[QGIS-Developer] Mitigating security risks of the Official Plugin Repository

Daniel Silk dsilk at linz.govt.nz
Thu Jan 25 16:47:12 PST 2018


From: Luigi Pirelli [luipir at gmail.com]
Sent: Friday, January 26, 2018 12:24 PM
To: Daniel Silk
Cc: qgis-developer at lists.osgeo.org
Subject: Re: [QGIS-Developer] Mitigating security risks of the Official Plugin Repository

> btw, di d you try to override with a custom function with filter capability?

Yes, I did this in my startup script:

import pyplugin_installer

repos = pyplugin_installer.installer_data.Repositories

def trusted_url_params(self):
    """Add trusted parameter to be included in every request"""
    v = str(QGis.QGIS_VERSION_INT)
    return "?qgis={}.{}&trusted=true".format(int(v[0]), int(v[1:3]))

repos.urlParams = trusted_url_params

and while trusted=true then appeared in the plugin manager interface,
it did not filter the repository list. So looks like that parameter wasn't
supported after all.

________________________________

This message contains information, which may be in confidence and may be subject to legal privilege. If you are not the intended recipient, you must not peruse, use, disseminate, distribute or copy this message. If you have received this message in error, please notify us immediately (Phone 0800 665 463 or info at linz.govt.nz) and destroy the original message. LINZ accepts no responsibility for changes to this email, or for any attachments, after its transmission from LINZ. Thank You.


More information about the QGIS-Developer mailing list