fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-04 01:01:41 +09:00
Code Issues Projects Releases Packages Wiki Activity

Support more HTTP methods #2287

Browse source
This commit is contained in:
Kijin Sung 2024-03-24 22:57:07 +09:00
parent f419353013
commit eb5dd18659
3 changed files with 22 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

11
classes/context/Context.class.php
View file

@ -142,6 +142,15 @@ class Context
'@</?script@i' => 'ALLOW ADMIN ONLY',
);
/**
* HTTP methods supported by router.
*/
private static $_router_methods = array(
'GET', 'POST', 'JSON', 'XMLRPC',
'HEAD', 'OPTIONS', 'PUT', 'PATCH',
'DELETE', 'TRACE',
);
/**
* Obtain a singleton instance of Context.
*
@ -195,7 +204,7 @@ class Context
// Set information about the current request.
self::_checkGlobalVars();
self::setRequestMethod();
if (in_array(self::$_instance->request_method, array('GET', 'POST', 'JSON')))
if (in_array(self::$_instance->request_method, self::$_router_methods))
{
$method = $_SERVER['REQUEST_METHOD'] ?? 'GET';
$request = Rhymix\Framework\Router::parseURL($method, RX_REQUEST_URL, Rhymix\Framework\Router::getRewriteLevel());

11
classes/module/ModuleHandler.class.php
View file

@ -38,6 +38,13 @@ class ModuleHandler extends Handler
'svc' => '',
);
/**
* List of HTTP methods that do not require CSRF checks by default.
*/
protected static $_nocsrf_methods = array(
'GET', 'HEAD', 'OPTIONS',
);
/**
* prepares variables to use in moduleHandler
* @param string $module name of module
@ -377,7 +384,7 @@ class ModuleHandler extends Handler
}
// check CSRF for non-GET (POST, PUT, etc.) actions
if(Context::getRequestMethod() !== 'GET' && Context::isInstalled())
if(!in_array(Context::getRequestMethod(), self::$_nocsrf_methods) && Context::isInstalled())
{
if(isset($xml_info->action->{$this->act}) && $xml_info->action->{$this->act}->check_csrf !== 'false' && !checkCSRF())
{
@ -539,7 +546,7 @@ class ModuleHandler extends Handler
}
// check CSRF for non-GET (POST, PUT, etc.) actions
if(Context::getRequestMethod() !== 'GET' && Context::isInstalled())
if(!in_array(Context::getRequestMethod(), self::$_nocsrf_methods) && Context::isInstalled())
{
if($xml_info->action->{$this->act} && $xml_info->action->{$this->act}->check_csrf !== 'false' && !checkCSRF())
{