diff options
author | Cesar G <prototech91@gmail.com> | 2013-12-11 21:07:21 -0800 |
---|---|---|
committer | Cesar G <prototech91@gmail.com> | 2013-12-11 23:11:52 -0800 |
commit | 4d65727accb097641f72e8bf24c5a194873affc7 (patch) | |
tree | f5377d7d3c0b5aafea7a0369234b9a4baceb49c2 /phpBB/phpbb/extension/manager.php | |
parent | d5742d7ec1efd800ebd420ab13bf9523ac7a5f3f (diff) | |
download | forums-4d65727accb097641f72e8bf24c5a194873affc7.tar forums-4d65727accb097641f72e8bf24c5a194873affc7.tar.gz forums-4d65727accb097641f72e8bf24c5a194873affc7.tar.bz2 forums-4d65727accb097641f72e8bf24c5a194873affc7.tar.xz forums-4d65727accb097641f72e8bf24c5a194873affc7.zip |
[ticket/12009] Do not allow incorrectly structured extensions to be installed.
PHPBB3-12009
Diffstat (limited to 'phpBB/phpbb/extension/manager.php')
-rw-r--r-- | phpBB/phpbb/extension/manager.php | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/phpBB/phpbb/extension/manager.php b/phpBB/phpbb/extension/manager.php index 7f009867c9..23b281deaa 100644 --- a/phpBB/phpbb/extension/manager.php +++ b/phpBB/phpbb/extension/manager.php @@ -411,9 +411,24 @@ class manager if ($file_info->isFile() && $file_info->getFilename() == 'ext.' . $this->php_ext) { $ext_name = $iterator->getInnerIterator()->getSubPath(); + $composer_file = $iterator->getPath() . '/composer.json'; + // Ignore the extension if there is no composer.json. + if (!is_readable($composer_file) || !($ext_info = file_get_contents($composer_file))) + { + continue; + } + + $ext_info = json_decode($ext_info, true); $ext_name = str_replace(DIRECTORY_SEPARATOR, '/', $ext_name); + // Ignore the extension if directory depth is not correct or if the directory structure + // does not match the name value specified in composer.json. + if (substr_count($ext_name, '/') !== 1 || !isset($ext_info['name']) || $ext_name != $ext_info['name']) + { + continue; + } + $available[$ext_name] = $this->phpbb_root_path . 'ext/' . $ext_name . '/'; } } |