Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Close #21: Don't import arbitrary globals from the query string #22

Merged
merged 1 commit into from Mar 16, 2017
Merged

Close #21: Don't import arbitrary globals from the query string #22

merged 1 commit into from Mar 16, 2017

Conversation

cmb69
Copy link
Member

@cmb69 cmb69 commented Feb 22, 2017

We only import white-listed globals from the query string for security
and sanity reasons. To keep the BC break as small as possible, we add
the globals used by the core to the white-list, and stick with the
current way to trigger the plugin administration. Plugins already using
XH_wantsPluginAdministration() are supposed to work as before. Other
extensions will have to be adapted, especially if they're making use of
this global import "feature" elsewhere (i.e. not only for the plugin
administration).

Particularly note that the TinyMCE plugin's administration is broken by
this commit, but this could easily be fixed, and TinyMCE is most likely
going to replaced anyway.

@cmb69
Close cmsimple-xh#21: Don't import arbitrary globals from the query s…
6d70c27 
…tring

We only import white-listed globals from the query string for security
and sanity reasons. To keep the BC break as small as possible, we add
the globals used by the core to the white-list, and stick with the
current way to trigger the plugin administration. Plugins already using
`XH_wantsPluginAdministration()` are supposed to work as before. Other
extensions will have to be adapted, especially if they're making use of
this global import "feature" elsewhere (i.e. not only for the plugin
administration).

Particularly note that the TinyMCE plugin's administration is broken by
this commit, but this could easily be fixed, and TinyMCE is most likely
going to replaced anyway.
@cmb69 cmb69 mentioned this pull request Feb 25, 2017
Closed
@cmb69 cmb69 merged commit 6d70c27 into cmsimple-xh:master Mar 16, 2017
@cmb69 cmb69 deleted the no-global-auto-import branch March 16, 2017 11:45
@cmb69 cmb69 mentioned this pull request Mar 16, 2017
Closed
@cmb69 cmb69 mentioned this pull request May 6, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@cmb69