Welcome to Geeklog, Anonymous Sunday, March 03 2024 @ 02:02 pm EST

Geeklog Forums

suggestion for handling phpblocks

Status: offline


Forum User
Full Member
Registered: 06/09/03
Posts: 162
Location:Rotterdam & Bonn
I read in the developers manual:
If you have files that are located outside the webtree, like those located in the plugins/{plugin} directory, then put them in a directory called blocks/{block} at the same level as the plugins directory.

However all phpblocks seem to end in lib-custom. I find this odd.

Starting with the original groupAccessCheck of Blaine, I put that phpblock into /blocks and added to lib-custom:
* My custom includer for all phpblocks in /blocks/

foreach (glob($_CONF['path'] . 'blocks/phpblock_*.php'Wink as $phpBlock) {
include $phpBlock;

Ran into several errors with this block, corrected this, corrected that, and now it runs okay. My goal was to create a drop-in directory for phpblocks in stead of maintaining lib-custom. However, this idea is too simple to go with? Did I overlook some terrible security vulnerability? Is this mechanism okay to use? Am I safe?

Next move could be to adjust the Block admin to show a dropdown with available phpBlocks that can be configured.

Status: offline


Site Admin
Registered: 09/27/05
Posts: 1468
It should be fine as long as it is not inside the webtree (as you stated it is not).

You may also want to add to each of the files at the beginning (changing the filename to the actual filename):

Text Formatted Code
if (strpos(strtolower($_SERVER['PHP_SELF']), filename.php') !== false) {
    die('This file can not be used on its own.');

just as a double check.

One of the Geeklog Core Developers.

All times are EST. The time is now 02:02 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content