diff options
Diffstat (limited to 'public.php')
-rw-r--r-- | public.php | 32 |
1 files changed, 22 insertions, 10 deletions
diff --git a/public.php b/public.php index 36308e25e..28f95d0a9 100644 --- a/public.php +++ b/public.php @@ -1,14 +1,11 @@ <?php - set_include_path(dirname(__FILE__) ."/include" . PATH_SEPARATOR . + set_include_path(__DIR__ ."/include" . PATH_SEPARATOR . get_include_path()); require_once "autoload.php"; require_once "sessions.php"; require_once "functions.php"; require_once "sanity_check.php"; - require_once "config.php"; - require_once "db.php"; - require_once "db-prefs.php"; startup_gettext(); @@ -16,11 +13,18 @@ if (!init_plugins()) return; - if (ENABLE_GZIP_OUTPUT && function_exists("ob_gzhandler")) { - ob_start("ob_gzhandler"); - } + $method = (string)clean($_REQUEST["op"]); + + // shortcut syntax for public (exposed) methods (?op=plugin--pmethod&...params) + if (strpos($method, PluginHost::PUBLIC_METHOD_DELIMITER) !== false) { + list ($plugin, $pmethod) = explode(PluginHost::PUBLIC_METHOD_DELIMITER, $method, 2); - $method = $_REQUEST["op"]; + // TODO: better implementation that won't modify $_REQUEST + $_REQUEST["plugin"] = $plugin; + $_REQUEST["pmethod"] = $pmethod; + + $method = "pluginhandler"; + } $override = PluginHost::getInstance()->lookup_handler("public", $method); @@ -30,6 +34,13 @@ $handler = new Handler_Public($_REQUEST); } + if (strpos($method, "_") === 0) { + user_error("Refusing to invoke method $method which starts with underscore.", E_USER_WARNING); + header("Content-Type: text/json"); + print Errors::to_json(Errors::E_UNAUTHORIZED); + return; + } + if (implements_interface($handler, "IHandler") && $handler->before($method)) { if ($method && method_exists($handler, $method)) { $reflection = new ReflectionMethod($handler, $method); @@ -37,8 +48,9 @@ if ($reflection->getNumberOfRequiredParameters() == 0) { $handler->$method(); } else { + user_error("Refusing to invoke method $method which has required parameters.", E_USER_WARNING); header("Content-Type: text/json"); - print error_json(6); + print Errors::to_json(Errors::E_UNAUTHORIZED); } } else if (method_exists($handler, 'index')) { $handler->index(); @@ -48,5 +60,5 @@ } header("Content-Type: text/plain"); - print error_json(13); + print Errors::to_json(Errors::E_UNKNOWN_METHOD); ?> |