public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 05:15:55 +00:00
Code Issues Releases Wiki Activity

allow user plugins to expose public methods out in a limited fashion

Browse Source
This commit is contained in:
Andrew Dolgov
2017-02-10 16:04:28 +03:00
parent fafd32e2dc
commit 4daaf23491
3 changed files with 43 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
classes/handler/public.php
View File

@@ -1086,5 +1086,37 @@ class Handler_Public extends Handler {
return "tag:" . parse_url(get_self_url_prefix(), PHP_URL_HOST) . ",$timestamp:/$id";
}
// this should be used very carefully because this endpoint is exposed to unauthenticated users
// plugin data is not loaded because there's no user context and owner_uid/session may or may not be available
// in general, don't do anything user-related in here and do not modify $_SESSION
public function pluginhandler() {
$host = new PluginHost();
$plugin = basename($_REQUEST["plugin"]);
$method = $_REQUEST["pmethod"];
$host->load($plugin, PluginHost::KIND_USER, 0);
$host->load_data();
$pclass = $host->get_plugin($plugin);
if ($pclass) {
if (method_exists($pclass, $method)) {
if ($pclass->is_public_method($method)) {
$pclass->$method();
} else {
header("Content-Type: text/json");
print error_json(6);
}
} else {
header("Content-Type: text/json");
print error_json(13);
}
} else {
header("Content-Type: text/json");
print error_json(14);
}
}
}
?>
?>