- if ($handler) {
- if ($handler->before($method)) {
- if ($method && method_exists($handler, $method)) {
- $handler->$method();
- } else if (method_exists($handler, 'index')) {
- $handler->index();
+ if ($handler && is_subclass_of($handler, 'Handler')) {
+ if (validate_csrf($csrf_token) || $handler->csrf_ignore($method)) {
+ if ($handler->before($method)) {
+ if ($method && method_exists($handler, $method)) {
+ $handler->$method();
+ }
+ $handler->after();
+ return;
+ } else {
+ header("Content-Type: text/plain");
+ print json_encode(array("error" => array("code" => 6)));
+ return;