Sorky - PE admincp_plugin
 

Purpose
This Mod is designed to be used by other Mods or PlugIns.

Its primary purpose is very basic - to add hooks to the hook selection list in the PlugIn editor. This is so that other Mods or PlugIns can be created with their own hooks and means that they can add their hooks to the PlugIn Manager, so that they can be edited in the Plugin Manager, without the need to create and upload an XML file.

It's secondary purpose is a lot more interesting - it allows the content of plugin.php to be edited by a PlugIn prior to execution, thus allowing for code level edits to be performed without the administrator having to edit the php file directly. This is how the hook required for the primary purpose is inserted into the code without a file edit.

The name comes from the secondary purpose as it is a lot more interesting ;)

Programmatically Edit admincp/plugin.php before execution through a hook

It reads the content of the original admincp/plugin.php and provides a hook that allows the content to be changed by any PlugIn before executing the content, thus effectively making the admincp/plugin.php file Programmatically Editable.

It then uses this ability to add a hook in admincp/plugin.php that this and other PlugIns can use to make further hooks available for use in the admin control panel. No need to load the XML files!

Once again, this Mod is primarily provided to be used by other Mods/PlugIns. Note: Any product that uses this capability should mark this product as a dependency.

• Programmatically Edit admincp/plugin.php from within PlugIns
• Add hooks to the pull-down hook list without installing an XML file

Installation
Import XML file (as product): AdminCP > Plugin System > Manage Products > [Add/Import Product]

Important: On installation it automatically renames admincp/plugin.php and installs a special stub to replace it - No user edit is required. The existing file remains unchanged (just renamed). Uninstallation will restore your original file just as it was. You don't have to worry. Simply load the product and everything else is taken care of for you! ;)

Options
To set this plugin's options go to: AdminCP > vBulletin Options > Sorky18 - Customize Announcements

Versions
v1.0.0 - 16th of May, 2009 = Launch (click here)
V1.0.1 - 19th of May, 2009 = Minor improvement (click here)

More Information
See v1.0.0 post (click here)

This Mod is provided to be used by other Mods/PlugIns

Creates two hooks...

• admincp_plugin_dynamicmodify

  Use this to Programmatically Edit admincp/plugin.php. See the PlugIn for an example

• admincp_plugin_addhooks

  Use this to Programmatically add your own hooks. See the PlugIn for an example

No screen shots (no need)

One (1) option: Debug - Outputs the modified code to a file for analysis

Special Reference
This PlugIn should still work even if the admincp/plugin.php file has been manually edited, as long as...

The first 25 lines are unchanged
Line 25 = require_once('./global.php');
Line 438 is still "uksort($hooklocations, 'strnatcasecmp');" [ie: it has not moved]

I'm curious about the security. Is it remotely possible to inject code via the new hook to execute sql modifications through the admincp? How does the mod allow other mods to execute code, I would think a permission error would come up?

Seems interesting, just don't know if hooks in the admincp are safe.

You can do SQL modifications through any hook.

There are already hooks in there, just (as any coder will attest) not always in the places that are needed.

And in answer to the security question... ANY PlugIn that has installation code could erase an SQL db or wipe a hard drive!!! It's not the PlugIn that's the problem, it's the ability to install one, which basically comes down to access to the Administrator Control Panel. A good idea to always add extra security to your admincp directory to restrict who can access it!

I'm not talking about installing the plugin, I'm talking about exploiting the new hook to execute code with a higher permission base.

I haven't played around with the admincp files much at all but as far as I know it doesn't use the template system nor does it use any of the standard hooks. Adding a hook to the files in the admincp could ease life for everyone sure, but as I'm not sure about how it works I guess I'll just wait and see what others think.

Of course there are standard hooks in the admincp.

It sure does... Just open plugin.php and go to line 2555 ;) Many of the functions that it calls also have hooks as well

Just relocated the initial dynamic edits from the plugin to the stub php file to ensure that the Mod (or its PlugIns) can be disabled.

Note: Must uninstall then re-install

PS: The product was designed on 3.8.2 and as such the plugin.php file of other 3.8.x versions should conform but should be checked to be sure. I also have versions with the changes that are required for 3.6.x and 3.7.x if anyone is interested.

im still confused on what this does...