https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24631
--- Comment #25 from Marcel de Rooy <m.de.r...@rijksmuseum.nl> --- This part of GetPlugins is rather debatable: load $plugin_class; my $plugin = $plugin_class->new({ enable_plugins => $self->{'enable_plugins'} # loads even if plugins are disabled # FIXME: is this for testing without bothering to mock config? }); We should not execute it at all imo if we did not set enable_plugins. And the override flag enable_plugins here could well be a candidate for security problems. When we install a plugin, we could save the metadata that the interface needs into plugin_data ? Why read it every time? When we upgrade the plugin, we replace it. Why load every module on a plain GetPlugins call ? -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/