projects / GitHub / WoltLab / WCF.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0d0a2b1) | patch
Guarantee integrity of packages downloaded via a Plugin-Store StoreCode
authorAlexander Ebert <ebert@woltlab.com>
Tue, 28 Jun 2022 11:06:20 +0000 (13:06 +0200)
committerAlexander Ebert <ebert@woltlab.com>
Tue, 28 Jun 2022 12:28:16 +0000 (14:28 +0200)
commiteb1f573e7ddf8ac96baa80132284e1efc7c9659d
tree13f6f53360d4241dad007f367b5329700935de61tree | snapshot (tar.gz zip)
parent0d0a2b1fafdf0a5e9a542f643193b363df6a73e8commit | diff
Guarantee integrity of packages downloaded via a Plugin-Store StoreCode

The package system was unaware of the context of an installation request and permitted the download from unintended package servers.

This can cause the download to be initiated from a different server than the user expected, potentially causing the download of a modified version.

This commit fixes this issue by restricting the package sources to official servers only when the download via the Plugin-Storeā€˜s StoreCode is requested.
ts/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.ts diff | blob | blame | history
wcfsetup/install/files/js/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.js diff | blob | blame | history
wcfsetup/install/files/lib/data/package/update/PackageUpdateAction.class.php diff | blob | blame | history
wcfsetup/install/files/lib/data/package/update/server/PackageUpdateServer.class.php diff | blob | blame | history
WoltLab Suite Core (previously WoltLab Community Framework)