b/inc/load.php index 2ea0d8efd..49c307054 100644 --- a/inc/load.php +++ b/inc/load.php @@ -72,6 +72,7 @@ function load_autoload($name){ 'Doku_Plugin_Controller'=> DOKU_INC.'inc/plugincontroller.class.php', 'GeSHi' => DOKU_INC.'inc/geshi.php', 'Tar' => DOKU_INC.'inc/Tar.class.php', + 'TarLib' => DOKU_INC.'inc/TarLib.class.php', 'ZipLib' => DOKU_INC.'inc/ZipLib.class.php', 'DokuWikiFeedCreator' => DOKU_INC.'inc/feedcreator.class.php', 'Doku_Parser_Mode' => DOKU_INC.'inc/parser/parser.php', -- cgit v1.2.3