Users running a non-download version of Vanilla (pulled from github), on branch release/2019.016 or master from the last 2 weeks should upgrade to release/2019.017 or latest master for security reasons. Downloaded official open sources releases are not affected.
Addon directory fixes
The addon directory has some issues:
- If you go to an addon download page, the link to the author is broken (because the output of UserUrl is needlessly escaped again, even though userURL already sanatizes dangerous input).
- It completely ignores addon.json files in your zip file and it requires a PluginInfo array in your plugin file (even though that approach is deprecated). See this issue: https://github.com/vanilla/community/issues/135
- If your main class is class.Fancyplugin.php, it fails because it requires either class.FancyPlugin.plugin.php or default.php
- Plugins, applications and themes are now all addons. But there is no general addon type, so even if the addon directory would parse the addon.json file correctly, it wouldn't work because it has no type to file it under.
I think I fixed these various issues, but does someone have time to try out the fix / check the style requirements before I create a pull request?