2012-12-23 10:52:18 +00:00
|
|
|
<?php
|
|
|
|
class PluginHandler extends Handler_Protected {
|
2021-11-12 02:01:31 +00:00
|
|
|
function csrf_ignore(string $method): bool {
|
2012-12-23 10:52:18 +00:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
function catchall($method) {
|
2019-08-16 12:29:24 +00:00
|
|
|
$plugin_name = clean($_REQUEST["plugin"]);
|
|
|
|
$plugin = PluginHost::getInstance()->get_plugin($plugin_name);
|
2021-02-17 11:05:12 +00:00
|
|
|
$csrf_token = ($_POST["csrf_token"] ?? "");
|
2012-12-23 10:52:18 +00:00
|
|
|
|
2013-03-16 08:26:14 +00:00
|
|
|
if ($plugin) {
|
|
|
|
if (method_exists($plugin, $method)) {
|
2021-02-17 18:44:21 +00:00
|
|
|
if (validate_csrf($csrf_token) || $plugin->csrf_ignore($method)) {
|
2021-02-17 11:05:12 +00:00
|
|
|
$plugin->$method();
|
|
|
|
} else {
|
2021-02-17 12:04:39 +00:00
|
|
|
user_error("Rejected ${plugin_name}->${method}(): invalid CSRF token.", E_USER_WARNING);
|
2021-02-23 19:26:07 +00:00
|
|
|
print Errors::to_json(Errors::E_UNAUTHORIZED);
|
2021-02-17 11:05:12 +00:00
|
|
|
}
|
2013-03-16 08:26:14 +00:00
|
|
|
} else {
|
2021-02-17 11:05:12 +00:00
|
|
|
user_error("Rejected ${plugin_name}->${method}(): unknown method.", E_USER_WARNING);
|
2021-02-23 19:26:07 +00:00
|
|
|
print Errors::to_json(Errors::E_UNKNOWN_METHOD);
|
2013-03-16 08:26:14 +00:00
|
|
|
}
|
|
|
|
} else {
|
2021-02-17 11:05:12 +00:00
|
|
|
user_error("Rejected ${plugin_name}->${method}(): unknown plugin.", E_USER_WARNING);
|
2021-02-23 19:26:07 +00:00
|
|
|
print Errors::to_json(Errors::E_UNKNOWN_PLUGIN);
|
2012-12-23 10:52:18 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|