Subject: suggestion for handling phpblocks

Posted on: 10/06/2013 06:15pm
By: remy

I read in the developers manual:
If you have files that are located outside the webtree, like those located in the plugins/{plugin} directory, then put them in a directory called blocks/{block} at the same level as the plugins directory.


However all phpblocks seem to end in lib-custom. I find this odd.

Starting with the original groupAccessCheck of Blaine, I put that phpblock into /blocks and added to lib-custom:
/**
* My custom includer for all phpblocks in /blocks/
*/

foreach (glob($_CONF['path'] . 'blocks/phpblock_*.php'Wink as $phpBlock) {
include $phpBlock;
}


Ran into several errors with this block, corrected this, corrected that, and now it runs okay. My goal was to create a drop-in directory for phpblocks in stead of maintaining lib-custom. However, this idea is too simple to go with? Did I overlook some terrible security vulnerability? Is this mechanism okay to use? Am I safe?

Next move could be to adjust the Block admin to show a dropdown with available phpBlocks that can be configured.

Re: suggestion for handling phpblocks

Posted on: 10/06/2013 07:58pm
By: Laugh

It should be fine as long as it is not inside the webtree (as you stated it is not).

You may also want to add to each of the files at the beginning (changing the filename to the actual filename):

PHP Formatted Code
if (strpos(strtolower($_SERVER['PHP_SELF']), filename.php') !== false) {
    die('
This file can not be used on its own.');
}


just as a double check.

Tom

Geeklog - Forum
https://www.geeklog.net/forum/viewtopic.php?showtopic=95059