ttrss/classes/pluginhandler.php

30 lines
852 B
PHP
Raw Normal View History

2012-12-23 10:52:18 +00:00
<?php
class PluginHandler extends Handler_Protected {
function csrf_ignore($method) {
return true;
}
function catchall($method) {
2019-08-16 12:29:24 +00:00
$plugin_name = clean($_REQUEST["plugin"]);
$plugin = PluginHost::getInstance()->get_plugin($plugin_name);
$csrf_token = ($_POST["csrf_token"] ?? "");
2012-12-23 10:52:18 +00:00
2013-03-16 08:26:14 +00:00
if ($plugin) {
if (method_exists($plugin, $method)) {
if (validate_csrf($csrf_token) || $plugin->csrf_ignore($method)) {
$plugin->$method();
} else {
user_error("Rejected ${plugin_name}->${method}(): invalid CSRF token.", E_USER_WARNING);
print error_json(6);
}
2013-03-16 08:26:14 +00:00
} else {
user_error("Rejected ${plugin_name}->${method}(): unknown method.", E_USER_WARNING);
print error_json(13);
2013-03-16 08:26:14 +00:00
}
} else {
user_error("Rejected ${plugin_name}->${method}(): unknown plugin.", E_USER_WARNING);
print error_json(14);
2012-12-23 10:52:18 +00:00
}
}
}