HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Addon directory fixes
The addon directory has some issues:
- If you go to an addon download page, the link to the author is broken (because the output of UserUrl is needlessly escaped again, even though userURL already sanatizes dangerous input).
- It completely ignores addon.json files in your zip file and it requires a PluginInfo array in your plugin file (even though that approach is deprecated). See this issue: https://github.com/vanilla/community/issues/135
- If your main class is class.Fancyplugin.php, it fails because it requires either class.FancyPlugin.plugin.php or default.php
- Plugins, applications and themes are now all addons. But there is no general addon type, so even if the addon directory would parse the addon.json file correctly, it wouldn't work because it has no type to file it under.
I think I fixed these various issues, but does someone have time to try out the fix / check the style requirements before I create a pull request?