Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
plugins folder placement
#1
I know the plugins folder is in the admin directory, but is this the optimal placement?

I have a plugin that I'm working on that I would love to have all the files in the plugins dir, however, this brings up a small security issue.

When I call a file to include into my sites template, I must include the admin folder in the include.
So therefore if you look at my source it will show the name of the admin folder.

For those that change this folder name, this tells other people where it is.

Should plugins be in the data/ folder instead?
I really don't want to create a plugin that requires FTP installation in 2 spots. It doesn't make sense.
Maybe I'm just being over cautious.

Thanks
Clients always want to be able to change the content of their pages, but they are unwilling to do so.

Have you ever coded in your underwear before?
Reply
#2
Yes I think the same thing (not for security reasons, but for more flexibility and usability) and also make ckeditor folder outside of admin (to manage better the updates of CKEditor), inside of data/ folder or at the root level

Bye.
Sharing is human real nature...
Reply
#3
Sadly, I agree. What does everyone think:

1. Move it now, or wait to 3.0?
2. Where should I move it to?
- Chris
Thanks for using GetSimple! - Download

Please do not email me directly for help regarding GetSimple. Please post all your questions/problems in the forum!
Reply
#4
Move it now, before more plugins get developed.

My initial opinion was /data/plugins/ but now I think it should be /themes/plugins/ due the the data folder being 777 on most installs.
Clients always want to be able to change the content of their pages, but they are unwilling to do so.

Have you ever coded in your underwear before?
Reply
#5
i think root/plugins/ as there not a part of the theme or the data of the site.
Reply
#6
jamiewhiskers Wrote:i think root/plugins/
Yes move it there!
Also for ckeditor folder...
Sharing is human real nature...
Reply
#7
/themes/plugins/ sounds a lot odd indeed, as you would expect the themes folder to only include folders that correspond to themes. /plugins/ sounds like a plan, but something to ponder over is what access should be given to the folder. If it were just plugin PHP-files I would like the .htaccess to put a “deny all” on my files, but once people start developing bigger plugins with other resources this won’t do.

superyms Wrote:also make ckeditor folder outside of admin (to manage better the updates of CKEditor)
Why would we do this? CKEditor is only used by the admin panel so there is no reason to put it outside the admin folder. Besides that it is pretty much contained to one folder already, so I don’t understand the update argument…
“Don’t forget the important ˚ (not °) on the a,” says the Unicode lover.
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!
Reply
#8
Zegnåt Wrote:so I don’t understand the update argument

I think that not everyone knows where is the ckeditor actually...
I imagine it will be more easier for someone to update his ckeditor if it is more evident ..that's all ! nothing more...

Personally i understand your choice...i just thought it will make it simple (as GetSimple....lol).
Sharing is human real nature...
Reply
#9
Zegnåt Wrote:/themes/plugins/ sounds a lot odd indeed, as you would expect the themes folder to only include folders that correspond to themes. /plugins/ sounds like a plan, but something to ponder over is what access should be given to the folder. If it were just plugin PHP-files I would like the .htaccess to put a “deny all” on my files, but once people start developing bigger plugins with other resources this won’t do.

superyms Wrote:also make ckeditor folder outside of admin (to manage better the updates of CKEditor)
Why would we do this? CKEditor is only used by the admin panel so there is no reason to put it outside the admin folder. Besides that it is pretty much contained to one folder already, so I don’t understand the update argument…

Agreed with the Deny All, plugins should not be called directly, but from withing the system itsself.
Reply
#10
another vote for root/plugins for me.

Don't see any reason to move CKeditor as its part of admin.

M
My Github Repos: Github
Website: DigiMute
Reply
#11
ok, thats what i was thinking as well everyone. As for CKE, it should be up to us developers to upgrade it, not the individual users.

So move it now, or move it later? I've only seen one + for "Now"
- Chris
Thanks for using GetSimple! - Download

Please do not email me directly for help regarding GetSimple. Please post all your questions/problems in the forum!
Reply
#12
ccagle8 Wrote:ok, thats what i was thinking as well everyone. As for CKE, it should be up to us developers to upgrade it, not the individual users.

So move it now, or move it later? I've only seen one + for "Now"

for CKEditor it is not necessary, as i said it already, just a proposition! lol
but good news to hear for the plugins folder! i think it will be nicer to be done from now.

i will start to create few plugins soon...

Bye.

PS: @ccagle: you spoke about version 3.0 any roadmap ?
Sharing is human real nature...
Reply
#13
ccagle8 Wrote:So move it now, or move it later? I've only seen one + for "Now"
I vote for now. This should not matter anyway, as (those few existing) plugins should be using defined constants to get the right file paths and not contain any relative paths.
“Don’t forget the important ˚ (not °) on the a,” says the Unicode lover.
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!
Reply
#14
ok, now it is. Since just about everyone who's been around this forum lately has chimed in (and seen) this post. I will make sure that we have the plugins folder moved to /root/plugins.

I really wish I would have done this in the first place...
- Chris
Thanks for using GetSimple! - Download

Please do not email me directly for help regarding GetSimple. Please post all your questions/problems in the forum!
Reply
#15
superyms Wrote:PS: @ccagle: you spoke about version 3.0 any roadmap ?

No roadmap yet. This just seemed like a major change so I thought I would move it to 3.0 - not really knowing when that would happen
- Chris
Thanks for using GetSimple! - Download

Please do not email me directly for help regarding GetSimple. Please post all your questions/problems in the forum!
Reply
#16
vote - /root/plugins - Now.

Lets get it over and done with.
Reply
#17
now would be good, this will assist when updating to
new versions also. To easy to accidentally overwrite current
folder.
JWH Technologies
Have any marketing ideas for Get-Simple? Let me hear them!
Reply
#18
The good news is that out of the 6 plugins I have in the post in my signature, only 3 had very minor changes to be made in order to work with the new plugins folder location.

Hat tip to developers: use these define constants anywhere you can when developing plugins. Doing so worked wonderfully for me. (they are defined in common.php)
Code:
define('GSROOTPATH', get_root_path());
define('GSADMINPATH', get_admin_path());
define('GSADMININCPATH', get_admin_path(). 'inc/');
define('GSPLUGINPATH', get_root_path(). 'plugins/');
define('GSDATAOTHERPATH', get_root_path(). 'data/other/');
define('GSDATAPAGESPATH', get_root_path(). 'data/pages/');
define('GSDATAUPLOADPATH', get_root_path(). 'data/uploads/');
define('GSBACKUPSPATH', get_root_path(). 'backups/');
define('GSTHEMESPATH', get_root_path(). 'theme/');
- Chris
Thanks for using GetSimple! - Download

Please do not email me directly for help regarding GetSimple. Please post all your questions/problems in the forum!
Reply
#19
ccagle8 Wrote:Hat tip to developers: use defined constants anywhere you can when developing plugins. Doing so worked wonderfully for me.
Yeah, those are the ones I meant. The plugin I’m currently developing uses them. We could really use a documentation on stuff like this, eg. I’m using find_url() and would recommend everyone to do the same but it’s not really clear for people what functions are available and how they work.
“Don’t forget the important ˚ (not °) on the a,” says the Unicode lover.
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!
Reply
#20
Speaking of plugins and beating dead horses... Can we please have a Plugins folder on the forum now? Did I miss it?
Reply
#21
^ bump Smile

It'd be nice to talk specifics.
Clients always want to be able to change the content of their pages, but they are unwilling to do so.

Have you ever coded in your underwear before?
Reply




Users browsing this thread: 1 Guest(s)