diff options
author | Andrew Dolgov <[email protected]> | 2021-02-17 15:04:39 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2021-02-17 15:04:39 +0300 |
commit | 7be1e3ed38baf8233b7f6733db3f57859c1b2086 (patch) | |
tree | 81d3f67e3b65141975ce4496254c970453e25c0d | |
parent | 2b2833bb4fa6f958b89a83adea89d9e7c73daee7 (diff) |
pluginhandler: reject method requests without CSRF
-rw-r--r-- | classes/pluginhandler.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/classes/pluginhandler.php b/classes/pluginhandler.php index 3fd823aa8..a0e60b4e6 100644 --- a/classes/pluginhandler.php +++ b/classes/pluginhandler.php @@ -14,8 +14,8 @@ class PluginHandler extends Handler_Protected { if (validate_csrf($csrf_token)) { $plugin->$method(); } else { - user_error("Requested ${plugin_name}->${method}() with invalid CSRF token.", E_USER_DEPRECATED); - $plugin->$method(); + user_error("Rejected ${plugin_name}->${method}(): invalid CSRF token.", E_USER_WARNING); + print error_json(6); } } else { user_error("Rejected ${plugin_name}->${method}(): unknown method.", E_USER_WARNING); |