I kinda needed your opinion on the feasibility of a plugin that I wrote.
It lets certain users upload plugins as zip files, and after the administrator has a quick look into the contents it installs the uploaded plugin.
Background on the use case: My board game society has a website, and now the system is that I write plugins, I upload them to Google Drive, PM the mods, the mods take the plugins and install them, but this is getting quite tedious.
Especially since I keep rewriting them to fix small flaws and then have to go through the whole process again :P
Now it seems like I'll be granted access to the web hosting, so this plugin isn't strictly necessary anymore. It would still be faster and more convenient (IMHO) to use this plugin to install plugins than to log in to the webhost, extract the zip, etc. etc.
But if I'm using it I want it to be as safe as it can be. Could anyone take a look around if they see obvious security flaws?
The idea is that the main security comes from the authorization of the user by the Vanilla system.
But the user can get their account hacked. Which is why you need to copy a random string from the config file once to "prove" you can access the website's files on the computer you're currently using. This random string is then stored on the local storage of the computer.
But people can forget to log out and other people can access their computer, which is why you need to enter a seperate password other than your account password every time to approve/delete plugins. If someone messes up the password three times, the password is removed from the config file and you have to reset it by manually editing the config file before plugins can be approved or deleted again.
Filenames are stripped from these characters < > ' " since they have no business being in there anyway, and are stored in the database until after someone approved them, at which point they'll be written out as actual files again.
Thanks guys in advance for checking it out!