allow user plugins to expose public methods out in a limited fashion
This commit is contained in:
Andrew Dolgov
parent
fafd32e2dc
commit
4daaf23491
3 changed files with 43 additions and 5 deletions
|
|
@ -1086,5 +1086,37 @@ class Handler_Public extends Handler {
|
||||||
|
|
||||||
return "tag:" . parse_url(get_self_url_prefix(), PHP_URL_HOST) . ",$timestamp:/$id";
|
return "tag:" . parse_url(get_self_url_prefix(), PHP_URL_HOST) . ",$timestamp:/$id";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// this should be used very carefully because this endpoint is exposed to unauthenticated users
|
||||||
|
// plugin data is not loaded because there's no user context and owner_uid/session may or may not be available
|
||||||
|
// in general, don't do anything user-related in here and do not modify $_SESSION
|
||||||
|
public function pluginhandler() {
|
||||||
|
$host = new PluginHost();
|
||||||
|
|
||||||
|
$plugin = basename($_REQUEST["plugin"]);
|
||||||
|
$method = $_REQUEST["pmethod"];
|
||||||
|
|
||||||
|
$host->load($plugin, PluginHost::KIND_USER, 0);
|
||||||
|
$host->load_data();
|
||||||
|
|
||||||
|
$pclass = $host->get_plugin($plugin);
|
||||||
|
|
||||||
|
if ($pclass) {
|
||||||
|
if (method_exists($pclass, $method)) {
|
||||||
|
if ($pclass->is_public_method($method)) {
|
||||||
|
$pclass->$method();
|
||||||
|
} else {
|
||||||
|
header("Content-Type: text/json");
|
||||||
|
print error_json(6);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
header("Content-Type: text/json");
|
||||||
|
print error_json(13);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
header("Content-Type: text/json");
|
||||||
|
print error_json(14);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
|
@ -22,6 +22,10 @@ class Plugin {
|
||||||
return array();
|
return array();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function is_public_method($method) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
function get_js() {
|
function get_js() {
|
||||||
return "";
|
return "";
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,10 @@ class Af_Zz_ImgProxy extends Plugin {
|
||||||
"fox");
|
"fox");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function is_public_method($method) {
|
||||||
|
return $method === "imgproxy";
|
||||||
|
}
|
||||||
|
|
||||||
function init($host) {
|
function init($host) {
|
||||||
$this->host = $host;
|
$this->host = $host;
|
||||||
|
|
||||||
|
|
@ -27,6 +31,7 @@ class Af_Zz_ImgProxy extends Plugin {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function imgproxy() {
|
public function imgproxy() {
|
||||||
|
|
||||||
$url = rewrite_relative_url(SELF_URL_PATH, $_REQUEST["url"]);
|
$url = rewrite_relative_url(SELF_URL_PATH, $_REQUEST["url"]);
|
||||||
$kind = (int) $_REQUEST["kind"]; // 1 = video
|
$kind = (int) $_REQUEST["kind"]; // 1 = video
|
||||||
|
|
||||||
|
|
@ -48,9 +53,6 @@ class Af_Zz_ImgProxy extends Plugin {
|
||||||
} else {
|
} else {
|
||||||
$data = fetch_file_contents(array("url" => $url));
|
$data = fetch_file_contents(array("url" => $url));
|
||||||
|
|
||||||
global $fetch_last_error;
|
|
||||||
print $fetch_last_error;
|
|
||||||
|
|
||||||
if ($data) {
|
if ($data) {
|
||||||
if (file_put_contents($local_filename, $data)) {
|
if (file_put_contents($local_filename, $data)) {
|
||||||
$mimetype = mime_content_type($local_filename);
|
$mimetype = mime_content_type($local_filename);
|
||||||
|
|
@ -76,7 +78,7 @@ class Af_Zz_ImgProxy extends Plugin {
|
||||||
|
|
||||||
if (($scheme != 'https' && $scheme != "") || $is_remote) {
|
if (($scheme != 'https' && $scheme != "") || $is_remote) {
|
||||||
if (strpos($url, "data:") !== 0) {
|
if (strpos($url, "data:") !== 0) {
|
||||||
$url = "backend.php?op=pluginhandler&plugin=af_zz_imgproxy&method=imgproxy&kind=$kind&url=" .
|
$url = "public.php?op=pluginhandler&plugin=af_zz_imgproxy&pmethod=imgproxy&kind=$kind&url=" .
|
||||||
urlencode($url);
|
urlencode($url);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue