Plugins: Added checks and additional warning for authentication plugins.
--- a/includes/clientside/static/ajax.js Sun Mar 15 11:15:16 2009 -0400
+++ b/includes/clientside/static/ajax.js Wed Mar 18 11:35:28 2009 -0400
@@ -1379,7 +1379,7 @@
});
}
-window.ajaxPluginAction = function(action, plugin_filename, btnobj)
+window.ajaxPluginAction = function(action, plugin_filename, btnobj, send_confirm)
{
// if installing, uninstalling, or re-importing, confirm
if ( action == 'install' || action == 'uninstall' || action == 'reimport' )
@@ -1420,12 +1420,12 @@
ajaxPluginAction(this._action + '_confirm', this._filename, this._button);
miniPromptDestroy(this);
return false;
- }
+ };
btn_cancel.onclick = function()
{
miniPromptDestroy(this);
return false;
- }
+ };
});
return true;
}
@@ -1436,10 +1436,15 @@
var td = btnobj.parentNode.parentNode.parentNode.parentNode;
var blackbox = whiteOutElement(td);
}
- var request = toJSONString({
+ var request = {
mode: action,
plugin: plugin_filename
- });
+ };
+ if ( send_confirm )
+ {
+ request.install_confirmed = true;
+ }
+ request = toJSONString(request);
ajaxPost(makeUrlNS('Admin', 'PluginManager/action.json'), 'r=' + ajaxEscape(request), function(ajax)
{
if ( ajax.readyState == 4 && ajax.status == 200 )
@@ -1451,15 +1456,43 @@
return false;
}
response = parseJSON(response);
+ if ( blackbox )
+ {
+ blackbox.parentNode.removeChild(blackbox);
+ }
if ( response.success )
{
- if ( blackbox )
- {
- blackbox.parentNode.removeChild(blackbox);
- }
ajaxPage( namespace_list['Admin'] + 'PluginManager' );
return true;
- }
+ }
+ if ( response.need_confirm )
+ {
+ miniPromptMessage({
+ title: $lang.get(response.confirm_title),
+ message: $lang.get(response.confirm_body),
+ buttons: [
+ {
+ text: $lang.get('acppl_btn_install'),
+ color: 'red',
+ style: {
+ fontWeight: 'bold',
+ },
+ onclick: function() {
+ ajaxPluginAction(action + '_confirm', plugin_filename, btnobj, true);
+ miniPromptDestroy(this);
+ }
+ },
+ {
+ text: $lang.get('etc_cancel'),
+ color: 'blue',
+ onclick: function() {
+ miniPromptDestroy(this);
+ }
+ }
+ ]
+ });
+ return true;
+ }
// wait for fade effect to finish its run
setTimeout(function()
{
--- a/includes/clientside/static/fadefilter.js Sun Mar 15 11:15:16 2009 -0400
+++ b/includes/clientside/static/fadefilter.js Wed Mar 18 11:35:28 2009 -0400
@@ -14,7 +14,7 @@
if ( !opacVal )
opacVal = 70;
darkener_index[layerid] = ( typeof(darkener_index[layerid]) == 'number' ) ? darkener_index[layerid] + 1 : 1;
- if(document.getElementById(layerid))
+ if(document.getElementById(layerid) && !document.getElementById(layerid).destroying)
{
document.getElementById(layerid).style.zIndex = getHighestZ() + 1;
if(nofade)
@@ -38,7 +38,18 @@
opacity(layerid, 0, opacVal, 1000);
}
}
- } else {
+ }
+ else if(document.getElementById(layerid) && document.getElementById(layerid).destroying)
+ {
+ // fade in progress - abort
+ console.warn('Aborting fade');
+ abortFades();
+ changeOpac(opacVal, layerid);
+ document.getElementById(layerid).destroying = false;
+ return document.getElementById(layerid);
+ }
+ else
+ {
w = getWidth();
h = getHeight();
var thediv = document.createElement('div');
@@ -103,9 +114,10 @@
}
else
{
+ document.getElementById(layerid).destroying = true;
var from = document.getElementById(layerid).myOpacVal;
opacity(layerid, from, 0, 1000);
- setTimeout("document.getElementById('" + layerid + "').style.display = 'none';", 1000);
+ setTimeout("if ( document.getElementById('" + layerid + "').destroying ) { document.getElementById('" + layerid + "').destroying = false; document.getElementById('" + layerid + "').style.display = 'none'; }", 1000);
}
}
return document.getElementById(layerid);
--- a/includes/clientside/static/functions.js Sun Mar 15 11:15:16 2009 -0400
+++ b/includes/clientside/static/functions.js Wed Mar 18 11:35:28 2009 -0400
@@ -598,7 +598,7 @@
domOpacity(object, opacStart, opacEnd, millisec);
}
-var opacityDOMCache = new Object();
+var opacityDOMCache = {};
function domOpacity(obj, opacStart, opacEnd, millisec) {
//speed for each frame
var speed = Math.round(millisec / 100);
@@ -611,19 +611,24 @@
//determine the direction for the blending, if start and end are the same nothing happens
if(opacStart > opacEnd) {
for(i = opacStart; i >= opacEnd; i--) {
- setTimeout("var obj = opacityDOMCache["+uniqid+"]; domObjChangeOpac(" + i + ",obj)",(timer * speed));
+ setTimeout("if ( opacityDOMCache["+uniqid+"] ) { var obj = opacityDOMCache["+uniqid+"]; domObjChangeOpac(" + i + ",obj) }",(timer * speed));
timer++;
}
} else if(opacStart < opacEnd) {
for(i = opacStart; i <= opacEnd; i++)
{
- setTimeout("var obj = opacityDOMCache["+uniqid+"]; domObjChangeOpac(" + i + ",obj)",(timer * speed));
+ setTimeout("if ( opacityDOMCache["+uniqid+"] ) { var obj = opacityDOMCache["+uniqid+"]; domObjChangeOpac(" + i + ",obj); }",(timer * speed));
timer++;
}
}
setTimeout("delete(opacityDOMCache["+uniqid+"]);",(timer * speed));
}
+function abortFades()
+{
+ opacityDOMCache = {};
+}
+
// change the opacity for different browsers
function changeOpac(opacity, id)
{
--- a/includes/plugins.php Sun Mar 15 11:15:16 2009 -0400
+++ b/includes/plugins.php Wed Mar 18 11:35:28 2009 -0400
@@ -513,6 +513,29 @@
}
/**
+ * Determines if a file is an authentication extension by looking at the file contents.
+ * @param string Plugin filename
+ * @return bool
+ */
+
+ function is_file_auth_plugin($filename)
+ {
+ $filename = ENANO_ROOT . '/plugins/' . $filename;
+ if ( !file_exists($filename) )
+ return false;
+
+ $info = $this->get_plugin_info($filename);
+ if ( isset($info['auth plugin']) )
+ return true;
+
+ $contents = @file_get_contents($filename);
+ if ( strstr($contents, 'login_process_userdata_json') )
+ return true;
+
+ return false;
+ }
+
+ /**
* Installs a plugin.
* @param string Filename of plugin.
* @param array The list of plugins as output by pluginLoader::get_plugin_list(). If not passed, the function is called, possibly wasting time.
--- a/language/english/admin.json Sun Mar 15 11:15:16 2009 -0400
+++ b/language/english/admin.json Wed Mar 18 11:35:28 2009 -0400
@@ -1,6 +1,6 @@
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.1.1
+ * Version 1.1.6 (Caoineag beta 1)
* Copyright (C) 2006-2007 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
@@ -493,6 +493,9 @@
msg_confirm_install: 'Plugins are not supported by the Enano project and could harm your site if malicious. You should only install plugins from sources that you trust.',
msg_confirm_reimport: 'Re-importing strings will reload all language data from the plugin file. This should fix missing messages, but any customizations you have made to the plugin\'s language strings will be lost.',
+ msg_confirm_authext_title: 'This plugin is an authentication extension.',
+ msg_confirm_authext_body: 'This plugin hooks into Enano\'s login system. It might be used to allow non-password-based authentication. If there is a security vulnerability in this plugin, it might open your site up to attack. Only continue if you trust the author of this plugin.',
+
err_upgrade_not_supported: 'This plugin doesn\'t support automatic upgrades. The version number has been updated so the plugin will be re-enabled, but you should check the plugin file to see if the author provided instructions for finishing the upgrade.',
err_upgrade_bad_version: 'This plugin cannot be upgraded because you are running a version of the plugin that is not listed in the plugin\'s version list.',
err_upgrade_bad_target_version: 'This plugin cannot be upgraded because it does not support its own version. Please contact the author and ask them to fix this.',
--- a/plugins/admin/PluginManager.php Sun Mar 15 11:15:16 2009 -0400
+++ b/plugins/admin/PluginManager.php Wed Mar 18 11:35:28 2009 -0400
@@ -151,6 +151,19 @@
);
break;
}
+ if ( !isset($request['install_confirmed']) )
+ {
+ if ( $plugins->is_file_auth_plugin($request['plugin']) )
+ {
+ $return = array(
+ 'confirm_title' => 'acppl_msg_confirm_authext_title',
+ 'confirm_body' => 'acppl_msg_confirm_authext_body',
+ 'need_confirm' => true,
+ 'success' => false
+ );
+ break;
+ }
+ }
$return = $plugins->install_plugin($request['plugin'], $plugin_list);
break;