From e4609c18efceebb1e021d814f53061ada7f6489a Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Wed, 17 Feb 2021 21:44:21 +0300
Subject:  * add (disabled) shortcut syntax for plugin methods  * add controls
 shortcut for pluginhandler tags  * add similar shortcut for frontend  * allow
 plugins to selectively exclude their methods from CSRF checking

---
 classes/pluginhandler.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'classes/pluginhandler.php')

diff --git a/classes/pluginhandler.php b/classes/pluginhandler.php
index a0e60b4e6..608f80dcb 100644
--- a/classes/pluginhandler.php
+++ b/classes/pluginhandler.php
@@ -11,7 +11,7 @@ class PluginHandler extends Handler_Protected {
 
 		if ($plugin) {
 			if (method_exists($plugin, $method)) {
-				if (validate_csrf($csrf_token)) {
+				if (validate_csrf($csrf_token) || $plugin->csrf_ignore($method)) {
 					$plugin->$method();
 				} else {
 					user_error("Rejected ${plugin_name}->${method}(): invalid CSRF token.", E_USER_WARNING);
-- 
cgit v1.2.3