Why not adding a new kind of function in mybb plugins to remove permanently files?
Together with
_info()
_install()
_uninstall()
_is_installed()
_activate()
_deactivate()
// etc..
add a function like this
_remove()
{
$mybb->plugin_unlink("file.php");
}
that adds a link in mybb acp that allows you to delete permanently the files
It could be used to delete other files if the plugin is malicious.
(2013-05-19, 06:15 PM)Josh H. Wrote: [ -> ]It could be used to delete other files if the plugin is malicious.
A malicious plugin can be used for so much more than deleting files, that wouldn't be much of a concern.
(2013-05-19, 06:22 PM)Paul H. Wrote: [ -> ] (2013-05-19, 06:15 PM)Josh H. Wrote: [ -> ]It could be used to delete other files if the plugin is malicious.
A malicious plugin can be used for so much more than deleting files, that wouldn't be much of a concern.
I was just giving the example that pertained directly to this. A plugin could wipe out a MyBB install (DB and files), and if on an unsecured server, could kill more than one account.
You are missing the point, Josh H.-- any plugin can delete files with or without the proposed change.
(2013-05-19, 09:47 PM)Wildcard Wrote: [ -> ]You are missing the point, Josh H.-- any plugin can delete files with or without the proposed change.
True... *hits head on desk, facepalming ensues*. I guess I need to go back to bed and sleep the day away
.
Maybe a plugin system that allows you to upload ZIP files (each plugin is a ZIP file), and then install it, with the above possibility to completely delete the plugin files right from the Admin CP.
Again there are pros and cons, one of the strongest pros, is that when you uninstall a plugin, you are more than likely willing to delete it from the server anyway.
Actually... I just thought about this for a second.
Since plugins will be in their own folders, then we could probably just unlink all of the files in that plugin's directory and then remove the directory. Then we aren't allowing other files to be specified.
(2013-05-19, 10:36 PM)Time_to_start Wrote: [ -> ]Maybe a plugin system that allows you to upload ZIP files (each plugin is a ZIP file), and then install it, with the above possibility to completely delete the plugin files right from the Admin CP.
Again there are pros and cons, one of the strongest pros, is that when you uninstall a plugin, you are more than likely willing to delete it from the server anyway.
The biggest con is if someone gains unauthorized access to the ACP they can upload any type of file. We could build something on mybb.com to allow users to fetch mods directly from the mods site but security has to come first.
(2013-05-19, 10:36 PM)Time_to_start Wrote: [ -> ]Maybe a plugin system that allows you to upload ZIP files (each plugin is a ZIP file), and then install it, with the above possibility to completely delete the plugin files right from the Admin CP.
Again there are pros and cons, one of the strongest pros, is that when you uninstall a plugin, you are more than likely willing to delete it from the server anyway.
That's the plugin Plugin Uploader in a nutshell. Matt will probably update it for 1.8 and 2.0, unless the team does build an Uploader. iirc 1.8 is feature frozen, so unless someone commits it, it'll be coming in 2.0 at the earliest.