42,6 → 42,7 |
|
// These plugin types can contain HTML code and therefore may |
// emit (non-setup) CSS/JS code via their manifest. |
// Note that design plugins may only output CSS, not JS. |
/*public*/ const INTERACTIVE_PLUGIN_TYPES = array( |
'publicPages', |
'raPages', |
828,6 → 829,8 |
if (!self::pluginCheckDisabled($class_name)) { |
continue; // Plugin is disabled |
} |
|
// Do some basic checks on the plugin PHP main class |
if (!class_exists($class_name)) { |
throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('Manifest declares PHP main class as "%1", but it could not be found',$class_name)); |
} |
841,6 → 844,7 |
throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('Class declared in manifest is "%1" does not fit expected class for this plugin type "%2"',$manifest->getTypeClass(),$expectedPluginClass)); |
} |
|
// Do some basic checks on the plugin OID |
$plugin_oid = $manifest->getOid(); |
if (!$plugin_oid) { |
throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('Does not have an OID')); |
852,23 → 856,58 |
throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('The OID "%1" is already used by the plugin "%2"',$plugin_oid,$known_plugin_oids[$plugin_oid])); |
} |
|
// Additional check: Are third-party plugins using ViaThinkSoft plugin folders, OIDs or class namespaces? |
$full_plugin_dir = dirname($manifest->getManifestFile()); |
$full_plugin_dir = substr($full_plugin_dir, strlen(OIDplus::localpath())); |
|
$dir_is_viathinksoft = str_starts_with($full_plugin_dir, 'plugins/viathinksoft/') || str_starts_with($full_plugin_dir, 'plugins\\viathinksoft\\'); |
$oid_is_viathinksoft = str_starts_with($plugin_oid, '1.3.6.1.4.1.37476.2.5.2.4.'); // { iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) 37476 products(2) oidplus(5) v2(2) plugins(4) } |
$class_is_viathinksoft = str_starts_with($class_name, 'ViaThinkSoft\\'); |
if ($dir_is_viathinksoft != $oid_is_viathinksoft) { |
if ($oid_is_viathinksoft != $class_is_viathinksoft) { |
throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('Third-party plugins must not use the ViaThinkSoft PHP namespace. Please use your own vendor namespace.')); |
} |
$plugin_is_viathinksoft = $oid_is_viathinksoft && $class_is_viathinksoft; |
if ($dir_is_viathinksoft != $plugin_is_viathinksoft) { |
throw new OIDplusException(_L('Plugin "%1" is misplaced',$plugintype_folder.'/'.$pluginname_folder).': '._L('The plugin is in the wrong folder. The folder %1 can only be used by official ViaThinkSoft plugins','plugins/viathinksoft/')); |
} |
if ($dir_is_viathinksoft != $class_is_viathinksoft) { |
throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('Third-party plugins must not use the ViaThinkSoft PHP namespace. Please use your own vendor namespace.')); |
|
// Additional check: does the plugin define JS/CSS although it is not an interactive plugin type? |
$has_js = $manifest->getJSFiles(); |
$has_css = $manifest->getCSSFiles(); |
$is_interactive = in_array(basename($plugintype_folder), OIDplus::INTERACTIVE_PLUGIN_TYPES); |
$is_design = basename($plugintype_folder) === 'design'; |
if (!$is_interactive && $has_js) { |
throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('%1 files are included in the manifest XML, but this plugin type does not allow such files.','JavaScript')); |
} |
if (!$is_interactive && !$is_design && $has_css) { |
throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('%1 files are included in the manifest XML, but this plugin type does not allow such files.','CSS')); |
} |
|
$known_plugin_oids[$plugin_oid] = $plugintype_folder.'/'.$pluginname_folder; |
// Additional check: Check "Setup CSS" and "Setup JS" (Allowed for plugin types: database, captcha) |
$has_js_setup = $manifest->getJSFilesSetup(); |
$has_css_setup = $manifest->getCSSFilesSetup(); |
$is_database = basename($plugintype_folder) === 'database'; |
$is_captcha = basename($plugintype_folder) === 'captcha'; |
if (!$is_database && !$is_captcha && $has_js_setup) { |
throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('%1 files are included in the manifest XML, but this plugin type does not allow such files.','Setup JavaScript')); |
} |
if (!$is_database && !$is_captcha && $has_css_setup) { |
throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('%1 files are included in the manifest XML, but this plugin type does not allow such files.','Setup CSS')); |
} |
|
// Additional check: Are all CSS/JS files there? |
$tmp = $manifest->getManifestLinkedFiles(); |
foreach ($tmp as $file) { |
if (!file_exists($file)) { |
throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('File %1 was defined in manifest, but it is not existing',$file)); |
} |
} |
|
// For the next check, we need an instance of the object |
$obj = new $class_name(); |
|
// Additional check: Does the plugin misuse implementsFeature()? |
// This is not enabled b default, because the GUID generation is slow on some machines. |
// Also, it is very unlikely that someone misuses implementsFeature(). |
if (OIDplus::baseConfig()->getValue('DEBUG')) { |
if ($obj->implementsFeature($fake_feature)) { |
// see https://devblogs.microsoft.com/oldnewthing/20040211-00/?p=40663 |
876,16 → 915,8 |
} |
} |
|
// TODO: Maybe as additional plugin-test, we should also check if plugins are allowed to define CSS/JS, i.e. the plugin type is element of OIDplus::INTERACTIVE_PLUGIN_TYPES |
$tmp = $manifest->getManifestLinkedFiles(); |
foreach ($tmp as $file) { |
if (!file_exists($file)) { |
throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('File %1 was defined in manifest, but it is not existing',$file)); |
} |
} |
|
// Now we can continue |
|
$known_plugin_oids[$plugin_oid] = $plugintype_folder.'/'.$pluginname_folder; |
$out[] = $class_name; |
if (!is_null($registerCallback)) { |
call_user_func($registerCallback, $obj); |
1175,7 → 1206,7 |
|
private static function recognizeSystemUrl() { |
try { |
$url = OIDplus::webpath(null,self::PATH_ABSOLUTE_CANONICAL); // TODO: canonical or not? |
$url = OIDplus::webpath(null,self::PATH_ABSOLUTE_CANONICAL); |
OIDplus::config()->setValue('last_known_system_url', $url); |
} catch (\Exception $e) { |
} |
1462,7 → 1493,7 |
$ver_now = OIDplus::getVersion(); |
if (($ver_now != '') && ($ver_prev != '') && ($ver_now != $ver_prev)) { |
// TODO: Problem: When the system was updated using SVN, then the IP address of the next random visitor of the website is logged! |
OIDplus::logger()->log("[INFO]A!", "System version changed from '$ver_prev' to '$ver_now'"); |
OIDplus::logger()->log("[INFO]A!", "Detected system version change from '$ver_prev' to '$ver_now'"); |
|
// Just to be sure, recanonize objects (we don't do it at every page visit due to performance reasons) |
self::recanonizeObjects(); |