From 8cf8f9ef078b31473e9edcb4b9a61a80e3152c0c Mon Sep 17 00:00:00 2001
From: Frédéric Guillot <fred@kanboard.net>
Date: Wed, 30 Jan 2019 21:34:04 -0800
Subject: Disable by default plugin installer

- There is no code review or any approval process to submit a plugin.
- Anyone can submit a backdoor as plugin.
- This is up to the Kanboard instance owner to validate if a plugin is legit.
---
 app/constants.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/constants.php b/app/constants.php
index af26856f..21f911f7 100644
--- a/app/constants.php
+++ b/app/constants.php
@@ -21,7 +21,7 @@ defined('CACHE_DIR') or define('CACHE_DIR', DATA_DIR.DIRECTORY_SEPARATOR.'cache'
 // Plugins settings
 defined('PLUGINS_DIR') or define('PLUGINS_DIR', ROOT_DIR.DIRECTORY_SEPARATOR.'plugins');
 defined('PLUGIN_API_URL') or define('PLUGIN_API_URL', 'https://kanboard.org/plugins.json');
-defined('PLUGIN_INSTALLER') or define('PLUGIN_INSTALLER', true);
+defined('PLUGIN_INSTALLER') or define('PLUGIN_INSTALLER', false); // Disabled by default for security reason
 
 // Enable/disable debug
 defined('DEBUG') or define('DEBUG', strtolower(getenv('DEBUG')) === 'true');
-- 
cgit v1.2.3