Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-22 19:10:12 +00:00
Code Issues Projects Releases Packages Wiki Activity

Sanitize addon path items

Browse source
This commit is contained in:
Hypolite Petovan 2019-03-31 21:53:08 -04:00
parent b529c03a20
commit cc64471e4c
3 changed files with 33 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

47
src/Core/Addon.php
View file

@ -6,6 +6,7 @@ namespace Friendica\Core;
use Friendica\BaseObject;
use Friendica\Database\DBA;
use Friendica\Util\Strings;
/**
* Some functions to handle addons
@ -81,6 +82,8 @@ class Addon extends BaseObject
*/
public static function uninstall($addon)
{
$addon = Strings::sanitizeFilePathItem($addon);
Logger::notice("Addon {addon}: {action}", ['action' => 'uninstall', 'addon' => $addon]);
DBA::delete('addon', ['name' => $addon]);
@ -102,11 +105,13 @@ class Addon extends BaseObject
*/
public static function install($addon)
{
// silently fail if addon was removed
$addon = Strings::sanitizeFilePathItem($addon);
// silently fail if addon was removed of if $addon is funky
if (!file_exists('addon/' . $addon . '/' . $addon . '.php')) {
return false;
}
Logger::notice("Addon {addon}: {action}", ['action' => 'install', 'addon' => $addon]);
$t = @filemtime('addon/' . $addon . '/' . $addon . '.php');
@include_once('addon/' . $addon . '/' . $addon . '.php');
@ -130,6 +135,7 @@ class Addon extends BaseObject
if (!self::isEnabled($addon)) {
self::$addons[] = $addon;
}
return true;
} else {
Logger::error("Addon {addon}: {action} failed", ['action' => 'uninstall', 'addon' => $addon]);
@ -153,29 +159,26 @@ class Addon extends BaseObject
$addon_list = explode(',', $addons);
if (count($addon_list)) {
foreach ($addon_list as $addon) {
$addon = trim($addon);
$fname = 'addon/' . $addon . '/' . $addon . '.php';
foreach ($addon_list as $addon) {
$addon = Strings::sanitizeFilePathItem(trim($addon));
$fname = 'addon/' . $addon . '/' . $addon . '.php';
if (file_exists($fname)) {
$t = @filemtime($fname);
foreach ($installed as $i) {
if (($i['name'] == $addon) && ($i['timestamp'] != $t)) {
if (file_exists($fname)) {
$t = @filemtime($fname);
foreach ($installed as $i) {
if (($i['name'] == $addon) && ($i['timestamp'] != $t)) {
Logger::notice("Addon {addon}: {action}", ['action' => 'reload', 'addon' => $i['name']]);
@include_once($fname);
Logger::notice("Addon {addon}: {action}", ['action' => 'reload', 'addon' => $i['name']]);
@include_once($fname);
if (function_exists($addon . '_uninstall')) {
$func = $addon . '_uninstall';
$func(self::getApp());
}
if (function_exists($addon . '_install')) {
$func = $addon . '_install';
$func(self::getApp());
}
DBA::update('addon', ['timestamp' => $t], ['id' => $i['id']]);
if (function_exists($addon . '_uninstall')) {
$func = $addon . '_uninstall';
$func(self::getApp());
}
if (function_exists($addon . '_install')) {
$func = $addon . '_install';
$func(self::getApp());
}
DBA::update('addon', ['timestamp' => $t], ['id' => $i['id']]);
}
}
}
@ -204,6 +207,8 @@ class Addon extends BaseObject
{
$a = self::getApp();
$addon = Strings::sanitizeFilePathItem($addon);
$info = [
'name' => $addon,
'description' => "",