<?php
- set_include_path(get_include_path() . PATH_SEPARATOR . "include");
+ set_include_path(get_include_path() . PATH_SEPARATOR .
+ dirname(__FILE__) . "/include");
/* remove ill effects of magic quotes */
$op = $_REQUEST["op"];
@$method = $_REQUEST['subop'] ? $_REQUEST['subop'] : $_REQUEST["method"];
+ if (!$method)
+ $method = 'index';
+ else
+ $method = strtolower($method);
+
/* Public calls compatibility shim */
$public_calls = array("globalUpdateFeeds", "rss", "getUnread", "getProfiles", "share",
return;
}
+ $csrf_token = $_REQUEST['csrf_token'];
+
require_once "functions.php";
require_once "sessions.php";
require_once "sanity_check.php";
$handler = new $op($link, $_REQUEST);
if ($handler) {
- if ($handler->before()) {
- if ($method && method_exists($handler, $method)) {
- $handler->$method();
- } else if (method_exists($handler, 'index')) {
- $handler->index();
+ if (validate_csrf($csrf_token) || $handler->csrf_ignore($method)) {
+ if ($handler->before($method)) {
+ if ($method && method_exists($handler, $method)) {
+ $handler->$method();
+ }
+ $handler->after();
+ return;
}
- $handler->after();
+ } else {
+ header("Content-Type: text/plain");
+ print json_encode(array("error" => array("code" => 6)));
return;
}
}
git.wh0rd.org / tt-rss.git / blobdiff