(original thread)Extension installer - new way to install extensions | Page 6

Discussion in 'Skins and Plugins Installer (MPEI)' started by dukus, February 25, 2007.

Thread Status:
Not open for further replies.
  1. idioteque
    • Premium Supporter

    idioteque Retired Team Member

    Joined:
    September 29, 2005
    Messages:
    609
    Likes Received:
    9
    Ratings:
    +9 / 0
    Home Country:
    Netherlands Netherlands
    just curious, was or is it the installer or is / was it the MPI file that is not created ok ?


     
  2. Google AdSense Guest Advertisement



    to hide all adverts.
  3. piranha
    • Premium Supporter

    piranha MP Donator

    Joined:
    September 17, 2005
    Messages:
    370
    Likes Received:
    10
    Ratings:
    +10 / 0
    Do you mean it has finally been included in MP SVN?
     
  4. dukus

    dukus Portal Pro

    Joined:
    January 20, 2006
    Messages:
    783
    Likes Received:
    370
    Ratings:
    +371 / 0
    Home Country:
    Romania Romania
    Yes, it is included in MP SVN and we try to make a new site for supporting mpi files for updating and downloading.
    But the program need to be tested....., and support from extension developers

    The problem was in installer the package it is mostly ok
     
  5. Bram

    Bram Portal Pro

    Joined:
    December 12, 2005
    Messages:
    851
    Likes Received:
    3
    Occupation:
    Webapplication Developer (PHP, AJAX, MySQL, Backba
    Location:
    's-Hertogenbosch
    Ratings:
    +3 / 0
    Home Country:
    Netherlands Netherlands
    I've started scripting a bit (I'll have more time in some weeks) on the php interface.
    What is making a bit more difficult is that the webserver of mediaportal is giving me no errors at all. Even with the error repoting flag set to ALL I can't get any error reports. Is there something I can do about that myself? It would speed up the development.
     
  6. dukus

    dukus Portal Pro

    Joined:
    January 20, 2006
    Messages:
    783
    Likes Received:
    370
    Ratings:
    +371 / 0
    Home Country:
    Romania Romania
    try this
    ini_set('display_errors',1);
    work for me
     
  7. Bram

    Bram Portal Pro

    Joined:
    December 12, 2005
    Messages:
    851
    Likes Received:
    3
    Occupation:
    Webapplication Developer (PHP, AJAX, MySQL, Backba
    Location:
    's-Hertogenbosch
    Ratings:
    +3 / 0
    Home Country:
    Netherlands Netherlands
    Thank you. It's not giving all errors now, but enough.

    I've got the upload part (from a web interface of course) working with all possible checks. The most thorough one is the mime type check. But with the mpi extension that's a bit difficult. It makes php not recognize the file as a zip. The mime type it returns is "application/octet-stream". Which is the same as "*". In other words.... Allowing this mime type will create a security issue. If someone who would want to harm the server could break the login security, or in any other way could obtain access to the upload possibility, he could upload a file with any unknown extension (an executable script for example). This person would also have to hack the server again thrue another method to execute the file. If he would succeed in that he could do anything he wants with the server (everything the webserver allows). Read source files (database passwords .... etc.), delete and modify files....and so on.

    It's not a very big risk, but it's there. This is all because of the for php unknown mpi extension. Even though it really is a zip file.
    If I upload a zip file and restrict all other mime types the upload script is absolutely secure. But renaming the exact same file to *.mpi and uploading it results in having to allow all unknown file extensions.

    I'm not sure how secure the script has to be.
    One solution that I have already prepared is allowing only zip files to be uploaded. Then rename it to .mpi on the server. This would fix the security issue. Would that be a solution? Or should I ignore the security problem? It's highly unlikely anyone could ever gain (or want to gain) illegal access to the server to execute the illegally uploaded file (if one would even succeed uploading a harmfull file). But still, I like to be thorough.
     
  8. dukus

    dukus Portal Pro

    Joined:
    January 20, 2006
    Messages:
    783
    Likes Received:
    370
    Ratings:
    +371 / 0
    Home Country:
    Romania Romania
    You should ignore this issue, when a file is uploaded is stored database only when published it exist physically on server, but then it is tested of it is a valid mpi file (zip,and contain right xml file)
     
  9. lkuech
    • Premium Supporter

    lkuech Retired Team Member

    Joined:
    February 16, 2007
    Messages:
    576
    Likes Received:
    83
    Location:
    Hamburg
    Ratings:
    +83 / 0
    Home Country:
    Germany Germany
    Hi all.

    I just discovered this great "plugin". Awesome idea... (and awesome result of course ;))
    I definitely plan to release next versions of my plugins as MPI. The group function helps me a lot with my new version of the ViewmodeSwitcher, because the version needs to know if the tv channel has been changed I need separated dll files installed beside the plugin. I was thinking about building a small installer my self to keep the "nastiness" from my users. Know I can just use the MPInstaller :D

    I just did some brief test with the Installer: Could it be that the "Uninstall" function does not work right now? I get an "invalid package!" error. I use the SVN 15338.

    And a potential suggestion: If two packages came this the same file (maybe a sql dll copied to the mp root) than it would be helpful to think about a file counter (like the windows installer did that for dll files). Every installation that comes with the file increased the counter and decreased it during uninstall. That avoids that the removal of one of those packages "destroys" the other one.

    Bye
    Lars
     
  10. Bram

    Bram Portal Pro

    Joined:
    December 12, 2005
    Messages:
    851
    Likes Received:
    3
    Occupation:
    Webapplication Developer (PHP, AJAX, MySQL, Backba
    Location:
    's-Hertogenbosch
    Ratings:
    +3 / 0
    Home Country:
    Netherlands Netherlands
    It seems that I still don't have enough information.
    Could you make a document discribing the way you have in mind everything should work, step by step? I can help, but I need more info.
     
  11. THDBASED

    THDBASED Portal Pro

    Joined:
    January 30, 2006
    Messages:
    469
    Likes Received:
    2
    Occupation:
    Student
    Ratings:
    +2 / 0
    Home Country:
    Belgium Belgium
    Just a little off-topic question is this installer also going to be used to install skins? Because I was thinking about this the last couple of days. Because it is very hard to maintain a skin to be up to date with the latest version of MP there should be a way for Skin authors to upload there new files (updated ones for latest versions) to the SVN or some other place on the server and then hev a button in the settings part of the skin to update the skin to work with last version. I think this would really help out skin authors and because you are working on something similar it could be included in this project.
     
Loading...
Thread Status:
Not open for further replies.

Users Viewing Thread (Users: 0, Guests: 0)

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice
  • About The Project

    The vision of the MediaPortal project is to create a free open source media centre application, which supports all advanced media centre functions, and is accessible to all Windows users.

    In reaching this goal we are working every day to make sure our software is one of the best.

             

  • Support MediaPortal!

    The team works very hard to make sure the community is running the best HTPC-software. We give away MediaPortal for free but hosting and software is not for us.

    Care to support our work with a few bucks? We'd really appreciate it!