github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-30 00:08:12 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Don't allow access to plugin page if plugin is not visible (#26431)

Browse Source 
Plugins that are hidden or disabled aren't shown in the plugins list at `/admin/plugins` because they cannot be changed. However, the `#show` route doesn't check for the plugin's state and responds with 200 and the plugin's info even if the plugin is hidden or disabled. This commit makes the `#show` route respond with 404 if the plugin is hidden or disabled.
This commit is contained in:
Osama Sayegh
2024-04-02 16:26:15 +03:00
committed by GitHub
parent 50caef6783
commit 3b86dee520
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/admin/plugins_controller.rb
View File

@ -16,7 +16,7 @@ class Admin::PluginsController < Admin::StaffController
# version of their plugin name for a route.
plugin = Discourse.plugins_by_name["discourse-#{params[:plugin_id]}"] if !plugin
raise Discourse::NotFound if !plugin
raise Discourse::NotFound if !plugin&.visible?
render_serialized(plugin, AdminPluginSerializer, root: nil)
end