From d9ef18ef60fdbefd01b886c8f6302121941f70b3 Mon Sep 17 00:00:00 2001 From: garvinhicking Date: Mon, 31 Jul 2006 10:28:00 +0000 Subject: [PATCH] Try to better probe plugin files [not finished yet] --- include/plugin_api.inc.php | 77 +++++++++++++++++++++++--------------- 1 file changed, 47 insertions(+), 30 deletions(-) diff --git a/include/plugin_api.inc.php b/include/plugin_api.inc.php index 0eef23b..cd10b28 100644 --- a/include/plugin_api.inc.php +++ b/include/plugin_api.inc.php @@ -6,7 +6,14 @@ if (IN_serendipity !== true) { die ('Don\'t hack!'); } -include_once S9Y_INCLUDE_PATH . 'include/functions.inc.php'; +if (defined('S9Y_FRAMEWORK_PLUGIN_API')) { + return; +} +@define('S9Y_FRAMEWORK_PLUGIN_API', true); + +if (!defined('S9Y_FRAMEWORK_FUNCTIONS')) { + include S9Y_INCLUDE_PATH . 'include/functions.inc.php'; +} /* This file defines the plugin API for serendipity. * By extending these classes, you can add your own code @@ -88,7 +95,7 @@ class serendipity_plugin_api { * @access public * @param string classname of the plugin to insert (see description above for details) * @param boolean (reserved) variable to indicate a copy of an existing instance - * @param string The type of the plugin to insert (event/left/right/hidden) + * @param string The type of the plugin to insert (event/left/right/hide/eventh) * @param int The authorid of the plugin owner * @param string The source path of the plugin file * @return string ID of the new plugin @@ -315,7 +322,7 @@ class serendipity_plugin_api { * Returns a list of currently installed plugins * * @access public - * @param string The filter for plugins (left|right|hidden|event) + * @param string The filter for plugins (left|right|hide|event|eventh) * @return array The list of plugins */ function get_installed_plugins($filter = '*') { @@ -335,7 +342,7 @@ class serendipity_plugin_api { * Searches for installed plugins based on specific conditions * * @access public - * @param string The filter for plugins (left|right|hidden|event) + * @param string The filter for plugins (left|right|hide|event|eventh) * @param boolean If true, the filtering logic will be reversed an all plugins that are NOT part of the filter will be returned * @param string Filter by a specific classname (like 'serendipity_plugin_archives'). Can take SQL wildcards. * @param string Filter by a specific plugin instance id @@ -377,7 +384,7 @@ class serendipity_plugin_api { * Count the number of plugins to which the filter criteria matches * * @access public - * @param string The filter for plugins (left|right|hidden|event) + * @param string The filter for plugins (left|right|hide|event|eventh) * @param boolean If true, the filtering logic will be reversed an all plugins that are NOT part of the filter will be evaluated * @return int Number of plugins that were found. */ @@ -424,17 +431,21 @@ class serendipity_plugin_api { if (empty($pluginPath)) { $pluginPath = $name; } - + $file = false; + // Security constraint + $pluginFile = 'plugins/' . $pluginPath . '/' . $name . '.php'; + $pluginFile = preg_replace('@([\r\n\t\0\\\]+|\.\.+)@', '', $pluginFile); + // First try the local path, and then (if existing) a shared library repository ... // Internal plugins ignored. if (!empty($instance_id) && $instance_id{0} == '@') { $file = S9Y_INCLUDE_PATH . 'include/plugin_internal.inc.php'; - } elseif (file_exists($serendipity['serendipityPath'] . 'plugins/' . $pluginPath . '/' . $name . '.php')) { - $file = $serendipity['serendipityPath'] . 'plugins/' . $pluginPath . '/' . $name . '.php'; - } elseif (file_exists(S9Y_INCLUDE_PATH . 'plugins/' . $pluginPath . '/' . $name . '.php')) { - $file = S9Y_INCLUDE_PATH . 'plugins/' . $pluginPath . '/' . $name . '.php'; + } elseif (file_exists($serendipity['serendipityPath'] . $pluginFile)) { + $file = $serendipity['serendipityPath'] . $pluginFile; + } elseif (file_exists(S9Y_INCLUDE_PATH . $pluginFile)) { + $file = S9Y_INCLUDE_PATH . $pluginFile; } return $file; @@ -534,7 +545,7 @@ class serendipity_plugin_api { if (!class_exists($class_name) && !empty($pluginFile)) { // $serendipity['debug']['pluginload'][] = "Classname does not exist. Including $pluginFile."; - include_once($pluginFile); + include($pluginFile); } if (!class_exists($class_name)) { @@ -678,7 +689,7 @@ class serendipity_plugin_api { if (!isset($data['stackable']) || empty($data['stackable'])) { $data['stackable'] = '0'; } - + if (!isset($data['last_modified'])) { $data['last_modified'] = $lastModified; } @@ -719,7 +730,7 @@ class serendipity_plugin_api { * * @access public * @param string The instance ID of a plugin - * @param string The new placement of a plugin (left|right|hidden) + * @param string The new placement of a plugin (left|right|hide|event|eventh) * @param string A new sort order for the plugin * @return */ @@ -728,8 +739,8 @@ class serendipity_plugin_api { global $serendipity; $admin = ''; - if (!serendipity_checkPermission('adminPlugins') && $placement == 'hidden') { - // Only administrators can set plugins to 'hidden' if they are not the owners. + if (!serendipity_checkPermission('adminPlugins') && $placement == 'hide') { + // Only administrators can set plugins to 'hide' if they are not the owners. $admin = " AND (authorid = 0 OR authorid = {$serendipity['authorid']})"; } @@ -740,7 +751,7 @@ class serendipity_plugin_api { } $sql .= "WHERE name='$name' $admin"; - + return serendipity_db_query($sql); } @@ -774,7 +785,7 @@ class serendipity_plugin_api { * Get a list of Sidebar plugins and pass them to Smarty * * @access public - * @param string The side of plugins to show (left/right/hidden) + * @param string The side of plugins to show (left/right/hide/event/eventh) * @param string deprecated: Indicated which wrapping HTML element to use for plugins * @param boolean Indicates whether only all plugins should be shown that are not in the $side list * @param string Only show plugins of this plugin class @@ -835,13 +846,8 @@ class serendipity_plugin_api { } } - $serendipity['smarty']->assign( - array( - 'plugindata' => $pluginData, - 'pluginside' => ucfirst($side) - ) - ); - + $serendipity['smarty']->assign_by_ref('plugindata', $pluginData); + $serendipity['smarty']->assign('pluginside', ucfirst($side)); return serendipity_smarty_fetch('sidebar_'. $side, 'sidebar.tpl', true); } @@ -920,7 +926,6 @@ class serendipity_plugin_api { } $plugins = serendipity_plugin_api::enum_plugins('event'); - if (!is_array($plugins)) { return $false; } @@ -967,17 +972,25 @@ class serendipity_plugin_api { return false; } + // We can NOT use a "return by reference" here, because then when + // a plugin executes another event_hook, the referenced variable within + // that call will overwrite the previous original plugin listing and + // skip the execution of any follow-up plugins. $plugins = serendipity_plugin_api::get_event_plugins(); if (is_array($plugins)) { // foreach() operates on copies of values, but we want to operate on references, so we use while() @reset($plugins); while(list($plugin, $plugin_data) = each($plugins)) { - $bag = &$plugin_data['b']; - if (array_key_exists($event_name, $bag->get('event_hooks'))) { + $bag = &$plugin_data['b']; + $phooks = &$bag->get('event_hooks'); + if (isset($phooks[$event_name])) { // Check for cachable events. - if (isset($eventData['is_cached']) && $eventData['is_cached'] && array_key_exists($event_name, (array)$bag->get('cachable_events'))) { - continue; + if (isset($eventData['is_cached']) && $eventData['is_cached']) { + $chooks = &$bag->get('cachable_events'); + if (is_array($chooks) && isset($chooks[$event_name])) { + continue; + } } $plugin_data['p']->event_hook($event_name, $bag, $eventData, $addData); @@ -1336,6 +1349,8 @@ class serendipity_plugin { $this->introspect_config_item($name, $cbag); $_res = $cbag->get('default'); unset($cbag); + // Set the fetched value, so the default will not be fetched the next config call time + $this->set_config($name, $_res); } return $_res; @@ -1526,6 +1541,8 @@ class serendipity_event extends serendipity_plugin { } } -include_once S9Y_INCLUDE_PATH . 'include/plugin_internal.inc.php'; +if (!defined('S9Y_FRAMEWORK_PLUGIN_INTERNAL')) { + include S9Y_INCLUDE_PATH . 'include/plugin_internal.inc.php'; +} /* vim: set sts=4 ts=4 expandtab : */ -- 2.39.5