From 162ac6923e2ac9017e496c9d21dcfa43885aa0d4 Mon Sep 17 00:00:00 2001
From: Jon Atkins <github@jonatkins.com>
Date: Mon, 3 Feb 2014 17:27:06 +0000
Subject: [PATCH] add code to detect known 'bad' plugins, and disable plugins
 in this case for user safety

---
 code/boot.js | 44 ++++++++++++++++++++++++++++++++++++++------
 1 file changed, 38 insertions(+), 6 deletions(-)

diff --git a/code/boot.js b/code/boot.js
index 2c2aab50..22838c92 100644
--- a/code/boot.js
+++ b/code/boot.js
@@ -562,15 +562,47 @@ function boot() {
 
   $('#sidebar').show();
 
-  if(window.bootPlugins)
-    $.each(window.bootPlugins, function(ind, ref) {
-      try {
-        ref();
-      } catch(err) {
-        console.error("error starting plugin: index "+ind+", error: "+err);
+  if(window.bootPlugins) {
+    // check to see if a known 'bad' plugin is installed. If so, alert the user, and don't boot any plugins
+    var badPlugins = {
+      'arc': 'Contains hidden code to report private data to a 3rd party server: <a href="https://plus.google.com/105383756361375410867/posts/4b2EjP3Du42">details here</a>',
+    };
+
+    // remove entries from badPlugins which are not installed
+    $.each(badPlugins, function(name,desc) {
+      if (!(window.plugin && window.plugin[name])) {
+        // not detected: delete from the list
+        delete badPlugins[name];
       }
     });
 
+    // if any entries remain in the list, report this to the user and don't boot ANY plugins
+    // (why not any? it's tricky to know which of the plugin boot entries were safe/unsafe)
+    if (Object.keys(badPlugins).length > 0) {
+      var warning = 'One or more known unsafe plugins were detected. For your safety, IITC has disabled all plugins.<ul>';
+      $.each(badPlugins,function(name,desc) {
+        warning += '<li><b>'+name+'</b>: '+desc+'</li>';
+      });
+      warning += '</ul><p>Please uninstall the problem plugins and reload the page. See this <a href="http://iitc.jonatkins.com/?page=faq#uninstall">FAQ entry</a> for help.</p><p><i>Note: It is tricky for IITC to safely disable just problem plugins</i></p>';
+
+      dialog({
+        title: 'Plugin Warning',
+        html: warning,
+        width: 400
+      });
+    } else {
+      // no known unsafe plugins detected - boot all plugins
+      $.each(window.bootPlugins, function(ind, ref) {
+        try {
+          ref();
+        } catch(err) {
+          console.error("error starting plugin: index "+ind+", error: "+err);
+          debugger;
+        }
+      });
+    }
+  }
+
   window.setMapBaseLayer();
   window.setupLayerChooserApi();