From 6af83e3881b3f38104027275913f7fc55251d020 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Fri, 12 Feb 2021 21:43:38 +0300 Subject: drop ENABLE_GZIP_OUTPUT; system prefs: load php info only if needed --- public.php | 4 ---- 1 file changed, 4 deletions(-) (limited to 'public.php') diff --git a/public.php b/public.php index 36308e25e..3e4a9e023 100644 --- a/public.php +++ b/public.php @@ -16,10 +16,6 @@ if (!init_plugins()) return; - if (ENABLE_GZIP_OUTPUT && function_exists("ob_gzhandler")) { - ob_start("ob_gzhandler"); - } - $method = $_REQUEST["op"]; $override = PluginHost::getInstance()->lookup_handler("public", $method); -- cgit v1.2.3 From 91285e3868fadcfb907cd57a90bb3e5c263c0979 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 15 Feb 2021 16:34:44 +0300 Subject: router: add additional logging for refused requests; reject requests for methods starting with _ --- public.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'public.php') diff --git a/public.php b/public.php index 3e4a9e023..dcfc4056e 100644 --- a/public.php +++ b/public.php @@ -16,7 +16,7 @@ if (!init_plugins()) return; - $method = $_REQUEST["op"]; + $method = (string)clean($_REQUEST["op"]); $override = PluginHost::getInstance()->lookup_handler("public", $method); @@ -26,6 +26,13 @@ $handler = new Handler_Public($_REQUEST); } + if (strpos($method, "_") === 0) { + user_error("Refusing to invoke method $method which starts with underscore.", E_USER_WARNING); + header("Content-Type: text/json"); + print error_json(6); + return; + } + if (implements_interface($handler, "IHandler") && $handler->before($method)) { if ($method && method_exists($handler, $method)) { $reflection = new ReflectionMethod($handler, $method); @@ -33,6 +40,7 @@ if ($reflection->getNumberOfRequiredParameters() == 0) { $handler->$method(); } else { + user_error("Refusing to invoke method $method which has required parameters.", E_USER_WARNING); header("Content-Type: text/json"); print error_json(6); } -- cgit v1.2.3 From 9f55454f63b11ad8d2b2e0a8264a0f0dae919f6b Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 15 Feb 2021 16:51:35 +0300 Subject: remove the rest of db.php; rename some leftover methods in feeds --- public.php | 1 - 1 file changed, 1 deletion(-) (limited to 'public.php') diff --git a/public.php b/public.php index dcfc4056e..59b5a499c 100644 --- a/public.php +++ b/public.php @@ -7,7 +7,6 @@ require_once "functions.php"; require_once "sanity_check.php"; require_once "config.php"; - require_once "db.php"; require_once "db-prefs.php"; startup_gettext(); -- cgit v1.2.3 From 273ada7353b185e20452d54a8206d5e0cef9e573 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Wed, 17 Feb 2021 09:59:14 +0300 Subject: * implement shortcut syntax for exposed plugin methods * move shared article rendering code to share plugin --- public.php | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'public.php') diff --git a/public.php b/public.php index 59b5a499c..fadb2f14d 100644 --- a/public.php +++ b/public.php @@ -17,6 +17,17 @@ $method = (string)clean($_REQUEST["op"]); + // shortcut syntax for public (exposed) methods (?op=plugin--pmethod&...params) + if (strpos($method, PluginHost::PUBLIC_METHOD_DELIMITER) !== false) { + list ($plugin, $pmethod) = explode(PluginHost::PUBLIC_METHOD_DELIMITER, $method, 2); + + // TODO: better implementation that won't modify $_REQUEST + $_REQUEST["plugin"] = $plugin; + $_REQUEST["pmethod"] = $pmethod; + + $method = "pluginhandler"; + } + $override = PluginHost::getInstance()->lookup_handler("public", $method); if ($override) { -- cgit v1.2.3 From 42173386b39bed4b06c5ac6c2fc0da510673b354 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 22 Feb 2021 17:38:46 +0300 Subject: dirname(__FILE__) -> __DIR__ --- public.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'public.php') diff --git a/public.php b/public.php index fadb2f14d..48fe675f8 100644 --- a/public.php +++ b/public.php @@ -1,5 +1,5 @@ Date: Mon, 22 Feb 2021 22:39:20 +0300 Subject: don't include config.php everywhere --- public.php | 1 - 1 file changed, 1 deletion(-) (limited to 'public.php') diff --git a/public.php b/public.php index 48fe675f8..8a02387cf 100644 --- a/public.php +++ b/public.php @@ -6,7 +6,6 @@ require_once "sessions.php"; require_once "functions.php"; require_once "sanity_check.php"; - require_once "config.php"; require_once "db-prefs.php"; startup_gettext(); -- cgit v1.2.3 From 29ada58b4ac06178c908869e0bb078949e1cb465 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 22 Feb 2021 23:25:14 +0300 Subject: move db-prefs shortcut functions to functions.php --- public.php | 1 - 1 file changed, 1 deletion(-) (limited to 'public.php') diff --git a/public.php b/public.php index 8a02387cf..43aa66c1d 100644 --- a/public.php +++ b/public.php @@ -6,7 +6,6 @@ require_once "sessions.php"; require_once "functions.php"; require_once "sanity_check.php"; - require_once "db-prefs.php"; startup_gettext(); -- cgit v1.2.3 From 8d2e3c2528e67f8650c122f014364a34bf690d2a Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Tue, 23 Feb 2021 22:26:07 +0300 Subject: drop errors.php and simplify error handling --- public.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'public.php') diff --git a/public.php b/public.php index 43aa66c1d..28f95d0a9 100644 --- a/public.php +++ b/public.php @@ -37,7 +37,7 @@ if (strpos($method, "_") === 0) { user_error("Refusing to invoke method $method which starts with underscore.", E_USER_WARNING); header("Content-Type: text/json"); - print error_json(6); + print Errors::to_json(Errors::E_UNAUTHORIZED); return; } @@ -50,7 +50,7 @@ } else { user_error("Refusing to invoke method $method which has required parameters.", E_USER_WARNING); header("Content-Type: text/json"); - print error_json(6); + print Errors::to_json(Errors::E_UNAUTHORIZED); } } else if (method_exists($handler, 'index')) { $handler->index(); @@ -60,5 +60,5 @@ } header("Content-Type: text/plain"); - print error_json(13); + print Errors::to_json(Errors::E_UNKNOWN_METHOD); ?> -- cgit v1.2.3