From 10c63ed58240c3e652b931be9a880026c465bb50 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Thu, 15 Aug 2019 20:23:45 +0300 Subject: pluginhost: add helper methods to get private/public pluginmethod endpoint URLs --- classes/pluginhost.php | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'classes/pluginhost.php') diff --git a/classes/pluginhost.php b/classes/pluginhost.php index 4d5b3252c..4cc85f044 100755 --- a/classes/pluginhost.php +++ b/classes/pluginhost.php @@ -491,4 +491,34 @@ class PluginHost { function get_owner_uid() { return $this->owner_uid; } + + // handled by classes/pluginhandler.php, requires valid session + function get_method_url($sender, $method, $params) { + return get_self_url_prefix() . "/backend.php?" . + http_build_query( + array_merge( + [ + "op" => "pluginhandler", + "plugin" => strtolower(get_class($sender)), + "pmethod" => $method + ], + $params)); + } + + // WARNING: endpoint in public.php, exposed to unauthenticated users + function get_public_method_url($sender, $method, $params) { + if ($sender->is_public_method($method)) { + return get_self_url_prefix() . "/public.php?" . + http_build_query( + array_merge( + [ + "op" => "pluginhandler", + "plugin" => strtolower(get_class($sender)), + "pmethod" => $method + ], + $params)); + } else { + user_error("get_public_method_url: requested method '$method' of '" . get_class($sender) . "' is private."); + } + } } -- cgit v1.2.3-54-g00ecf From 865c54abcb5bdfb6d68757cfadccd8383cdc213c Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Thu, 15 Aug 2019 20:27:21 +0300 Subject: fix get_method_url() to use correct method parameter --- classes/pluginhost.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'classes/pluginhost.php') diff --git a/classes/pluginhost.php b/classes/pluginhost.php index 4cc85f044..9330e9e5e 100755 --- a/classes/pluginhost.php +++ b/classes/pluginhost.php @@ -500,7 +500,7 @@ class PluginHost { [ "op" => "pluginhandler", "plugin" => strtolower(get_class($sender)), - "pmethod" => $method + "method" => $method ], $params)); } -- cgit v1.2.3-54-g00ecf From d94348421d8d791eec29afd2e01fb1c9ba181de1 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Fri, 16 Aug 2019 09:31:16 +0300 Subject: use clean_filename() instead of basename()/clean() combinations in a bunch of places --- classes/backend.php | 2 +- classes/pluginhost.php | 2 +- classes/rpc.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'classes/pluginhost.php') diff --git a/classes/backend.php b/classes/backend.php index 5bd724728..122e28c65 100644 --- a/classes/backend.php +++ b/classes/backend.php @@ -88,7 +88,7 @@ class Backend extends Handler { } function help() { - $topic = basename(clean($_REQUEST["topic"])); // only one for now + $topic = clean_filename($_REQUEST["topic"]); // only one for now if ($topic == "main") { $info = get_hotkeys_info(); diff --git a/classes/pluginhost.php b/classes/pluginhost.php index 9330e9e5e..eab808ae9 100755 --- a/classes/pluginhost.php +++ b/classes/pluginhost.php @@ -186,7 +186,7 @@ class PluginHost { foreach ($plugins as $class) { $class = trim($class); - $class_file = strtolower(basename($class)); + $class_file = strtolower(clean_filename($class)); if (!is_dir(__DIR__."/../plugins/$class_file") && !is_dir(__DIR__."/../plugins.local/$class_file")) continue; diff --git a/classes/rpc.php b/classes/rpc.php index 8736cbb65..84c9cfe92 100755 --- a/classes/rpc.php +++ b/classes/rpc.php @@ -572,7 +572,7 @@ class RPC extends Handler_Protected { function log() { $msg = clean($_REQUEST['msg']); - $file = basename(clean($_REQUEST['file'])); + $file = clean_filename($_REQUEST['file']); $line = (int) clean($_REQUEST['line']); $context = clean($_REQUEST['context']); -- cgit v1.2.3-54-g00ecf