Textpattern CMS support forum

You are not logged in. Register | Login | Help

#11 2014-07-23 20:56:15

Gocom
Plugin Author
Registered: 2006-07-14
Posts: 4,524
Website

Re: unregistered tag notice

gomedia wrote #282117:

Are we moving towards a walled garden?

It’s mainly about fixing security vulnerability vector. As you can call any userland function from templates, you can also potentially craft tags that can execute malicious code. Not to mention the lack of registry creates collisions with PHP’s namespace.

Currently you can merely mistype a tag, and it may execute some random userland function that isn’t intended to be used as a tag. E.g. <txp:abc_deleted/> vs. <txp:abc_delete/> where the latter is a function responsible for uninstalling the plugin data.

Offline

#12 2016-01-07 20:09:29

jakob
Moderator
From: Germany
Registered: 2005-01-20
Posts: 2,612
Website

Re: unregistered tag notice

Just a note: I think the above should read:

if (class_exists('\Textpattern\Tag\Registry')) {
	Txp::get('\Textpattern\Tag\Registry')
		->register('abc_tag_does_this')
		->register('abc_tag_does_that')
		...
	;
}

with backslashes instead of underscores on both the first two lines.

Adi, it wasn’t like that in your adi_gps plugin I downloaded yesterday.

If I’m wrong (or the leading slashes are not required), please put me right.


TXP Builders – finely-crafted code, design and txp

Offline

#13 2016-01-07 21:29:56

gomedia
Plugin Author
Registered: 2008-06-01
Posts: 1,167
Website

Re: unregistered tag notice

jakob wrote #297289:

Adi, it wasn’t like that in your adi_gps plugin I downloaded yesterday.

You’re right … this stuffed up all my proactive plugin updates and I haven’t been able to sum up the time or inclination to go through it all again.

Offline

#14 2016-01-07 22:13:24

jakob
Moderator
From: Germany
Registered: 2005-01-20
Posts: 2,612
Website

Re: unregistered tag notice

Yes, I know. You’d been so proactive in updating them and then that!

That said, it’s essentially just a search and replace and renewed build/export to update them ;-)


TXP Builders – finely-crafted code, design and txp

Offline

Board footer

Powered by FluxBB