AS1024
/
Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Disable by default plugin installer 

- There is no code review or any approval process to submit a plugin.
- Anyone can submit a backdoor as plugin.
- This is up to the Kanboard instance owner to validate if a plugin is legit.
This commit is contained in:
Frédéric Guillot 2019-01-30 21:34:04 -08:00
parent a1c437bce8
commit 8cf8f9ef07
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/constants.php
View File

@ -21,7 +21,7 @@ defined('CACHE_DIR') or define('CACHE_DIR', DATA_DIR.DIRECTORY_SEPARATOR.'cache'
// Plugins settings
defined('PLUGINS_DIR') or define('PLUGINS_DIR', ROOT_DIR.DIRECTORY_SEPARATOR.'plugins');
defined('PLUGIN_API_URL') or define('PLUGIN_API_URL', 'https://kanboard.org/plugins.json');
defined('PLUGIN_INSTALLER') or define('PLUGIN_INSTALLER', true);
defined('PLUGIN_INSTALLER') or define('PLUGIN_INSTALLER', false); // Disabled by default for security reason
// Enable/disable debug
defined('DEBUG') or define('DEBUG', strtolower(getenv('DEBUG')) === 'true');

4
config.default.php
View File

@ -24,8 +24,8 @@ define('PLUGINS_DIR', __DIR__.DIRECTORY_SEPARATOR.'plugins');
// Plugins directory URL
define('PLUGIN_API_URL', 'https://kanboard.org/plugins.json');
// Enable/Disable plugin installer
define('PLUGIN_INSTALLER', true);
// Enable/Disable plugin installer (Disabled by default for security reason)
define('PLUGIN_INSTALLER', false);
// Available cache drivers are "file" and "memory"
define('CACHE_DRIVER', 'memory');