Michael B Allen wrote:
To be able to upload a package file, the web server
needs write access
to the extensions directory. This is fatally flawed because anyone who
can run a web script can now overwrite your auth plugin with their own
hacked version of it.
So whatever you do, just make sure you can always do it the old-fashioned
way - putting the file to the extensions dir and adding two lines to
LocalSettings.php.
Mike
Trying to make an Extension to add the extensions is a bit like pushing
the line.
I'd make it a separate app. Either a php script *to run from the shell*
or a complete GUI app intended to be run on the user local system.
The user would only need to have a local copy of the web files, point
the script to that folder to update, and then synchronise this folder
with the server directory.
It can also check for some common errors, like the BOM on LocalSettings.