diff options
author | Andrew Dolgov <[email protected]> | 2021-03-02 15:16:38 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2021-03-02 15:16:38 +0300 |
commit | 9ad4cbeecaed32e4106a7fef30bbe3d14195f78a (patch) | |
tree | 687b365d08a17cb2fb737dfc22f78197c62dde1e /classes/handler/pluginhandler.php | |
parent | d6629ed18863f797d34ebdc65815d7af21cb8332 (diff) |
wip separate handlersexp-separate-handlers
Diffstat (limited to 'classes/handler/pluginhandler.php')
-rw-r--r-- | classes/handler/pluginhandler.php | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/classes/handler/pluginhandler.php b/classes/handler/pluginhandler.php new file mode 100644 index 000000000..1bb88c149 --- /dev/null +++ b/classes/handler/pluginhandler.php @@ -0,0 +1,29 @@ +<?php +class Handler_PluginHandler extends Handler_Protected { + function csrf_ignore($method) { + return true; + } + + function catchall($method) { + $plugin_name = clean($_REQUEST["plugin"]); + $plugin = PluginHost::getInstance()->get_plugin($plugin_name); + $csrf_token = ($_POST["csrf_token"] ?? ""); + + if ($plugin) { + if (method_exists($plugin, $method)) { + if (validate_csrf($csrf_token) || $plugin->csrf_ignore($method)) { + $plugin->$method(); + } else { + user_error("Rejected ${plugin_name}->${method}(): invalid CSRF token.", E_USER_WARNING); + print Errors::to_json(Errors::E_UNAUTHORIZED); + } + } else { + user_error("Rejected ${plugin_name}->${method}(): unknown method.", E_USER_WARNING); + print Errors::to_json(Errors::E_UNKNOWN_METHOD); + } + } else { + user_error("Rejected ${plugin_name}->${method}(): unknown plugin.", E_USER_WARNING); + print Errors::to_json(Errors::E_UNKNOWN_PLUGIN); + } + } +} |