Adjusted the behavior of plugins/themes whitelists

gbrindisi · Jul 18, 2012 · b8e7cfe · b8e7cfe
1 parent 2071010
commit b8e7cfe
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 18 deletions.
diff --git a/wordpot.conf b/wordpot.conf
@@ -13,5 +13,20 @@ THEME       = 'twentyeleven'        # Theme directory name in use
 BLOGTITLE   = 'Random Ramblings'    # Title of the blog
 VERSION     = '2.8'                 # Version to mimick
 AUTHORS     = ['admin']             # Authors list
-PLUGINS     = []                    # Installed plugins list
-THEMES      = []                    # Installed themes list
+
+# ------------------------------------
+# Wordpress installed plugins & themes
+# ------------------------------------
+# By default every probe against plugins/themes is allowed
+# as long as PLUGINS and THEMES options are commented.
+# You can allow probes to certain elements:
+#
+#   PLUGINS = ['plugin1', 'plugin2']
+#
+# You can disallow every probes with an empty list:
+#
+#   PLUGINS = []
+#
+
+#PLUGINS     = []                    # Installed plugins list
+#THEMES      = []                    # Installed themes list
diff --git a/wordpot/helpers.py b/wordpot/helpers.py
@@ -36,29 +36,25 @@ def user_enumeration(args):
 # -----------------
 
 def is_plugin_whitelisted(plugin):
-    # If no whitelist has been set, return True
-    if len(app.config['PLUGINS']) == 0:
+    # If PLUGINS option doesn't exist allow all
+    if 'PLUGINS' not in app.config:
         return True
-
-    if plugin in app.config['PLUGINS']:
-        return True
-
+    else:
+        # Plugin is in the whitelist
+        if plugin in app.config['PLUGINS']:
+            return True
     return False
 
 # ----------------
 # Themes whitelist
 # ----------------
 
 def is_theme_whitelisted(theme):
-    # If no whitelist has been set, return True
-    if len(app.config['THEMES']) == 0:
-        return True
-
-    # If the theme probed is the theme in use
-    if theme == app.config['THEME']:
+    # If THEMES options doesn't exist allow all  
+    if 'THEMES' not in app.config:
         return True
-
-    if theme in app.config['THEMES']:
-        return True
-
+    else:
+        # Theme is in the whitelist
+        if theme in app.config['THEMES'] or theme == app.config['THEME']:
+            return True
     return False