Welcome to Geeklog Tuesday, November 19 2019 @ 03:25 pm EST

Geeklog Forums

suggestion for handling phpblocks


Status: offline

remy

Forum User
Full Member
Registered: 09/06/03
Posts: 150
Location:Rotterdam & Bonn
I read in the developers manual:
If you have files that are located outside the webtree, like those located in the plugins/{plugin} directory, then put them in a directory called blocks/{block} at the same level as the plugins directory.


However all phpblocks seem to end in lib-custom. I find this odd.

Starting with the original groupAccessCheck of Blaine, I put that phpblock into /blocks and added to lib-custom:
/**
* My custom includer for all phpblocks in /blocks/
*/

foreach (glob($_CONF['path'] . 'blocks/phpblock_*.php'Wink as $phpBlock) {
include $phpBlock;
}


Ran into several errors with this block, corrected this, corrected that, and now it runs okay. My goal was to create a drop-in directory for phpblocks in stead of maintaining lib-custom. However, this idea is too simple to go with? Did I overlook some terrible security vulnerability? Is this mechanism okay to use? Am I safe?

Next move could be to adjust the Block admin to show a dropdown with available phpBlocks that can be configured.
 Quote

Status: offline

Laugh

Site Admin
Admin
Registered: 27/09/05
Posts: 1384
It should be fine as long as it is not inside the webtree (as you stated it is not).

You may also want to add to each of the files at the beginning (changing the filename to the actual filename):

[code]if (strpos(strtolower($_SERVER['PHP_SELF']), filename.php'Wink !== false) {
die('This file can not be used on its own.'Wink;
}[/code]

just as a double check.

Tom
One of the Geeklog Core Developers.
 Quote

All times are EST. The time is now 03:25 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content