[textpattern] r5885 committed - Disallow arbitrary variables in plugin preview
0 views
Skip to first unread message
textp...@googlecode.com
Sep 11, 2014, 4:55:33 PM9/11/14
to txp...@googlegroups.com
Revision: 5885
Author: stefdawson
Date: Thu Sep 11 20:55:23 2014 UTC
Log: Disallow arbitrary variables in plugin preview
https://code.google.com/p/textpattern/source/detail?r=5885
Modified:
/development/4.x/textpattern/include/txp_plugin.php
=======================================
--- /development/4.x/textpattern/include/txp_plugin.php Sun May 4 22:31:37
2014 UTC
+++ /development/4.x/textpattern/include/txp_plugin.php Thu Sep 11 20:55:23
2014 UTC
@@ -414,14 +414,13 @@
if ($plugin = @unserialize($plugin)) {
if (is_array($plugin)) {
- extract($plugin);
$source = '';
- if (isset($help_raw) && empty($plugin['allow_html_help']))
{
+ if (isset($plugin['help_raw']) &&
empty($plugin['allow_html_help'])) {
$textile = new Textpattern_Textile_Parser();
- $help_source = $textile->TextileRestricted($help_raw,
0, 0);
+ $help_source =
$textile->TextileRestricted($plugin['help_raw'], 0, 0);
} else {
- $help_source = highlight_string($help, true);
+ $help_source = highlight_string($plugin['help'], true);
}
$source.= highlight_string('<?php'.$plugin['code'].'?>',
true);
Author: stefdawson
Date: Thu Sep 11 20:55:23 2014 UTC
Log: Disallow arbitrary variables in plugin preview
https://code.google.com/p/textpattern/source/detail?r=5885
Modified:
/development/4.x/textpattern/include/txp_plugin.php
=======================================
--- /development/4.x/textpattern/include/txp_plugin.php Sun May 4 22:31:37
2014 UTC
+++ /development/4.x/textpattern/include/txp_plugin.php Thu Sep 11 20:55:23
2014 UTC
@@ -414,14 +414,13 @@
if ($plugin = @unserialize($plugin)) {
if (is_array($plugin)) {
- extract($plugin);
$source = '';
- if (isset($help_raw) && empty($plugin['allow_html_help']))
{
+ if (isset($plugin['help_raw']) &&
empty($plugin['allow_html_help'])) {
$textile = new Textpattern_Textile_Parser();
- $help_source = $textile->TextileRestricted($help_raw,
0, 0);
+ $help_source =
$textile->TextileRestricted($plugin['help_raw'], 0, 0);
} else {
- $help_source = highlight_string($help, true);
+ $help_source = highlight_string($plugin['help'], true);
}
$source.= highlight_string('<?php'.$plugin['code'].'?>',
true);
Reply all
Reply to author
Forward
0 new messages