fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-04 01:01:41 +09:00
Code Issues Projects Releases Packages Wiki Activity

Support sending all _rx_* POST fields as HTTP headers instead

Browse source 
하위호환성, 부가기능 등을 위한 _rx_* POST 필드가 점점 많아짐에 따라
모두 헤더로 대체할 수 있도록 지원하고, 앞으로 점점 헤더로 바꿀 예정

CSRF 토큰은 예전부터 X-CSRF-Token 헤더를 지원했음
This commit is contained in:
Kijin Sung 2023-08-27 23:32:31 +09:00
parent dc492345da
commit 06e736178b
5 changed files with 17 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

5
classes/context/Context.class.php
View file

@ -1140,9 +1140,10 @@ class Context
if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'POST')
{
// Set variables for XE compatibility.
if (isset($_POST['_rx_ajax_compat']) && in_array($_POST['_rx_ajax_compat'], array('JSON', 'XMLRPC')))
$compat = $_SERVER['HTTP_X_AJAX_COMPAT'] ?? ($_POST['_rx_ajax_compat'] ?? false);
if ($compat && in_array($compat, array('JSON', 'XMLRPC')))
{
self::$_instance->request_method = $_POST['_rx_ajax_compat'];
self::$_instance->request_method = $compat;
return;
}
else

2
classes/display/DisplayHandler.class.php
View file

@ -97,7 +97,7 @@ class DisplayHandler extends Handler
}
else
{
if($responseMethod == 'JSON' || $responseMethod == 'JS_CALLBACK' || isset($_POST['_rx_ajax_compat']))
if($responseMethod == 'JSON' || $responseMethod == 'JS_CALLBACK' || isset($_SERVER['HTTP_X_AJAX_COMPAT']) || isset($_POST['_rx_ajax_compat']))
{
self::_printJSONHeader();
}

7
classes/module/ModuleHandler.class.php
View file

@ -701,7 +701,7 @@ class ModuleHandler extends Handler
$procResult = $oModule->proc();
$methodList = array('XMLRPC' => 1, 'JSON' => 1, 'JS_CALLBACK' => 1);
if(!$oModule->stop_proc && !isset($methodList[Context::getRequestMethod()]) && !isset($_POST['_rx_ajax_form']))
if(!$oModule->stop_proc && !isset($methodList[Context::getRequestMethod()]) && !isset($_SERVER['HTTP_X_AJAX_TARGET']) && !isset($_POST['_rx_ajax_form']))
{
$error = $oModule->getError();
$message = $oModule->getMessage();
@ -1013,7 +1013,8 @@ class ModuleHandler extends Handler
if(!isset($methodList[Context::getRequestMethod()]))
{
// Handle iframe form submissions.
if(isset($_POST['_rx_ajax_form']) && starts_with('_rx_temp_iframe_', $_POST['_rx_ajax_form']))
$ajax_form_target = strval($_SERVER['HTTP_X_AJAX_TARGET'] ?? ($_POST['_rx_ajax_form'] ?? ''));
if($ajax_form_target !== '' && starts_with('_rx_temp_iframe_', $ajax_form_target))
{
$data = [];
if ($this->error)
@ -1029,7 +1030,7 @@ class ModuleHandler extends Handler
$data = array_merge($data, $oModule->getVariables());
ob_end_clean();
echo sprintf('<html><head></head><body><script>parent.XE.handleIframeResponse(%s, %s);</script></body></html>', json_encode(strval($_POST['_rx_ajax_form'])), json_encode($data));
echo sprintf('<html><head></head><body><script>parent.XE.handleIframeResponse(%s, %s);</script></body></html>', json_encode($ajax_form_target), json_encode($data));
return;
}