Welcome to Geeklog Monday, November 20 2017 @ 09:38 pm EST


Status: offline

remy

Forum User
Full Member
Registered: 09/06/2003
Posts: 141
Location:Rotterdam & Bonn
I read in the developers manual:
If you have files that are located outside the webtree, like those located in the plugins/{plugin} directory, then put them in a directory called blocks/{block} at the same level as the plugins directory.


However all phpblocks seem to end in lib-custom. I find this odd.

Starting with the original groupAccessCheck of Blaine, I put that phpblock into /blocks and added to lib-custom:
/**
* My custom includer for all phpblocks in /blocks/
*/

foreach (glob($_CONF['path'] . 'blocks/phpblock_*.php'Wink as $phpBlock) {
include $phpBlock;
}


Ran into several errors with this block, corrected this, corrected that, and now it runs okay. My goal was to create a drop-in directory for phpblocks in stead of maintaining lib-custom. However, this idea is too simple to go with? Did I overlook some terrible security vulnerability? Is this mechanism okay to use? Am I safe?

Next move could be to adjust the Block admin to show a dropdown with available phpBlocks that can be configured.

Status: offline

Laugh

Site Admin
Admin
Registered: 27/09/2005
Posts: 1240
It should be fine as long as it is not inside the webtree (as you stated it is not).

You may also want to add to each of the files at the beginning (changing the filename to the actual filename):

PHP Formatted Code
if (strpos(strtolower($_SERVER['PHP_SELF']), filename.php') !== false) {
    die('
This file can not be used on its own.');
}


just as a double check.

Tom
One of the Geeklog Core Developers.

All times are EST. The time is now 09:38 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content