4 files changed, 38 insertions, 2 deletions
diff --git a/phpBB/includes/acp/acp_extensions.php b/phpBB/includes/acp/acp_extensions.php
index c21c9f4e9d..2ff479d824 100644
--- a/phpBB/includes/acp/acp_extensions.php
+++ b/phpBB/includes/acp/acp_extensions.php
@@ -88,6 +88,11 @@ class acp_extensions
 			break;
 
 			case 'enable_pre':
+				if (!$md_manager->validate_dir())
+				{
+					trigger_error($user->lang['EXTENSION_DIR_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				if (!$md_manager->validate_enable())
 				{
 					trigger_error($user->lang['EXTENSION_NOT_AVAILABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
@@ -108,6 +113,11 @@ class acp_extensions
 			break;
 
 			case 'enable':
+				if (!$md_manager->validate_dir())
+				{
+					trigger_error($user->lang['EXTENSION_DIR_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				if (!$md_manager->validate_enable())
 				{
 					trigger_error($user->lang['EXTENSION_NOT_AVAILABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
diff --git a/phpBB/language/en/acp/extensions.php b/phpBB/language/en/acp/extensions.php
index 8279a68022..67b34ff0c7 100644
--- a/phpBB/language/en/acp/extensions.php
+++ b/phpBB/language/en/acp/extensions.php
@@ -41,6 +41,7 @@ $lang = array_merge($lang, array(
 	'EXTENSIONS_EXPLAIN'		=> 'The Extensions Manager is a tool in your phpBB Board which allows you to manage all of your extensions statuses and view information about them.',
 	'EXTENSION_INVALID_LIST'	=> 'The “%s” extension is not valid.<br />%s<br /><br />',
 	'EXTENSION_NOT_AVAILABLE'	=> 'The selected extension is not available for this board, please verify your phpBB and PHP versions are allowed (see the details page).',
+	'EXTENSION_DIR_INVALID'		=> 'The selected extension has an invalid directory structure and cannot be enabled.',
 
 	'DETAILS'				=> 'Details',
 
diff --git a/phpBB/phpbb/extension/manager.php b/phpBB/phpbb/extension/manager.php
index 7f009867c9..23b281deaa 100644
--- a/phpBB/phpbb/extension/manager.php
+++ b/phpBB/phpbb/extension/manager.php
@@ -411,9 +411,24 @@ class manager
 			if ($file_info->isFile() && $file_info->getFilename() == 'ext.' . $this->php_ext)
 			{
 				$ext_name = $iterator->getInnerIterator()->getSubPath();
+				$composer_file = $iterator->getPath() . '/composer.json';
 
+				// Ignore the extension if there is no composer.json.
+				if (!is_readable($composer_file) || !($ext_info = file_get_contents($composer_file)))
+				{
+					continue;
+				}
+
+				$ext_info = json_decode($ext_info, true);
 				$ext_name = str_replace(DIRECTORY_SEPARATOR, '/', $ext_name);
 
+				// Ignore the extension if directory depth is not correct or if the directory structure
+				// does not match the name value specified in composer.json.
+				if (substr_count($ext_name, '/') !== 1 || !isset($ext_info['name']) || $ext_name != $ext_info['name'])
+				{
+					continue;
+				}
+
 				$available[$ext_name] = $this->phpbb_root_path . 'ext/' . $ext_name . '/';
 			}
 		}
diff --git a/phpBB/phpbb/extension/metadata_manager.php b/phpBB/phpbb/extension/metadata_manager.php
index d0323120d8..66cdb86513 100644
--- a/phpBB/phpbb/extension/metadata_manager.php
+++ b/phpBB/phpbb/extension/metadata_manager.php
@@ -266,8 +266,8 @@ class metadata_manager
 	 */
 	public function validate_enable()
 	{
-		// Check for phpBB, PHP versions
-		if (!$this->validate_require_phpbb() || !$this->validate_require_php())
+		// Check for valid directory & phpBB, PHP versions
+		if (!$this->validate_dir() || !$this->validate_require_phpbb() || !$this->validate_require_php())
 		{
 			return false;
 		}
@@ -275,6 +275,16 @@ class metadata_manager
 		return true;
 	}
 
+	/**
+	 * Validates the most basic directory structure to ensure it follows <vendor>/<ext> convention.
+	 *
+	 * @return boolean True when passes validation
+	 */
+	public function validate_dir()
+	{
+		return (substr_count($this->ext_name, '/') === 1 && $this->ext_name == $this->get_metadata('name'));
+	}
+
 
 	/**
 	 * Validates the contents of the phpbb requirement field