wip separate handlersexp-separate-handlers

author: Andrew Dolgov <[email protected]> 2021-03-02 15:16:38 +0300
committer: Andrew Dolgov <[email protected]> 2021-03-02 15:16:38 +0300
commit: 9ad4cbeecaed32e4106a7fef30bbe3d14195f78a (patch)
tree: 687b365d08a17cb2fb737dfc22f78197c62dde1e /classes/handler/pluginhandler.php
parent: d6629ed18863f797d34ebdc65815d7af21cb8332 (diff)
1 files changed, 29 insertions, 0 deletions
diff --git a/classes/handler/pluginhandler.php b/classes/handler/pluginhandler.php
new file mode 100644
index 000000000..1bb88c149
--- /dev/null
+++ b/classes/handler/pluginhandler.php
@@ -0,0 +1,29 @@
+<?php
+class Handler_PluginHandler extends Handler_Protected {
+	function csrf_ignore($method) {
+		return true;
+	}
+
+	function catchall($method) {
+		$plugin_name = clean($_REQUEST["plugin"]);
+		$plugin = PluginHost::getInstance()->get_plugin($plugin_name);
+		$csrf_token = ($_POST["csrf_token"] ?? "");
+
+		if ($plugin) {
+			if (method_exists($plugin, $method)) {
+				if (validate_csrf($csrf_token) || $plugin->csrf_ignore($method)) {
+					$plugin->$method();
+				} else {
+					user_error("Rejected ${plugin_name}->${method}(): invalid CSRF token.", E_USER_WARNING);
+					print Errors::to_json(Errors::E_UNAUTHORIZED);
+				}
+			} else {
+				user_error("Rejected ${plugin_name}->${method}(): unknown method.", E_USER_WARNING);
+				print Errors::to_json(Errors::E_UNKNOWN_METHOD);
+			}
+		} else {
+			user_error("Rejected ${plugin_name}->${method}(): unknown plugin.", E_USER_WARNING);
+			print Errors::to_json(Errors::E_UNKNOWN_PLUGIN);
+		}
+	}
+}
author	Andrew Dolgov <[email protected]>	2021-03-02 15:16:38 +0300
committer	Andrew Dolgov <[email protected]>	2021-03-02 15:16:38 +0300
commit	9ad4cbeecaed32e4106a7fef30bbe3d14195f78a (patch)
tree	687b365d08a17cb2fb737dfc22f78197c62dde1e /classes/handler/pluginhandler.php
parent	d6629ed18863f797d34ebdc65815d7af21cb8332 (diff)