Welcome to Geeklog, Anonymous Saturday, November 23 2024 @ 09:15 am EST
Geeklog Forums
suggestion for handling phpblocks
Status: offline
remy
Forum User
Full Member
Registered: 06/09/03
Posts: 162
Location:Rotterdam & Bonn
I read in the developers manual:
However all phpblocks seem to end in lib-custom. I find this odd.
Starting with the original groupAccessCheck of Blaine, I put that phpblock into /blocks and added to lib-custom:
Ran into several errors with this block, corrected this, corrected that, and now it runs okay. My goal was to create a drop-in directory for phpblocks in stead of maintaining lib-custom. However, this idea is too simple to go with? Did I overlook some terrible security vulnerability? Is this mechanism okay to use? Am I safe?
Next move could be to adjust the Block admin to show a dropdown with available phpBlocks that can be configured.
If you have files that are located outside the webtree, like those located in the plugins/{plugin} directory, then put them in a directory called blocks/{block} at the same level as the plugins directory.
However all phpblocks seem to end in lib-custom. I find this odd.
Starting with the original groupAccessCheck of Blaine, I put that phpblock into /blocks and added to lib-custom:
/**
* My custom includer for all phpblocks in /blocks/
*/
foreach (glob($_CONF['path'] . 'blocks/phpblock_*.php'
as $phpBlock) {
include $phpBlock;
}
* My custom includer for all phpblocks in /blocks/
*/
foreach (glob($_CONF['path'] . 'blocks/phpblock_*.php'
as $phpBlock) { include $phpBlock;
}
Ran into several errors with this block, corrected this, corrected that, and now it runs okay. My goal was to create a drop-in directory for phpblocks in stead of maintaining lib-custom. However, this idea is too simple to go with? Did I overlook some terrible security vulnerability? Is this mechanism okay to use? Am I safe?
Next move could be to adjust the Block admin to show a dropdown with available phpBlocks that can be configured.
22
25
Quote
Status: offline
Laugh
Site Admin
Admin
Registered: 09/27/05
Posts: 1470
Location:Canada
It should be fine as long as it is not inside the webtree (as you stated it is not).
You may also want to add to each of the files at the beginning (changing the filename to the actual filename):
die('This file can not be used on its own.');
}
just as a double check.
Tom
One of the Geeklog Core Developers.
You may also want to add to each of the files at the beginning (changing the filename to the actual filename):
Text Formatted Code
if (strpos(strtolower($_SERVER['PHP_SELF']), filename.php') !== false) {die('This file can not be used on its own.');
}
just as a double check.
Tom
One of the Geeklog Core Developers.
21
17
Quote
All times are EST. The time is now 09:15 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content