aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB')
-rw-r--r--phpBB/includes/acp/acp_extensions.php10
-rw-r--r--phpBB/language/en/acp/extensions.php1
-rw-r--r--phpBB/phpbb/extension/manager.php15
-rw-r--r--phpBB/phpbb/extension/metadata_manager.php14
4 files changed, 38 insertions, 2 deletions
diff --git a/phpBB/includes/acp/acp_extensions.php b/phpBB/includes/acp/acp_extensions.php
index c21c9f4e9d..2ff479d824 100644
--- a/phpBB/includes/acp/acp_extensions.php
+++ b/phpBB/includes/acp/acp_extensions.php
@@ -88,6 +88,11 @@ class acp_extensions
break;
case 'enable_pre':
+ if (!$md_manager->validate_dir())
+ {
+ trigger_error($user->lang['EXTENSION_DIR_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
if (!$md_manager->validate_enable())
{
trigger_error($user->lang['EXTENSION_NOT_AVAILABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
@@ -108,6 +113,11 @@ class acp_extensions
break;
case 'enable':
+ if (!$md_manager->validate_dir())
+ {
+ trigger_error($user->lang['EXTENSION_DIR_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
if (!$md_manager->validate_enable())
{
trigger_error($user->lang['EXTENSION_NOT_AVAILABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
diff --git a/phpBB/language/en/acp/extensions.php b/phpBB/language/en/acp/extensions.php
index 8279a68022..67b34ff0c7 100644
--- a/phpBB/language/en/acp/extensions.php
+++ b/phpBB/language/en/acp/extensions.php
@@ -41,6 +41,7 @@ $lang = array_merge($lang, array(
'EXTENSIONS_EXPLAIN' => 'The Extensions Manager is a tool in your phpBB Board which allows you to manage all of your extensions statuses and view information about them.',
'EXTENSION_INVALID_LIST' => 'The ā€œ%sā€ extension is not valid.<br />%s<br /><br />',
'EXTENSION_NOT_AVAILABLE' => 'The selected extension is not available for this board, please verify your phpBB and PHP versions are allowed (see the details page).',
+ 'EXTENSION_DIR_INVALID' => 'The selected extension has an invalid directory structure and cannot be enabled.',
'DETAILS' => 'Details',
diff --git a/phpBB/phpbb/extension/manager.php b/phpBB/phpbb/extension/manager.php
index 7f009867c9..23b281deaa 100644
--- a/phpBB/phpbb/extension/manager.php
+++ b/phpBB/phpbb/extension/manager.php
@@ -411,9 +411,24 @@ class manager
if ($file_info->isFile() && $file_info->getFilename() == 'ext.' . $this->php_ext)
{
$ext_name = $iterator->getInnerIterator()->getSubPath();
+ $composer_file = $iterator->getPath() . '/composer.json';
+ // Ignore the extension if there is no composer.json.
+ if (!is_readable($composer_file) || !($ext_info = file_get_contents($composer_file)))
+ {
+ continue;
+ }
+
+ $ext_info = json_decode($ext_info, true);
$ext_name = str_replace(DIRECTORY_SEPARATOR, '/', $ext_name);
+ // Ignore the extension if directory depth is not correct or if the directory structure
+ // does not match the name value specified in composer.json.
+ if (substr_count($ext_name, '/') !== 1 || !isset($ext_info['name']) || $ext_name != $ext_info['name'])
+ {
+ continue;
+ }
+
$available[$ext_name] = $this->phpbb_root_path . 'ext/' . $ext_name . '/';
}
}
diff --git a/phpBB/phpbb/extension/metadata_manager.php b/phpBB/phpbb/extension/metadata_manager.php
index d0323120d8..66cdb86513 100644
--- a/phpBB/phpbb/extension/metadata_manager.php
+++ b/phpBB/phpbb/extension/metadata_manager.php
@@ -266,8 +266,8 @@ class metadata_manager
*/
public function validate_enable()
{
- // Check for phpBB, PHP versions
- if (!$this->validate_require_phpbb() || !$this->validate_require_php())
+ // Check for valid directory & phpBB, PHP versions
+ if (!$this->validate_dir() || !$this->validate_require_phpbb() || !$this->validate_require_php())
{
return false;
}
@@ -275,6 +275,16 @@ class metadata_manager
return true;
}
+ /**
+ * Validates the most basic directory structure to ensure it follows <vendor>/<ext> convention.
+ *
+ * @return boolean True when passes validation
+ */
+ public function validate_dir()
+ {
+ return (substr_count($this->ext_name, '/') === 1 && $this->ext_name == $this->get_metadata('name'));
+ }
+
/**
* Validates the contents of the phpbb requirement field