<br><br><div><span class="gmail_quote">On 9/16/07, <b class="gmail_sendername">Philippe Jadin</b> <<a href="mailto:philippe.jadin@gmail.com">philippe.jadin@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On 9/16/07, Larry Garfield <<a href="mailto:larry@garfieldtech.com">larry@garfieldtech.com</a>> wrote:<br>><br>> If you can get an exploit that allows arbitrary PHP execution, then all you'd need to do is write a new hacked javascript file and then update the database with a new md5sum. Voila, it won't be detected.
<br>><br>> And having Drupal (or your OS, or browser, or anything else) auto-install files without asking you is a bad idea in general. The user/admin should always have to be notified of and pre-approve any changes to the installed software. To do otherwise is just begging for the system to auto-download its own crack.
<br><br><br>And from a different perspective, what is this thread about?<br>Automating jquery plugins install ? I smell the overengineering flux<br>:-)<br><br>- jquery UI has not been released yet, so it's hard to evaluate how to
<br>ship it with Drupal<br>- other jquery plugins have been known to be a decentralized thing,<br>and moving very fast (with api changes). Even if it's not the case<br>with UI, it's too new to evaluate<br>- we don't even know what Drupal will use from this jquery UI
<br>- we don't auto install Drupal modules why would we autoinstall jquery plugins ?</blockquote><div><br>OOH. Same idea here. I don't want auto-install them. But other people do.<br> </div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Imho auto install of jquery plugin is not needed. Fine grained control<br>of what is enabled or not is not very important.<br>I think that someone thrusted from Drupal UI module could create an<br>archive containing everything including UI widgets and images.
</blockquote><div><br>I was thinking that modules can define hook_jquery_plugins, which will auto-register the filenames and check if they exist (admins will download UI to sites/all/scripts). Then other modules could call jquery_include('ui', 'resizables') which would auto-include the resizables (from the UI module) and everything it depends on.
<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> This archive would be available ideally from the jquery website, as we<br>can't put this stuff on
d.o or eventually on a third party server.<br>Admin can dowload this archive inside the UI module and be confident<br>that it will work. Other modules would simply depend on UI module and<br>add_js() what is required for them.
<br><br>As long as the js is added to the page only when requested, it doesn't<br>matter if admin must upload a "big" archive inside Drupal UI module to<br>make it work.<br><br>my 0.02<br><br>Philippe<br></blockquote>
</div><br>