diff options
| author | Andrew Dolgov <[email protected]> | 2020-09-22 09:34:39 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2020-09-22 09:34:39 +0300 |
| commit | 490df818aac1def999e519354c9b0e976e4243a0 (patch) | |
| tree | dd149c9f3de3ae9bd34c202e652c28719a77102b /backend.php | |
| parent | ab6aa0ad3e471d2306ae2beca3c138026950893f (diff) | |
router: only allow functions without required parameters as handler methods
Diffstat (limited to 'backend.php')
| -rw-r--r-- | backend.php | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/backend.php b/backend.php index 9e6751af1..4c93f9b6d 100644 --- a/backend.php +++ b/backend.php @@ -107,7 +107,14 @@ if (validate_csrf($csrf_token) || $handler->csrf_ignore($method)) { if ($handler->before($method)) { if ($method && method_exists($handler, $method)) { - $handler->$method(); + $reflection = new ReflectionMethod($handler, $method); + + if ($reflection->getNumberOfRequiredParameters() == 0) { + $handler->$method(); + } else { + header("Content-Type: text/json"); + print error_json(6); + } } else { if (method_exists($handler, "catchall")) { $handler->catchall($method); |