Disable by default plugin installer
- There is no code review or any approval process to submit a plugin. - Anyone can submit a backdoor as plugin. - This is up to the Kanboard instance owner to validate if a plugin is legit.
This commit is contained in:
@@ -24,8 +24,8 @@ define('PLUGINS_DIR', __DIR__.DIRECTORY_SEPARATOR.'plugins');
|
||||
// Plugins directory URL
|
||||
define('PLUGIN_API_URL', 'https://kanboard.org/plugins.json');
|
||||
|
||||
// Enable/Disable plugin installer
|
||||
define('PLUGIN_INSTALLER', true);
|
||||
// Enable/Disable plugin installer (Disabled by default for security reason)
|
||||
define('PLUGIN_INSTALLER', false);
|
||||
|
||||
// Available cache drivers are "file" and "memory"
|
||||
define('CACHE_DRIVER', 'memory');
|
||||
|
||||
Reference in New Issue
Block a user