https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24631
--- Comment #40 from David Cook <[email protected]> --- I'm a bit confused. So you're storing metadata in PLUGIN.yml *and* in plugin_data depending on the scenario? That seems suboptimal. Why not just use the plugin_data? You could read PLUGIN.yml into plugin_data at install/upgrade time, and then treat the database as the source of truth. I suppose plugin_data is really more of a key-value data store, so maybe it would be better to have a `plugins` table that stores 1 row per plugin for standard plugin metadata. Then you use that for all plugin management purposes. Doing it that way you would have 1 source of truth and you wouldn't have any arbitrary code execution. For new plugins, you use PLUGIN.yml at install/upgrade time (after which it becomes irrelevant). For old plugins, you use the insecure method of extracting metadata from the plugin code. Then you eventually deprecate the insecure method. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
