Lona-Development/Server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security fix when loading plugins

Browse Source
This commit is contained in:
Collin 2024-09-24 12:31:54 +02:00
parent 44a1079d9d
commit c54f3c4a03
1 changed files with 87 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/LonaDB/Plugins/PluginManager.php
View File

@ -37,6 +37,7 @@ class PluginManager{
if(str_ends_with($r, ".phar")){ if(str_ends_with($r, ".phar")){
//Load PHAR file //Load PHAR file
$phar = new \Phar("plugins/" . $r, 0); $phar = new \Phar("plugins/" . $r, 0);
$configFound = false;
//Loop through all files in the PHAR archive //Loop through all files in the PHAR archive
foreach (new \RecursiveIteratorIterator($phar) as $file) { foreach (new \RecursiveIteratorIterator($phar) as $file) {
@ -46,9 +47,11 @@ class PluginManager{
$conf = json_decode(file_get_contents($file->getPathName()), true); $conf = json_decode(file_get_contents($file->getPathName()), true);
//Generate path variable for the file //Generate path variable for the file
eval("\$path = substr(\$file->getPathName(), 0, -". strlen($file->getFileName()) .");"); eval("\$path = substr(\$file->getPathName(), 0, -". strlen($file->getFileName()) .");");
$configFound = true;
} }
} }
if($configFound){
//Check the configuration //Check the configuration
if($conf['main'] && $conf['main']['path'] && $conf['main']['class'] && $conf['main']['namespace'] && $conf['name']){ if($conf['main'] && $conf['main']['path'] && $conf['main']['class'] && $conf['main']['namespace'] && $conf['name']){
//Check if main file declared in plugin.json exists //Check if main file declared in plugin.json exists
@ -85,14 +88,21 @@ class PluginManager{
$this->LonaDB->Logger->Error("Could not load the plugin in '" . $r . "'"); $this->LonaDB->Logger->Error("Could not load the plugin in '" . $r . "'");
} }
} }
else{
$this->LonaDB->Logger->Error("Missing config in '" . $r . "'");
}
}
//Load plugin from folder => Plugin hasn't been compiled //Load plugin from folder => Plugin hasn't been compiled
else if($r != "." && $r !== ".."){ else if($r != "." && $r !== ".."){
//Scan "plugins/$foler" //Scan "plugins/$foler"
$debugscan = scandir("plugins/" . $r); $debugscan = scandir("plugins/" . $r);
$configFound = false;
//Check if plugin.json is inside the folder //Check if plugin.json is inside the folder
if(in_array("plugin.json", $debugscan)) $conf = json_decode(file_get_contents("plugins/" . $r . "/plugin.json"), true); if(in_array("plugin.json", $debugscan)) {
$conf = json_decode(file_get_contents("plugins/" . $r . "/plugin.json"), true);
$configFound = true;
}
if($configFound){
//Check configuration //Check configuration
if($conf['main'] && $conf['main']['path'] && $conf['main']['class'] && $conf['main']['namespace'] && $conf['name']){ if($conf['main'] && $conf['main']['path'] && $conf['main']['class'] && $conf['main']['namespace'] && $conf['name']){
//Check if main file exists //Check if main file exists
@ -139,6 +149,10 @@ class PluginManager{
$this->LonaDB->Logger->Error("Could not load the plugin in '" . $r . "'"); $this->LonaDB->Logger->Error("Could not load the plugin in '" . $r . "'");
} }
} }
else {
$this->LonaDB->Logger->Error("Missing configuration for plugin in '" . $r . "'");
}
}
} }
} }