classes/pluginhandler.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

<?php
class PluginHandler extends Handler_Protected {
	function csrf_ignore($method) {
		return true;
	}

	function catchall($method) {
		$plugin_name = clean($_REQUEST["plugin"]);
		$plugin = PluginHost::getInstance()->get_plugin($plugin_name);
		$csrf_token = ($_POST["csrf_token"] ?? "");

		if ($plugin) {
			if (method_exists($plugin, $method)) {
				if (validate_csrf($csrf_token)) {
					$plugin->$method();
				} else {
					user_error("Rejected ${plugin_name}->${method}(): invalid CSRF token.", E_USER_WARNING);
					print error_json(6);
				}
			} else {
				user_error("Rejected ${plugin_name}->${method}(): unknown method.", E_USER_WARNING);
				print error_json(13);
			}
		} else {
			user_error("Rejected ${plugin_name}->${method}(): unknown plugin.", E_USER_WARNING);
			print error_json(14);
		}
	}
}