diff options
author | Andrew Dolgov <[email protected]> | 2020-09-22 09:34:39 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2020-09-22 09:34:39 +0300 |
commit | 490df818aac1def999e519354c9b0e976e4243a0 (patch) | |
tree | dd149c9f3de3ae9bd34c202e652c28719a77102b | |
parent | ab6aa0ad3e471d2306ae2beca3c138026950893f (diff) |
router: only allow functions without required parameters as handler methods
-rw-r--r-- | backend.php | 9 | ||||
-rw-r--r-- | public.php | 9 |
2 files changed, 16 insertions, 2 deletions
diff --git a/backend.php b/backend.php index 9e6751af1..4c93f9b6d 100644 --- a/backend.php +++ b/backend.php @@ -107,7 +107,14 @@ if (validate_csrf($csrf_token) || $handler->csrf_ignore($method)) { if ($handler->before($method)) { if ($method && method_exists($handler, $method)) { - $handler->$method(); + $reflection = new ReflectionMethod($handler, $method); + + if ($reflection->getNumberOfRequiredParameters() == 0) { + $handler->$method(); + } else { + header("Content-Type: text/json"); + print error_json(6); + } } else { if (method_exists($handler, "catchall")) { $handler->catchall($method); diff --git a/public.php b/public.php index e37c44172..36308e25e 100644 --- a/public.php +++ b/public.php @@ -32,7 +32,14 @@ if (implements_interface($handler, "IHandler") && $handler->before($method)) { if ($method && method_exists($handler, $method)) { - $handler->$method(); + $reflection = new ReflectionMethod($handler, $method); + + if ($reflection->getNumberOfRequiredParameters() == 0) { + $handler->$method(); + } else { + header("Content-Type: text/json"); + print error_json(6); + } } else if (method_exists($handler, 'index')) { $handler->index(); } |