Hi all folks!
this is just to communicate, i've just committed a modification to the
structure of modules which will offer security capabilities against
direct browser access to files like:
/mod/modulename/modulename_install.php , _uninstall.php, _upgrade.php,
_setup.php
This required a new piece of code to be put at the beginning of each of
the files listed above. This change is now also documented also in the
/docs/developers/module_installer_api.html document.
I tested the change with ALL our modules (userpage, mainpage, poll,
blocks, comments, hubit, calendar) and all worked fine with it (btw it
required hours to achieve this result ^_^)
Last but not least, I also fixed a wagon of bugs into module_installer,
which is now really fully functional (pheewwww! :)
I would thank expecially Ryan for his help pointing out all the bugs and
for acknowledging me about the potential security-issues in the (now
previous) structure of modules as the module_installer was requiring it
to be before this change :>
P.S.: now the hybrid module/index.php+module_install and _uninstall
structure is also accepted as fully legitimated choice (it not no more
marked "deprecated"/"not suggested") in
docs/developers/module_installer_api.html.
Hope this things will be useful as I thought implementing them :)
and now, please let me go to drink a barrel of coffee...YAWWWN! :>
Bye,
Alessandro
--
Alessandro "TXM" Pisani - al...@ti... - ICQ #2209087
phpWebSite Development Team http://phpwebsite.appstate.edu
INWO Project coordinator http://inwoproject.sourceforge.net
"I will carry you through, hicking and screaming,
and in the end you will thank me"
- Tyler Durden [from "Fight Club"]
|
