diff options
| author | Joas Schilling <nickvergessen@gmx.de> | 2013-12-16 10:18:56 +0100 |
|---|---|---|
| committer | Joas Schilling <nickvergessen@gmx.de> | 2013-12-16 10:18:56 +0100 |
| commit | 4a73ce0933c8bfecf37cf760d3fd96bb7a7f48ca (patch) | |
| tree | 9ff4a74a99cab79322a2fe8cc728f0dc283d77df /phpBB/phpbb/extension/manager.php | |
| parent | 8da2f349fe39a46fcd70e59ff087071927edbc34 (diff) | |
| parent | c42bd28d172a9ae7439cc3868ebfda87e93f3490 (diff) | |
| download | forums-4a73ce0933c8bfecf37cf760d3fd96bb7a7f48ca.tar forums-4a73ce0933c8bfecf37cf760d3fd96bb7a7f48ca.tar.gz forums-4a73ce0933c8bfecf37cf760d3fd96bb7a7f48ca.tar.bz2 forums-4a73ce0933c8bfecf37cf760d3fd96bb7a7f48ca.tar.xz forums-4a73ce0933c8bfecf37cf760d3fd96bb7a7f48ca.zip | |
Merge remote-tracking branch 'prototech/ticket/12009' into develop
* prototech/ticket/12009:
[ticket/12009] Prevent user from enabling invalid extension through direct URL
[ticket/12009] Update functional test to check for invalid extensions.
[ticket/12009] Fix functional tests.
[ticket/12009] Move valid extensions in tests to correct dir structure.
[ticket/12009] Do not allow incorrectly structured extensions to be installed.
Diffstat (limited to 'phpBB/phpbb/extension/manager.php')
| -rw-r--r-- | phpBB/phpbb/extension/manager.php | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/phpBB/phpbb/extension/manager.php b/phpBB/phpbb/extension/manager.php index 7f009867c9..23b281deaa 100644 --- a/phpBB/phpbb/extension/manager.php +++ b/phpBB/phpbb/extension/manager.php @@ -411,9 +411,24 @@ class manager if ($file_info->isFile() && $file_info->getFilename() == 'ext.' . $this->php_ext) { $ext_name = $iterator->getInnerIterator()->getSubPath(); + $composer_file = $iterator->getPath() . '/composer.json'; + // Ignore the extension if there is no composer.json. + if (!is_readable($composer_file) || !($ext_info = file_get_contents($composer_file))) + { + continue; + } + + $ext_info = json_decode($ext_info, true); $ext_name = str_replace(DIRECTORY_SEPARATOR, '/', $ext_name); + // Ignore the extension if directory depth is not correct or if the directory structure + // does not match the name value specified in composer.json. + if (substr_count($ext_name, '/') !== 1 || !isset($ext_info['name']) || $ext_name != $ext_info['name']) + { + continue; + } + $available[$ext_name] = $this->phpbb_root_path . 'ext/' . $ext_name . '/'; } } |