Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-31 19:15:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: validate plugin id in toggleActive

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2024-01-16 10:13:50 -05:00
parent 92ffc57cce
commit 76f3efff8f
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
public/language/en-GB/error.json
View File

@@ -255,6 +255,7 @@
"no-connection": "There seems to be a problem with your internet connection", "no-connection": "There seems to be a problem with your internet connection",
"socket-reconnect-failed": "Unable to reach the server at this time. Click here to try again, or try again later", "socket-reconnect-failed": "Unable to reach the server at this time. Click here to try again, or try again later",
"invalid-plugin-id": "Invalid plugin ID",
"plugin-not-whitelisted": "Unable to install plugin – only plugins whitelisted by the NodeBB Package Manager can be installed via the ACP", "plugin-not-whitelisted": "Unable to install plugin – only plugins whitelisted by the NodeBB Package Manager can be installed via the ACP",
"plugins-set-in-configuration": "You are not allowed to change plugin state as they are defined at runtime (config.json, environmental variables or terminal arguments), please modify the configuration instead.", "plugins-set-in-configuration": "You are not allowed to change plugin state as they are defined at runtime (config.json, environmental variables or terminal arguments), please modify the configuration instead.",
"theme-not-set-in-configuration": "When defining active plugins in configuration, changing themes requires adding the new theme to the list of active plugins before updating it in the ACP", "theme-not-set-in-configuration": "When defining active plugins in configuration, changing themes requires adding the new theme to the list of active plugins before updating it in the ACP",

5
src/plugins/install.js
View File

@@ -12,7 +12,7 @@ const request = require('../request');
const db = require('../database'); const db = require('../database');
const meta = require('../meta'); const meta = require('../meta');
const pubsub = require('../pubsub'); const pubsub = require('../pubsub');
const { paths } = require('../constants'); const { paths, pluginNamePattern } = require('../constants');
const pkgInstall = require('../cli/package-install'); const pkgInstall = require('../cli/package-install');
const packageManager = pkgInstall.getPackageManager(); const packageManager = pkgInstall.getPackageManager();
@@ -60,6 +60,9 @@ module.exports = function (Plugins) {
winston.error('Cannot activate plugins while plugin state is set in the configuration (config.json, environmental variables or terminal arguments), please modify the configuration instead'); winston.error('Cannot activate plugins while plugin state is set in the configuration (config.json, environmental variables or terminal arguments), please modify the configuration instead');
throw new Error('[[error:plugins-set-in-configuration]]'); throw new Error('[[error:plugins-set-in-configuration]]');
} }
if (!pluginNamePattern.test(id)) {
throw new Error('[[error:invalid-plugin-id]]');
}
const isActive = await Plugins.isActive(id); const isActive = await Plugins.isActive(id);
if (isActive) { if (isActive) {
await db.sortedSetRemove('plugins:active', id); await db.sortedSetRemove('plugins:active', id);