diff options
Diffstat (limited to 'phpBB')
-rw-r--r-- | phpBB/includes/acp/acp_extensions.php | 10 | ||||
-rw-r--r-- | phpBB/language/en/acp/extensions.php | 1 | ||||
-rw-r--r-- | phpBB/phpbb/extension/manager.php | 15 | ||||
-rw-r--r-- | phpBB/phpbb/extension/metadata_manager.php | 14 |
4 files changed, 38 insertions, 2 deletions
diff --git a/phpBB/includes/acp/acp_extensions.php b/phpBB/includes/acp/acp_extensions.php index c21c9f4e9d..2ff479d824 100644 --- a/phpBB/includes/acp/acp_extensions.php +++ b/phpBB/includes/acp/acp_extensions.php @@ -88,6 +88,11 @@ class acp_extensions break; case 'enable_pre': + if (!$md_manager->validate_dir()) + { + trigger_error($user->lang['EXTENSION_DIR_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + if (!$md_manager->validate_enable()) { trigger_error($user->lang['EXTENSION_NOT_AVAILABLE'] . adm_back_link($this->u_action), E_USER_WARNING); @@ -108,6 +113,11 @@ class acp_extensions break; case 'enable': + if (!$md_manager->validate_dir()) + { + trigger_error($user->lang['EXTENSION_DIR_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + if (!$md_manager->validate_enable()) { trigger_error($user->lang['EXTENSION_NOT_AVAILABLE'] . adm_back_link($this->u_action), E_USER_WARNING); diff --git a/phpBB/language/en/acp/extensions.php b/phpBB/language/en/acp/extensions.php index 8279a68022..67b34ff0c7 100644 --- a/phpBB/language/en/acp/extensions.php +++ b/phpBB/language/en/acp/extensions.php @@ -41,6 +41,7 @@ $lang = array_merge($lang, array( 'EXTENSIONS_EXPLAIN' => 'The Extensions Manager is a tool in your phpBB Board which allows you to manage all of your extensions statuses and view information about them.', 'EXTENSION_INVALID_LIST' => 'The ā%sā extension is not valid.<br />%s<br /><br />', 'EXTENSION_NOT_AVAILABLE' => 'The selected extension is not available for this board, please verify your phpBB and PHP versions are allowed (see the details page).', + 'EXTENSION_DIR_INVALID' => 'The selected extension has an invalid directory structure and cannot be enabled.', 'DETAILS' => 'Details', diff --git a/phpBB/phpbb/extension/manager.php b/phpBB/phpbb/extension/manager.php index 7f009867c9..23b281deaa 100644 --- a/phpBB/phpbb/extension/manager.php +++ b/phpBB/phpbb/extension/manager.php @@ -411,9 +411,24 @@ class manager if ($file_info->isFile() && $file_info->getFilename() == 'ext.' . $this->php_ext) { $ext_name = $iterator->getInnerIterator()->getSubPath(); + $composer_file = $iterator->getPath() . '/composer.json'; + // Ignore the extension if there is no composer.json. + if (!is_readable($composer_file) || !($ext_info = file_get_contents($composer_file))) + { + continue; + } + + $ext_info = json_decode($ext_info, true); $ext_name = str_replace(DIRECTORY_SEPARATOR, '/', $ext_name); + // Ignore the extension if directory depth is not correct or if the directory structure + // does not match the name value specified in composer.json. + if (substr_count($ext_name, '/') !== 1 || !isset($ext_info['name']) || $ext_name != $ext_info['name']) + { + continue; + } + $available[$ext_name] = $this->phpbb_root_path . 'ext/' . $ext_name . '/'; } } diff --git a/phpBB/phpbb/extension/metadata_manager.php b/phpBB/phpbb/extension/metadata_manager.php index d0323120d8..66cdb86513 100644 --- a/phpBB/phpbb/extension/metadata_manager.php +++ b/phpBB/phpbb/extension/metadata_manager.php @@ -266,8 +266,8 @@ class metadata_manager */ public function validate_enable() { - // Check for phpBB, PHP versions - if (!$this->validate_require_phpbb() || !$this->validate_require_php()) + // Check for valid directory & phpBB, PHP versions + if (!$this->validate_dir() || !$this->validate_require_phpbb() || !$this->validate_require_php()) { return false; } @@ -275,6 +275,16 @@ class metadata_manager return true; } + /** + * Validates the most basic directory structure to ensure it follows <vendor>/<ext> convention. + * + * @return boolean True when passes validation + */ + public function validate_dir() + { + return (substr_count($this->ext_name, '/') === 1 && $this->ext_name == $this->get_metadata('name')); + } + /** * Validates the contents of the phpbb requirement field |