diff options
author | Andrew Dolgov <[email protected]> | 2017-02-10 16:04:28 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2017-02-10 16:04:28 +0300 |
commit | 4daaf234910cffab0d093e2168b3161e60bcf976 (patch) | |
tree | 9a0d8ddf911635316ad53af1f58724d82c7f5d25 /classes/handler/public.php | |
parent | fafd32e2dc98eeb3a159c29b12cee2d144ad243f (diff) |
allow user plugins to expose public methods out in a limited fashion
Diffstat (limited to 'classes/handler/public.php')
-rw-r--r-- | classes/handler/public.php | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/classes/handler/public.php b/classes/handler/public.php index c7c86d463..35f677f94 100644 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -1086,5 +1086,37 @@ class Handler_Public extends Handler { return "tag:" . parse_url(get_self_url_prefix(), PHP_URL_HOST) . ",$timestamp:/$id"; } + + // this should be used very carefully because this endpoint is exposed to unauthenticated users + // plugin data is not loaded because there's no user context and owner_uid/session may or may not be available + // in general, don't do anything user-related in here and do not modify $_SESSION + public function pluginhandler() { + $host = new PluginHost(); + + $plugin = basename($_REQUEST["plugin"]); + $method = $_REQUEST["pmethod"]; + + $host->load($plugin, PluginHost::KIND_USER, 0); + $host->load_data(); + + $pclass = $host->get_plugin($plugin); + + if ($pclass) { + if (method_exists($pclass, $method)) { + if ($pclass->is_public_method($method)) { + $pclass->$method(); + } else { + header("Content-Type: text/json"); + print error_json(6); + } + } else { + header("Content-Type: text/json"); + print error_json(13); + } + } else { + header("Content-Type: text/json"); + print error_json(14); + } + } } -?> +?>
\ No newline at end of file |