Address all review feedback on plugin system

Security:
- Analytics: validate tracking ID with regex (alphanumeric + hyphens only)
- Social icons: escape URLs and labels with html.EscapeString
- Dynamic plugin loading now opt-in via ENABLE_DYNAMIC_PLUGINS env var

Concurrency:
- Scholar: use sync.Once for ensureScholar instead of bare nil check
- Scheduled jobs: copy r.db under RLock before using in goroutine
- Registry.Plugins() returns a copy of the internal slice

Robustness:
- Nil DB guards in getPluginSettings and InjectTemplateData
- Scholar OnInit: check for gorm.ErrRecordNotFound specifically
- Scholar OnInit: check db.Create error
- Dynamic loader: return descriptive error on type assertion failure
- Dynamic loader: document package main requirement
- Yaegi symbols: fix import path key, export Plugin interface
- Plugin registry stored on goblog struct, UpdateDb/Init/StartScheduledJobs
  called when wizard establishes DB connection

Admin UI:
- Fix duplicate plugin_footer_html injection in default footer
- Theme reload only fires when theme value actually changed
- Checkbox reverts on failed plugin toggle save
- SettingDefinition comment updated to match plugin_settings table

Migration:
- Narrow cleanup to known plugin prefixes instead of all dot-namespaced keys
- Registry test errors properly checked

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: compscidr

goblog.go

@@ -39,6 +39,7 @@ type goblog struct {
 	_blog              *blog.Blog
 	_auth              *auth.Auth
 	_admin             *admin.Admin
+	_registry          *gplugin.Registry
 	sessionKey         string
 	router             *gin.Engine
 	handlersRegistered bool
@@ -164,6 +165,9 @@ func (g goblog) rootHandler(c *gin.Context) {
 			g._auth.UpdateDb(db)
 			g._admin.UpdateDb(db)
 			g._wizard.UpdateDb(db)
+			g._registry.UpdateDb(db)
+			g._registry.Init()
+			g._registry.StartScheduledJobs()
 
 			if !isAuthConfigured() {
 				g._wizard.Landing(c)
@@ -299,26 +303,29 @@ func main() {
 	}
 	router.SetTrustedProxies(trustedProxies)
 
-	goblog := goblog{
-		_wizard:    &_wizard,
-		_blog:      &_blog,
-		_auth:      &_auth,
-		_admin:     &_admin,
-		sessionKey: sessionKey,
-		router:     router,
-	}
-
 	// Initialize plugin system
 	registry := gplugin.NewRegistry(db)
 	registry.Register(analytics.New())
 	registry.Register(socialicons.New())
 	registry.Register(scholarplugin.New())
-	gplugin.LoadDynamicPlugins(registry, "plugins/dynamic")
+	if os.Getenv("ENABLE_DYNAMIC_PLUGINS") == "true" {
+		gplugin.LoadDynamicPlugins(registry, "plugins/dynamic")
+	}
 	if db != nil {
 		registry.Init()
 		registry.StartScheduledJobs()
 	}
 
+	goblog := goblog{
+		_wizard:    &_wizard,
+		_blog:      &_blog,
+		_auth:      &_auth,
+		_admin:     &_admin,
+		_registry:  registry,
+		sessionKey: sessionKey,
+		router:     router,
+	}
+
 	// Filter nav pages: hide pages owned by disabled plugins
 	_blog.PageFilter = func(page blog.Page) bool {
 		if !registry.HasPageType(page.PageType) {

plugin/loader.go

@@ -1,6 +1,7 @@
 package plugin
 
 import (
+	"fmt"
 	"log"
 	"os"
 	"path/filepath"
@@ -11,7 +12,8 @@ import (
 )
 
 // LoadDynamicPlugins scans a directory for .go plugin files and loads them
-// using the Yaegi Go interpreter. Each file must define a function:
+// using the Yaegi Go interpreter. Each file must use `package main` and
+// define a function:
 //
 //	func NewPlugin() plugin.Plugin
 //
@@ -67,7 +69,7 @@ func loadPlugin(path string) (Plugin, error) {
 
 	p, ok := v.Interface().(Plugin)
 	if !ok {
-		return nil, err
+		return nil, fmt.Errorf("%s: NewPlugin() did not return a plugin.Plugin", path)
 	}
 
 	return p, nil

plugin/plugin.go

@@ -14,7 +14,7 @@ import (
 )
 
 // SettingDefinition describes a single setting that a plugin requires.
-// Settings are stored in the blog's Setting table namespaced as "pluginname.key".
+// Settings are stored in the plugin_settings table keyed by plugin name and setting key.
 type SettingDefinition struct {
 	Key          string // short key, e.g. "tracking_id"
 	Type         string // "text", "textarea", "file", "bool"

plugin/registry.go

@@ -53,7 +53,9 @@ func (r *Registry) Register(p Plugin) {
 func (r *Registry) Plugins() []Plugin {
 	r.mu.RLock()
 	defer r.mu.RUnlock()
-	return r.plugins
+	result := make([]Plugin, len(r.plugins))
+	copy(result, r.plugins)
+	return result
 }
 
 // Init seeds plugin settings and calls OnInit for all plugins.
@@ -94,8 +96,14 @@ func (r *Registry) StartScheduledJobs() {
 				for {
 					select {
 					case <-ticker.C:
+						r.mu.RLock()
+						db := r.db
+						r.mu.RUnlock()
+						if db == nil {
+							continue
+						}
 						settings := r.getPluginSettings(p.Name())
-						if err := job.Run(r.db, settings); err != nil {
+						if err := job.Run(db, settings); err != nil {
 							log.Printf("Plugin %s job %s error: %v", p.Name(), job.Name, err)
 						}
 					case <-r.stopCh:
@@ -114,6 +122,9 @@ func (r *Registry) Stop() {
 
 // getPluginSettings returns a plugin's settings as a simple key→value map.
 func (r *Registry) getPluginSettings(pluginName string) map[string]string {
+	if r.db == nil {
+		return make(map[string]string)
+	}
 	var settings []PluginSetting
 	r.db.Where("plugin_name = ?", pluginName).Find(&settings)
 	result := make(map[string]string)
@@ -130,6 +141,10 @@ func (r *Registry) InjectTemplateData(c *gin.Context, templateName string, data
 	r.mu.RLock()
 	defer r.mu.RUnlock()
 
+	if r.db == nil {
+		return data
+	}
+
 	pluginsData := gin.H{}
 	headHTML := ""
 	footerHTML := ""

plugin/registry_test.go

@@ -41,8 +41,13 @@ func (p *testPlugin) TemplateData(ctx *plugin.HookContext) gin.H {
 }
 
 func TestRegistryBasics(t *testing.T) {
-	db, _ := gorm.Open(sqlite.Open(":memory:"))
-	db.AutoMigrate(&plugin.PluginSetting{})
+	db, err := gorm.Open(sqlite.Open(":memory:"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := db.AutoMigrate(&plugin.PluginSetting{}); err != nil {
+		t.Fatal(err)
+	}
 
 	reg := plugin.NewRegistry(db)
 	tp := &testPlugin{}
@@ -57,8 +62,13 @@ func TestRegistryBasics(t *testing.T) {
 }
 
 func TestRegistryInit(t *testing.T) {
-	db, _ := gorm.Open(sqlite.Open(":memory:"))
-	db.AutoMigrate(&plugin.PluginSetting{})
+	db, err := gorm.Open(sqlite.Open(":memory:"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := db.AutoMigrate(&plugin.PluginSetting{}); err != nil {
+		t.Fatal(err)
+	}
 
 	reg := plugin.NewRegistry(db)
 	reg.Register(&testPlugin{})
@@ -75,8 +85,13 @@ func TestRegistryInit(t *testing.T) {
 }
 
 func TestRegistryInjectTemplateData(t *testing.T) {
-	db, _ := gorm.Open(sqlite.Open(":memory:"))
-	db.AutoMigrate(&plugin.PluginSetting{})
+	db, err := gorm.Open(sqlite.Open(":memory:"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := db.AutoMigrate(&plugin.PluginSetting{}); err != nil {
+		t.Fatal(err)
+	}
 
 	reg := plugin.NewRegistry(db)
 	reg.Register(&testPlugin{})
@@ -119,8 +134,13 @@ func TestRegistryInjectTemplateData(t *testing.T) {
 }
 
 func TestGetAllSettings(t *testing.T) {
-	db, _ := gorm.Open(sqlite.Open(":memory:"))
-	db.AutoMigrate(&plugin.PluginSetting{})
+	db, err := gorm.Open(sqlite.Open(":memory:"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := db.AutoMigrate(&plugin.PluginSetting{}); err != nil {
+		t.Fatal(err)
+	}
 
 	reg := plugin.NewRegistry(db)
 	reg.Register(&testPlugin{})

plugin/symbols.go

@@ -5,7 +5,8 @@ import "reflect"
 // Symbols exports the plugin package types for the Yaegi interpreter,
 // allowing dynamic plugins to use plugin.BasePlugin, plugin.HookContext, etc.
 var Symbols = map[string]map[string]reflect.Value{
-	"goblog/plugin/plugin": {
+	"goblog/plugin": {
+		"Plugin":           reflect.ValueOf((*Plugin)(nil)),
 		"BasePlugin":       reflect.ValueOf((*BasePlugin)(nil)),
 		"HookContext":      reflect.ValueOf((*HookContext)(nil)),
 		"SettingDefinition": reflect.ValueOf((*SettingDefinition)(nil)),

plugins/analytics/analytics.go

@@ -5,10 +5,13 @@ package analytics
 
 import (
 	"goblog/plugin"
+	"regexp"
 
 	"gorm.io/gorm"
 )
 
+var validTrackingID = regexp.MustCompile(`^[A-Za-z0-9-]+$`)
+
 // AnalyticsPlugin implements Google Analytics tracking.
 type AnalyticsPlugin struct {
 	plugin.BasePlugin
@@ -50,6 +53,9 @@ func (p *AnalyticsPlugin) TemplateHead(ctx *plugin.HookContext) string {
 	if trackingID == "" || enabled != "true" {
 		return ""
 	}
+	if !validTrackingID.MatchString(trackingID) {
+		return ""
+	}
 	return `<script async src="https://www.googletagmanager.com/gtag/js?id=` + trackingID + `"></script>
 <script>
   window.dataLayer = window.dataLayer || [];

plugins/scholar/scholar.go

@@ -4,10 +4,12 @@
 package scholar
 
 import (
+	"errors"
 	"fmt"
 	"goblog/blog"
 	"log"
 	"sort"
+	"sync"
 	"time"
 
 	gplugin "goblog/plugin"
@@ -20,7 +22,8 @@ import (
 // ScholarPlugin displays Google Scholar publications.
 type ScholarPlugin struct {
 	gplugin.BasePlugin
-	sch *scholarlib.Scholar
+	sch         *scholarlib.Scholar
+	scholarOnce sync.Once
 }
 
 // New creates a new scholar plugin.
@@ -48,6 +51,9 @@ func (p *ScholarPlugin) OnInit(db *gorm.DB) error {
 	var page blog.Page
 	result := db.Where("page_type = ?", "research").First(&page)
 	if result.Error != nil {
+		if !errors.Is(result.Error, gorm.ErrRecordNotFound) {
+			return fmt.Errorf("scholar plugin: failed to query research page: %w", result.Error)
+		}
 		// No research page exists — create the default
 		page = blog.Page{
 			Title:    "Research",
@@ -57,7 +63,9 @@ func (p *ScholarPlugin) OnInit(db *gorm.DB) error {
 			NavOrder: 20,
 			Enabled:  true,
 		}
-		db.Create(&page)
+		if err := db.Create(&page).Error; err != nil {
+			return fmt.Errorf("scholar plugin: failed to create research page: %w", err)
+		}
 		log.Println("Scholar plugin: created research page")
 	}
 
@@ -89,7 +97,7 @@ func (p *ScholarPlugin) Pages() []gplugin.PageDefinition {
 }
 
 func (p *ScholarPlugin) ensureScholar(settings map[string]string) {
-	if p.sch == nil {
+	p.scholarOnce.Do(func() {
 		profileCache := settings["profile_cache"]
 		articleCache := settings["article_cache"]
 		if profileCache == "" {
@@ -99,7 +107,7 @@ func (p *ScholarPlugin) ensureScholar(settings map[string]string) {
 			articleCache = "articles.json"
 		}
 		p.sch = scholarlib.New(profileCache, articleCache)
-	}
+	})
 }
 
 func (p *ScholarPlugin) RenderPage(ctx *gplugin.HookContext, pageType string) (string, gin.H) {

plugins/socialicons/socialicons.go

@@ -5,6 +5,7 @@ package socialicons
 
 import (
 	"goblog/plugin"
+	"html"
 
 	"github.com/gin-gonic/gin"
 	"gorm.io/gorm"
@@ -84,14 +85,16 @@ func (p *SocialIconsPlugin) TemplateFooter(ctx *plugin.HookContext) string {
 	if ctx.Settings["enabled"] != "true" {
 		return ""
 	}
-	html := `<div class="text-center" style="padding: 10px 0;">`
+	out := `<div class="text-center" style="padding: 10px 0;">`
 	for _, s := range socials {
 		url := ctx.Settings[s.key]
 		if url == "" {
 			continue
 		}
-		html += `<a href="` + url + `" target="_blank" rel="noopener noreferrer" title="` + s.label + `" style="margin: 0 6px; color: inherit;"><i class="` + s.icon + ` fa-1x"></i></a>`
+		safeURL := html.EscapeString(url)
+		safeLabel := html.EscapeString(s.label)
+		out += `<a href="` + safeURL + `" target="_blank" rel="noopener noreferrer" title="` + safeLabel + `" style="margin: 0 6px; color: inherit;"><i class="` + s.icon + ` fa-1x"></i></a>`
 	}
-	html += `</div>`
-	return html
+	out += `</div>`
+	return out
 }

themes/default/templates/footer.html

@@ -1,5 +1,4 @@
   <div id="footer" class="text-center">
-      {{ with .plugin_footer_html }}{{ . | rawHTML }}{{ end }}
       <div class="footer"></div>
       <div class="spacer version">Powered by <a href="https://github.com/compscidr/goblog" target="goblog {{ .version }}">goblog {{ .version }}</a></div>
   </div>