Cavemanon/piratepoet
8
Fork 0
Code Pull Requests Actions Releases 16 Activity

- Adds validation for API data

Browse Source
This commit is contained in:
Vlad
2016-06-30 11:58:41 -04:00
parent 630b219e96
commit 38199dc96f
2 changed files with 17 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/Config/Initializer.php
View File

@@ -172,8 +172,12 @@ class Initializer {
} }
function setupPublicAPI() { function setupPublicAPI() {
$publicAPI = new PublicAPI(); try {
$publicAPI->init(); $publicAPI = new PublicAPI();
$publicAPI->init();
} catch(\Exception $e) {
// continue execution
}
} }
function runQueueSupervisor() { function runQueueSupervisor() {

15
lib/Config/PublicAPI.php
View File

@@ -25,13 +25,11 @@ class PublicAPI {
$this->action = isset($_GET['action']) ? $this->action = isset($_GET['action']) ?
Helpers::underscoreToCamelCase($_GET['action']) : Helpers::underscoreToCamelCase($_GET['action']) :
false; false;
$this->data = isset($_GET['data']) ? $this->data = $this->getAndValidateData();
unserialize(base64_decode($_GET['data'])) :
false;
} }
function init() { function init() {
if(!$this->api && !$this->endpoint) return; if(!$this->api || !$this->endpoint) return;
$this->_checkAndCallMethod($this, $this->endpoint, $terminate_request = true); $this->_checkAndCallMethod($this, $this->endpoint, $terminate_request = true);
} }
@@ -74,4 +72,13 @@ class PublicAPI {
) )
); );
} }
function getAndValidateData() {
if (!isset($_GET['data'])) return false;
$data = base64_decode($_GET['data']);
if (!is_serialized($data)) {
throw new \Exception(__('Invalid data format.'));
}
return unserialize($data);
}
} }