From 0ea51e63908793de4c5d5fa2b4d82c2769fec559 Mon Sep 17 00:00:00 2001
From: Matt Perry <matt@mattperry.com>
Date: Fri, 23 Aug 2013 02:41:39 -0700
Subject: Fix CodeSniffer violations for PHP files

Fix violations for Generic.PHP.LowerCaseConstant.Found
---
 lib/plugins/plugin/classes/ap_info.class.php   | 2 +-
 lib/plugins/plugin/classes/ap_manage.class.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib/plugins/plugin/classes')

diff --git a/lib/plugins/plugin/classes/ap_info.class.php b/lib/plugins/plugin/classes/ap_info.class.php
index 44926c035..dfeb52b9d 100644
--- a/lib/plugins/plugin/classes/ap_info.class.php
+++ b/lib/plugins/plugin/classes/ap_info.class.php
@@ -15,7 +15,7 @@ class ap_info extends ap_manage {
 
 
         foreach ($component_list as $component) {
-            if (($obj = &plugin_load($component['type'],$component['name'],false,true)) === NULL) continue;
+            if (($obj = &plugin_load($component['type'],$component['name'],false,true)) === null) continue;
 
             $compname = explode('_',$component['name']);
             if($compname[1]){
diff --git a/lib/plugins/plugin/classes/ap_manage.class.php b/lib/plugins/plugin/classes/ap_manage.class.php
index 3ec740dae..48be63050 100644
--- a/lib/plugins/plugin/classes/ap_manage.class.php
+++ b/lib/plugins/plugin/classes/ap_manage.class.php
@@ -2,7 +2,7 @@
 
 class ap_manage {
 
-    var $manager = NULL;
+    var $manager = null;
     var $lang = array();
     var $plugin = '';
     var $downloaded = array();
-- 
cgit v1.2.3


From 2f7a0e94cadfbc1ece3bd1d3ff23483b845cd420 Mon Sep 17 00:00:00 2001
From: Matt Perry <matt@mattperry.com>
Date: Tue, 10 Sep 2013 22:17:43 -0700
Subject: Fix CodeSniffer whitespace violoations

Removed extraneous whitespace to eliminate errors reported by the
Squiz.WhiteSpace.SuperfluousWhitespace sniff.
---
 lib/plugins/plugin/classes/ap_info.class.php | 1 -
 1 file changed, 1 deletion(-)

(limited to 'lib/plugins/plugin/classes')

diff --git a/lib/plugins/plugin/classes/ap_info.class.php b/lib/plugins/plugin/classes/ap_info.class.php
index dfeb52b9d..b3826b944 100644
--- a/lib/plugins/plugin/classes/ap_info.class.php
+++ b/lib/plugins/plugin/classes/ap_info.class.php
@@ -13,7 +13,6 @@ class ap_info extends ap_manage {
         $component_list = $this->get_plugin_components($this->manager->plugin);
         usort($component_list, array($this,'component_sort'));
 
-
         foreach ($component_list as $component) {
             if (($obj = &plugin_load($component['type'],$component['name'],false,true)) === null) continue;
 
-- 
cgit v1.2.3


From 45d5ad751f327b10e7256d448d5595daa82c98c4 Mon Sep 17 00:00:00 2001
From: Gerrit Uitslag <klapinklapin@gmail.com>
Date: Tue, 15 Oct 2013 13:03:30 +0200
Subject: fix php strict notices

---
 lib/plugins/plugin/classes/ap_info.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/plugins/plugin/classes')

diff --git a/lib/plugins/plugin/classes/ap_info.class.php b/lib/plugins/plugin/classes/ap_info.class.php
index b3826b944..89b78fa2d 100644
--- a/lib/plugins/plugin/classes/ap_info.class.php
+++ b/lib/plugins/plugin/classes/ap_info.class.php
@@ -14,7 +14,7 @@ class ap_info extends ap_manage {
         usort($component_list, array($this,'component_sort'));
 
         foreach ($component_list as $component) {
-            if (($obj = &plugin_load($component['type'],$component['name'],false,true)) === null) continue;
+            if (($obj = plugin_load($component['type'],$component['name'],false,true)) === null) continue;
 
             $compname = explode('_',$component['name']);
             if($compname[1]){
-- 
cgit v1.2.3


From 9e8bcd5f2ba2246ad2dff46d0313cb0c9e9f5579 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <gohr@cosmocode.de>
Date: Tue, 10 Dec 2013 15:56:06 +0100
Subject: fix possible XSS vulnerability in Plugin Manager

The plugin manager echos raw URLs in error messages, this could allow to
construct an XSS attack. However the affected form is CSRF protected,
so an attacker would require another XSS vulnerability to get the needed token,
rendering this attack unneeded. So this should not be exploitable.
---
 lib/plugins/plugin/classes/ap_download.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/plugins/plugin/classes')

diff --git a/lib/plugins/plugin/classes/ap_download.class.php b/lib/plugins/plugin/classes/ap_download.class.php
index 3cc455867..b1be11506 100644
--- a/lib/plugins/plugin/classes/ap_download.class.php
+++ b/lib/plugins/plugin/classes/ap_download.class.php
@@ -24,7 +24,7 @@ class ap_download extends ap_manage {
         ptln('<h2>'.$this->lang['downloading'].'</h2>');
 
         if ($this->manager->error) {
-            ptln('<div class="error">'.str_replace("\n","<br />",$this->manager->error).'</div>');
+            ptln('<div class="error">'.str_replace("\n","<br />",hsc($this->manager->error)).'</div>');
         } else if (count($this->downloaded) == 1) {
             ptln('<p>'.sprintf($this->lang['downloaded'],$this->downloaded[0]).'</p>');
         } else if (count($this->downloaded)) {   // more than one plugin in the download
-- 
cgit v1.2.3