search

Geeklog-Core / geeklog

Geeklog - The Secure CMS.
https://www.geeklog.net
24 stars 19 forks source link

Allow Plugins which are uninstalled that still have files on the website to be Deleted - Fix terminology with Uninstall and Delete to prevent Confusion #1099

Closed remyKobolski closed 2 years ago

remyKobolski commented 3 years ago

Some plugins allow access after de-installing, resulting in weird errors. This is seen in FAQ- and Faq Manager -plugin. They generate a sql error, since the tables are not present any more. Geeklog shows no links to de-installed plugins, but all code is still present and accessible by entering manually the appropriate hyperlink.

eSilverStrike commented 3 years ago

Under the Plugins page you can delete individual plugins. This removes all tables and database records related to the plugin. Geeklog does not delete the files for the plugin. You currently have to do that manually.

When plugins are disabled or deleted from the database the plugins own code in its funcitons.inc (which is the first file a plugin should include in most cases when a page is requested) is supposed to check to see if itself is installed and enabled on Geeklog, if not then it is suppose to exit gracefully.

It sounds like the FAQ and FAQ Manager plugin do not do this properly.

eSilverStrike commented 3 years ago

Maybe we should add a checkbox option for delete under "Uninstalled Plugins" so when someone deletes a plugin it also deletes the files. I will mark this as a feature request for this.

Looking at the plugins page, the "Plugin List" Delete option and column should probably be renamed to Uninstall to make it more clear on what you are actually doing.

remyKobolski commented 3 years ago

Sounds good.

I would prefer an option disable/enable on the plugins page. Disable would leave the database intact, so Admin can adjust the plugins configuration. This also means that installing a plugin results in a disabled state, and in order to incorporate the plugin, it should be enabled first I do see this as a security feature

Then, deleting a disabled plugin deletes the files and it's database tables, and warns the Admin to create a proper backup of the tables data.

Cheers.

On 29 sep. 2021 at 12:55, Tom @.***> wrote:

Maybe we should add a checkbox option for delete under "Uninstalled Plugins" so when someone deletes a plugin it also deletes the files. I will mark this as a feature request for this.

Looking at the plugins page, the "Plugin List" Delete option and column should probably be renamed to Uninstall to make it more clear on what you are actually doing.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

eSilverStrike commented 3 years ago

Plugins do have an enabled/disabled state though when plugins are disabled you would not be able to use the Geeklog Configuration page to adjust any of the disabled plugins settings. Just like when a plugin is uninstalled though if a plugin is disabled and someone visits one of the plugin pages, the plugin itself needs to check for this and handle it gracefully (as the page request is handled directly by the page and not routed through Geeklog itself first.

remyKobolski commented 3 years ago

when plugins are disabled you would not be able to use the Geeklog Configuration page to adjust any of the disabled plugins settings

Well, this becomes a feature request?

On 29. Sep 2021, at 13:44, Tom @.***> wrote:

Plugins do have an enabled/disabled state though when plugins are disabled you would not be able to use the Geeklog Configuration page to adjust any of the disabled plugins settings. Just like when a plugin is uninstalled though if a plugin is disabled and someone visits one of the plugin pages, the plugin itself needs to check for this and handle it gracefully (as the page request is handled directly by the page and not routed through Geeklog itself first.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Geeklog-Core/geeklog/issues/1099#issuecomment-930099109, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHMY6ZB7JYWKLXQ4QM6UBEDUEL3Y5ANCNFSM5E2IKD2A. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

eSilverStrike commented 3 years ago

If you would like this feature you can make a separate feature request for it. It should be feasible without breaking plugin compatibility but more research would have to be done.

eSilverStrike commented 2 years ago

Okay so I have fixed the confusion of using delete instead of uninstall on the plugins page.

If the admin has plugin.install and plugin.upload access then they will also be able to delete the default plugin files and directories found in the directories:

plugins/plugin_name public_html/plugins/plugin_name public_html/admin/plugins/plugin_name

The plugin has to be uninstalled first before you can delete the files. The plugin delete is found in the Plugins Uninstalled list.

If the plugin has files outside these directories then they will not be deleted.