diff options
author | Andrew Dolgov <[email protected]> | 2021-02-17 21:44:21 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2021-02-17 21:44:21 +0300 |
commit | e4609c18efceebb1e021d814f53061ada7f6489a (patch) | |
tree | 0968e0da3dc2d1b4cdc12c2a29549c27dc82ea14 /plugins/af_redditimgur/init.php | |
parent | b16abc157ee584f4be80a537ee24ec9e5ff25496 (diff) |
* add (disabled) shortcut syntax for plugin methods
* add controls shortcut for pluginhandler tags
* add similar shortcut for frontend
* allow plugins to selectively exclude their methods from CSRF checking
Diffstat (limited to 'plugins/af_redditimgur/init.php')
-rwxr-xr-x | plugins/af_redditimgur/init.php | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/plugins/af_redditimgur/init.php b/plugins/af_redditimgur/init.php index 63a23cd36..5066186db 100755 --- a/plugins/af_redditimgur/init.php +++ b/plugins/af_redditimgur/init.php @@ -41,9 +41,7 @@ class Af_RedditImgur extends Plugin { <form dojoType='dijit.form.Form'> - <?= \Controls\hidden_tag("op", "pluginhandler") ?> - <?= \Controls\hidden_tag("method", "save") ?> - <?= \Controls\hidden_tag("plugin", "af_redditimgur") ?> + <?= \Controls\pluginhandler_tags($this, "save") ?> <script type='dojo/method' event='onSubmit' args='evt'> evt.preventDefault(); @@ -633,6 +631,10 @@ class Af_RedditImgur extends Plugin { $entry->parentNode->insertBefore($img, $entry);*/ } + function csrf_ignore($method) { + return $method === "testurl"; + } + function testurl() { $url = clean($_POST["url"]); @@ -651,7 +653,6 @@ class Af_RedditImgur extends Plugin { <input type="hidden" name="op" value="pluginhandler"> <input type="hidden" name="method" value="testurl"> <input type="hidden" name="plugin" value="af_redditimgur"> - <input type="hidden" name="csrf_token" value="<?= $_SESSION["csrf_token"] ?>"> <fieldset> <label>URL:</label> <input name="url" size="100" value="<?= htmlspecialchars($url) ?>"></input> |