public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 03:15:56 +00:00
Code Issues Releases Wiki Activity

router: add additional logging for refused requests; reject requests for methods starting with _

Browse Source
This commit is contained in:
Andrew Dolgov
2021-02-15 16:34:44 +03:00
parent d1c83fad14
commit 91285e3868
3 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
public.php
View File

@@ -16,7 +16,7 @@
if (!init_plugins()) return;
$method = $_REQUEST["op"];
$method = (string)clean($_REQUEST["op"]);
$override = PluginHost::getInstance()->lookup_handler("public", $method);
@@ -26,6 +26,13 @@
$handler = new Handler_Public($_REQUEST);
}
if (strpos($method, "_") === 0) {
user_error("Refusing to invoke method $method which starts with underscore.", E_USER_WARNING);
header("Content-Type: text/json");
print error_json(6);
return;
}
if (implements_interface($handler, "IHandler") && $handler->before($method)) {
if ($method && method_exists($handler, $method)) {
$reflection = new ReflectionMethod($handler, $method);
@@ -33,6 +40,7 @@
if ($reflection->getNumberOfRequiredParameters() == 0) {
$handler->$method();
} else {
user_error("Refusing to invoke method $method which has required parameters.", E_USER_WARNING);
header("Content-Type: text/json");
print error_json(6);
}