diff options
author | Andrew Dolgov <[email protected]> | 2019-12-20 14:39:38 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2019-12-20 14:39:38 +0300 |
commit | 63ee91c82e3fa17f5ade147aff8d319104b9e52e (patch) | |
tree | c47315de3272c01e970b9429afc6528efd883f64 /opml.php | |
parent | e9b4834b6ba788f43b8ce0bca13a9526df11d472 (diff) |
backend: load invoked classes via reflection so object constructor is called after it has been verified as an IHandler implementation.
this should prevent a potential router vulnerability if non-IHandler autoloader-enabled class is requested by malicious authorized user *and* invoked class object does something insecurely in its constructor.
Diffstat (limited to 'opml.php')
0 files changed, 0 insertions, 0 deletions