Andrew Dolgov 63ee91c82e backend: load invoked classes via reflection so object constructor is called after it has been verified as an IHandler implementation. ...

this should prevent a potential router vulnerability if non-IHandler autoloader-enabled class is requested by malicious authorized user *and* invoked class object does something insecurely in its constructor.

2019-12-20 14:39:38 +03:00

3.0 KiB

Raw Blame History

View Raw