diff options
| author | Andrew Dolgov <[email protected]> | 2017-02-10 16:04:28 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2017-02-10 16:04:28 +0300 |
| commit | 4daaf234910cffab0d093e2168b3161e60bcf976 (patch) | |
| tree | 9a0d8ddf911635316ad53af1f58724d82c7f5d25 | |
| parent | fafd32e2dc98eeb3a159c29b12cee2d144ad243f (diff) | |
allow user plugins to expose public methods out in a limited fashion
| -rw-r--r-- | classes/handler/public.php | 34 | ||||
| -rw-r--r-- | classes/plugin.php | 4 | ||||
| -rw-r--r-- | plugins/af_zz_imgproxy/init.php | 10 |
3 files changed, 43 insertions, 5 deletions
diff --git a/classes/handler/public.php b/classes/handler/public.php index c7c86d463..35f677f94 100644 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -1086,5 +1086,37 @@ class Handler_Public extends Handler { return "tag:" . parse_url(get_self_url_prefix(), PHP_URL_HOST) . ",$timestamp:/$id"; } + + // this should be used very carefully because this endpoint is exposed to unauthenticated users + // plugin data is not loaded because there's no user context and owner_uid/session may or may not be available + // in general, don't do anything user-related in here and do not modify $_SESSION + public function pluginhandler() { + $host = new PluginHost(); + + $plugin = basename($_REQUEST["plugin"]); + $method = $_REQUEST["pmethod"]; + + $host->load($plugin, PluginHost::KIND_USER, 0); + $host->load_data(); + + $pclass = $host->get_plugin($plugin); + + if ($pclass) { + if (method_exists($pclass, $method)) { + if ($pclass->is_public_method($method)) { + $pclass->$method(); + } else { + header("Content-Type: text/json"); + print error_json(6); + } + } else { + header("Content-Type: text/json"); + print error_json(13); + } + } else { + header("Content-Type: text/json"); + print error_json(14); + } + } } -?> +?>
\ No newline at end of file diff --git a/classes/plugin.php b/classes/plugin.php index 01ac46bae..09204098b 100644 --- a/classes/plugin.php +++ b/classes/plugin.php @@ -22,6 +22,10 @@ class Plugin { return array(); } + function is_public_method($method) { + return false; + } + function get_js() { return ""; } diff --git a/plugins/af_zz_imgproxy/init.php b/plugins/af_zz_imgproxy/init.php index 9449a518b..5d9a96ac3 100644 --- a/plugins/af_zz_imgproxy/init.php +++ b/plugins/af_zz_imgproxy/init.php @@ -8,6 +8,10 @@ class Af_Zz_ImgProxy extends Plugin { "fox"); } + function is_public_method($method) { + return $method === "imgproxy"; + } + function init($host) { $this->host = $host; @@ -27,6 +31,7 @@ class Af_Zz_ImgProxy extends Plugin { } public function imgproxy() { + $url = rewrite_relative_url(SELF_URL_PATH, $_REQUEST["url"]); $kind = (int) $_REQUEST["kind"]; // 1 = video @@ -48,9 +53,6 @@ class Af_Zz_ImgProxy extends Plugin { } else { $data = fetch_file_contents(array("url" => $url)); - global $fetch_last_error; - print $fetch_last_error; - if ($data) { if (file_put_contents($local_filename, $data)) { $mimetype = mime_content_type($local_filename); @@ -76,7 +78,7 @@ class Af_Zz_ImgProxy extends Plugin { if (($scheme != 'https' && $scheme != "") || $is_remote) { if (strpos($url, "data:") !== 0) { - $url = "backend.php?op=pluginhandler&plugin=af_zz_imgproxy&method=imgproxy&kind=$kind&url=" . + $url = "public.php?op=pluginhandler&plugin=af_zz_imgproxy&pmethod=imgproxy&kind=$kind&url=" . urlencode($url); } } |