diff options
| author | Andrew Dolgov <[email protected]> | 2021-02-17 21:44:21 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2021-02-17 21:44:21 +0300 |
| commit | e4609c18efceebb1e021d814f53061ada7f6489a (patch) | |
| tree | 0968e0da3dc2d1b4cdc12c2a29549c27dc82ea14 /classes/pluginhandler.php | |
| parent | b16abc157ee584f4be80a537ee24ec9e5ff25496 (diff) | |
* add (disabled) shortcut syntax for plugin methods
* add controls shortcut for pluginhandler tags
* add similar shortcut for frontend
* allow plugins to selectively exclude their methods from CSRF checking
Diffstat (limited to 'classes/pluginhandler.php')
| -rw-r--r-- | classes/pluginhandler.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/classes/pluginhandler.php b/classes/pluginhandler.php index a0e60b4e6..608f80dcb 100644 --- a/classes/pluginhandler.php +++ b/classes/pluginhandler.php @@ -11,7 +11,7 @@ class PluginHandler extends Handler_Protected { if ($plugin) { if (method_exists($plugin, $method)) { - if (validate_csrf($csrf_token)) { + if (validate_csrf($csrf_token) || $plugin->csrf_ignore($method)) { $plugin->$method(); } else { user_error("Rejected ${plugin_name}->${method}(): invalid CSRF token.", E_USER_WARNING); |