https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24631
--- Comment #44 from Kyle M Hall <[email protected]> --- (In reply to David Cook from comment #40) > I'm a bit confused. > > So you're storing metadata in PLUGIN.yml *and* in plugin_data depending on > the scenario? That seems suboptimal. > > Why not just use the plugin_data? You could read PLUGIN.yml into plugin_data > at install/upgrade time, and then treat the database as the source of truth. > > I suppose plugin_data is really more of a key-value data store, so maybe it > would be better to have a `plugins` table that stores 1 row per plugin for > standard plugin metadata. Then you use that for all plugin management > purposes. > > Doing it that way you would have 1 source of truth and you wouldn't have any > arbitrary code execution. > > For new plugins, you use PLUGIN.yml at install/upgrade time (after which it > becomes irrelevant). For old plugins, you use the insecure method of > extracting metadata from the plugin code. Then you eventually deprecate the > insecure method. In a nutshell, GetPluginsMetadata will look for plugin metadata in the database, and if it's not there, get it from the plugin via get_metadata and store it in the db. get_metadata looks in various places based on speed of access. First it looks in itself at the metadata key, then the metadata package var, then the database, then the PLUGIN.yml file. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
