public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-18 04:01:54 +00:00
Code Issues Releases Wiki Activity

wip separate handlers

Browse Source
This commit is contained in:
Andrew Dolgov
2021-03-02 15:16:38 +03:00
parent d6629ed188
commit 9ad4cbeeca
10 changed files with 2005 additions and 1996 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
classes/handler/pluginhandler.php Normal file
View File

@@ -0,0 +1,29 @@
<?php
class Handler_PluginHandler extends Handler_Protected {
function csrf_ignore($method) {
return true;
}
function catchall($method) {
$plugin_name = clean($_REQUEST["plugin"]);
$plugin = PluginHost::getInstance()->get_plugin($plugin_name);
$csrf_token = ($_POST["csrf_token"] ?? "");
if ($plugin) {
if (method_exists($plugin, $method)) {
if (validate_csrf($csrf_token) || $plugin->csrf_ignore($method)) {
$plugin->$method();
} else {
user_error("Rejected ${plugin_name}->${method}(): invalid CSRF token.", E_USER_WARNING);
print Errors::to_json(Errors::E_UNAUTHORIZED);
}
} else {
user_error("Rejected ${plugin_name}->${method}(): unknown method.", E_USER_WARNING);
print Errors::to_json(Errors::E_UNKNOWN_METHOD);
}
} else {
user_error("Rejected ${plugin_name}->${method}(): unknown plugin.", E_USER_WARNING);
print Errors::to_json(Errors::E_UNKNOWN_PLUGIN);
}
}
}