diff options
| author | Andrew Dolgov <[email protected]> | 2021-03-02 15:16:38 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2021-03-02 15:16:38 +0300 |
| commit | 9ad4cbeecaed32e4106a7fef30bbe3d14195f78a (patch) | |
| tree | 687b365d08a17cb2fb737dfc22f78197c62dde1e /classes/pluginhandler.php | |
| parent | d6629ed18863f797d34ebdc65815d7af21cb8332 (diff) | |
wip separate handlersexp-separate-handlers
Diffstat (limited to 'classes/pluginhandler.php')
| -rw-r--r-- | classes/pluginhandler.php | 29 |
1 files changed, 0 insertions, 29 deletions
diff --git a/classes/pluginhandler.php b/classes/pluginhandler.php deleted file mode 100644 index 75b823822..000000000 --- a/classes/pluginhandler.php +++ /dev/null @@ -1,29 +0,0 @@ -<?php -class PluginHandler extends Handler_Protected { - function csrf_ignore($method) { - return true; - } - - function catchall($method) { - $plugin_name = clean($_REQUEST["plugin"]); - $plugin = PluginHost::getInstance()->get_plugin($plugin_name); - $csrf_token = ($_POST["csrf_token"] ?? ""); - - if ($plugin) { - if (method_exists($plugin, $method)) { - if (validate_csrf($csrf_token) || $plugin->csrf_ignore($method)) { - $plugin->$method(); - } else { - user_error("Rejected ${plugin_name}->${method}(): invalid CSRF token.", E_USER_WARNING); - print Errors::to_json(Errors::E_UNAUTHORIZED); - } - } else { - user_error("Rejected ${plugin_name}->${method}(): unknown method.", E_USER_WARNING); - print Errors::to_json(Errors::E_UNKNOWN_METHOD); - } - } else { - user_error("Rejected ${plugin_name}->${method}(): unknown plugin.", E_USER_WARNING); - print Errors::to_json(Errors::E_UNKNOWN_PLUGIN); - } - } -} |