Use sandbox to include every user defined PHP files

[ozh]

Since YOURLS 1.9 we have a foolproof sandbox to safely include PHP files, used for plugins :

YOURLS/includes/functions-plugins.php

Lines 682 to 696 in 27375bc

	/**
	* Plugin activation sandbox
	*
	* @since 1.8.3
	* @param string $pluginfile Plugin filename (full path)
	* @return string|true string if error or true if success
	*/
	function yourls_activate_plugin_sandbox( $pluginfile ) {
	try {
	include_once $pluginfile;
	return true;
	} catch ( \Throwable $e ) {
	return $e->getMessage();
	}
	}

Rename this function to make it more generic, update tests accordingly, and reuse it for :

Pages:

YOURLS/includes/functions-html.php

Line 865 in 27375bc

include_once( YOURLS_PAGEDIR . "/$page.php" );

Custom DB error:

YOURLS/includes/Database/YDB.php

Line 161 in 27375bc

include_once( YOURLS_USERDIR . '/db_error.php' );

Custom maintenance page:

YOURLS/includes/functions.php

Line 1052 in 27375bc

include_once( YOURLS_USERDIR.'/maintenance.php' );

Custom DB or cache layer:

YOURLS/includes/Config/Init.php

Lines 143 to 165 in 27375bc

	/**
	* @since 1.7.3
	* @return void
	*/
	public function include_db_files() {
	// Allow drop-in replacement for the DB engine
	if (file_exists(YOURLS_USERDIR.'/db.php')) {
	require_once YOURLS_USERDIR.'/db.php';
	} else {
	require_once YOURLS_INC.'/class-mysql.php';
	yourls_db_connect();
	}
	}
	/**
	* @since 1.7.3
	* @return void
	*/
	public function include_cache_files() {
	if (file_exists(YOURLS_USERDIR.'/cache.php')) {
	require_once YOURLS_USERDIR.'/cache.php';
	}
	}

(by the way, rename that "cache.php" to something understandable -- must-use-plugin.php? unconditional-use-plugin.php?)

[ozh]

And document those "special files" damnit -- #3045

[ehthxC7x9D]

Added PR #3478 with changes but did not rename cache.php. The entire verbiage around 'cache' is confusing to me. Could this be its own issue with a more apt description of what it is? Is it a cache layer or an always on plugin, or...?

eg
"// Allow early inclusion of a cache layer"
vs
"// Allow early inclusion of always on plugin layer"

[ozh]

Yeah the wording used for this file is especially poor :-) I think it's more "always-on plugins or custom files"

[ozh]

The case is settled. It's named "cache.php" because it stands for "Custom Additional Code for Hazardous Extensions" :)