# HG changeset patch # User Dan # Date 1237390528 14400 # Node ID 58bc29c14a4dfb863068469b5ac1ec4a693493b3 # Parent 75dcd8cf623233bf52c73e2ef66262730cde483e Plugins: Added checks and additional warning for authentication plugins. diff -r 75dcd8cf6232 -r 58bc29c14a4d includes/clientside/static/ajax.js --- a/includes/clientside/static/ajax.js Sun Mar 15 11:15:16 2009 -0400 +++ b/includes/clientside/static/ajax.js Wed Mar 18 11:35:28 2009 -0400 @@ -1379,7 +1379,7 @@ }); } -window.ajaxPluginAction = function(action, plugin_filename, btnobj) +window.ajaxPluginAction = function(action, plugin_filename, btnobj, send_confirm) { // if installing, uninstalling, or re-importing, confirm if ( action == 'install' || action == 'uninstall' || action == 'reimport' ) @@ -1420,12 +1420,12 @@ ajaxPluginAction(this._action + '_confirm', this._filename, this._button); miniPromptDestroy(this); return false; - } + }; btn_cancel.onclick = function() { miniPromptDestroy(this); return false; - } + }; }); return true; } @@ -1436,10 +1436,15 @@ var td = btnobj.parentNode.parentNode.parentNode.parentNode; var blackbox = whiteOutElement(td); } - var request = toJSONString({ + var request = { mode: action, plugin: plugin_filename - }); + }; + if ( send_confirm ) + { + request.install_confirmed = true; + } + request = toJSONString(request); ajaxPost(makeUrlNS('Admin', 'PluginManager/action.json'), 'r=' + ajaxEscape(request), function(ajax) { if ( ajax.readyState == 4 && ajax.status == 200 ) @@ -1451,15 +1456,43 @@ return false; } response = parseJSON(response); + if ( blackbox ) + { + blackbox.parentNode.removeChild(blackbox); + } if ( response.success ) { - if ( blackbox ) - { - blackbox.parentNode.removeChild(blackbox); - } ajaxPage( namespace_list['Admin'] + 'PluginManager' ); return true; - } + } + if ( response.need_confirm ) + { + miniPromptMessage({ + title: $lang.get(response.confirm_title), + message: $lang.get(response.confirm_body), + buttons: [ + { + text: $lang.get('acppl_btn_install'), + color: 'red', + style: { + fontWeight: 'bold', + }, + onclick: function() { + ajaxPluginAction(action + '_confirm', plugin_filename, btnobj, true); + miniPromptDestroy(this); + } + }, + { + text: $lang.get('etc_cancel'), + color: 'blue', + onclick: function() { + miniPromptDestroy(this); + } + } + ] + }); + return true; + } // wait for fade effect to finish its run setTimeout(function() { diff -r 75dcd8cf6232 -r 58bc29c14a4d includes/clientside/static/fadefilter.js --- a/includes/clientside/static/fadefilter.js Sun Mar 15 11:15:16 2009 -0400 +++ b/includes/clientside/static/fadefilter.js Wed Mar 18 11:35:28 2009 -0400 @@ -14,7 +14,7 @@ if ( !opacVal ) opacVal = 70; darkener_index[layerid] = ( typeof(darkener_index[layerid]) == 'number' ) ? darkener_index[layerid] + 1 : 1; - if(document.getElementById(layerid)) + if(document.getElementById(layerid) && !document.getElementById(layerid).destroying) { document.getElementById(layerid).style.zIndex = getHighestZ() + 1; if(nofade) @@ -38,7 +38,18 @@ opacity(layerid, 0, opacVal, 1000); } } - } else { + } + else if(document.getElementById(layerid) && document.getElementById(layerid).destroying) + { + // fade in progress - abort + console.warn('Aborting fade'); + abortFades(); + changeOpac(opacVal, layerid); + document.getElementById(layerid).destroying = false; + return document.getElementById(layerid); + } + else + { w = getWidth(); h = getHeight(); var thediv = document.createElement('div'); @@ -103,9 +114,10 @@ } else { + document.getElementById(layerid).destroying = true; var from = document.getElementById(layerid).myOpacVal; opacity(layerid, from, 0, 1000); - setTimeout("document.getElementById('" + layerid + "').style.display = 'none';", 1000); + setTimeout("if ( document.getElementById('" + layerid + "').destroying ) { document.getElementById('" + layerid + "').destroying = false; document.getElementById('" + layerid + "').style.display = 'none'; }", 1000); } } return document.getElementById(layerid); diff -r 75dcd8cf6232 -r 58bc29c14a4d includes/clientside/static/functions.js --- a/includes/clientside/static/functions.js Sun Mar 15 11:15:16 2009 -0400 +++ b/includes/clientside/static/functions.js Wed Mar 18 11:35:28 2009 -0400 @@ -598,7 +598,7 @@ domOpacity(object, opacStart, opacEnd, millisec); } -var opacityDOMCache = new Object(); +var opacityDOMCache = {}; function domOpacity(obj, opacStart, opacEnd, millisec) { //speed for each frame var speed = Math.round(millisec / 100); @@ -611,19 +611,24 @@ //determine the direction for the blending, if start and end are the same nothing happens if(opacStart > opacEnd) { for(i = opacStart; i >= opacEnd; i--) { - setTimeout("var obj = opacityDOMCache["+uniqid+"]; domObjChangeOpac(" + i + ",obj)",(timer * speed)); + setTimeout("if ( opacityDOMCache["+uniqid+"] ) { var obj = opacityDOMCache["+uniqid+"]; domObjChangeOpac(" + i + ",obj) }",(timer * speed)); timer++; } } else if(opacStart < opacEnd) { for(i = opacStart; i <= opacEnd; i++) { - setTimeout("var obj = opacityDOMCache["+uniqid+"]; domObjChangeOpac(" + i + ",obj)",(timer * speed)); + setTimeout("if ( opacityDOMCache["+uniqid+"] ) { var obj = opacityDOMCache["+uniqid+"]; domObjChangeOpac(" + i + ",obj); }",(timer * speed)); timer++; } } setTimeout("delete(opacityDOMCache["+uniqid+"]);",(timer * speed)); } +function abortFades() +{ + opacityDOMCache = {}; +} + // change the opacity for different browsers function changeOpac(opacity, id) { diff -r 75dcd8cf6232 -r 58bc29c14a4d includes/plugins.php --- a/includes/plugins.php Sun Mar 15 11:15:16 2009 -0400 +++ b/includes/plugins.php Wed Mar 18 11:35:28 2009 -0400 @@ -513,6 +513,29 @@ } /** + * Determines if a file is an authentication extension by looking at the file contents. + * @param string Plugin filename + * @return bool + */ + + function is_file_auth_plugin($filename) + { + $filename = ENANO_ROOT . '/plugins/' . $filename; + if ( !file_exists($filename) ) + return false; + + $info = $this->get_plugin_info($filename); + if ( isset($info['auth plugin']) ) + return true; + + $contents = @file_get_contents($filename); + if ( strstr($contents, 'login_process_userdata_json') ) + return true; + + return false; + } + + /** * Installs a plugin. * @param string Filename of plugin. * @param array The list of plugins as output by pluginLoader::get_plugin_list(). If not passed, the function is called, possibly wasting time. diff -r 75dcd8cf6232 -r 58bc29c14a4d language/english/admin.json --- a/language/english/admin.json Sun Mar 15 11:15:16 2009 -0400 +++ b/language/english/admin.json Wed Mar 18 11:35:28 2009 -0400 @@ -1,6 +1,6 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.1 + * Version 1.1.6 (Caoineag beta 1) * Copyright (C) 2006-2007 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License @@ -493,6 +493,9 @@ msg_confirm_install: 'Plugins are not supported by the Enano project and could harm your site if malicious. You should only install plugins from sources that you trust.', msg_confirm_reimport: 'Re-importing strings will reload all language data from the plugin file. This should fix missing messages, but any customizations you have made to the plugin\'s language strings will be lost.', + msg_confirm_authext_title: 'This plugin is an authentication extension.', + msg_confirm_authext_body: 'This plugin hooks into Enano\'s login system. It might be used to allow non-password-based authentication. If there is a security vulnerability in this plugin, it might open your site up to attack. Only continue if you trust the author of this plugin.', + err_upgrade_not_supported: 'This plugin doesn\'t support automatic upgrades. The version number has been updated so the plugin will be re-enabled, but you should check the plugin file to see if the author provided instructions for finishing the upgrade.', err_upgrade_bad_version: 'This plugin cannot be upgraded because you are running a version of the plugin that is not listed in the plugin\'s version list.', err_upgrade_bad_target_version: 'This plugin cannot be upgraded because it does not support its own version. Please contact the author and ask them to fix this.', diff -r 75dcd8cf6232 -r 58bc29c14a4d plugins/admin/PluginManager.php --- a/plugins/admin/PluginManager.php Sun Mar 15 11:15:16 2009 -0400 +++ b/plugins/admin/PluginManager.php Wed Mar 18 11:35:28 2009 -0400 @@ -151,6 +151,19 @@ ); break; } + if ( !isset($request['install_confirmed']) ) + { + if ( $plugins->is_file_auth_plugin($request['plugin']) ) + { + $return = array( + 'confirm_title' => 'acppl_msg_confirm_authext_title', + 'confirm_body' => 'acppl_msg_confirm_authext_body', + 'need_confirm' => true, + 'success' => false + ); + break; + } + } $return = $plugins->install_plugin($request['plugin'], $plugin_list); break;