Passed
Push — master ( 678db7...164b32 )
by Cody
06:12 queued 03:06
created

backend.php (2 issues)

1
<?php
2
	set_include_path(dirname(__FILE__)."/include".PATH_SEPARATOR.
3
		get_include_path());
4
5
	$op = $_REQUEST["op"];
6
	@$method = $_REQUEST['subop'] ? $_REQUEST['subop'] : $_REQUEST["method"];
7
8
	if (!$method) {
9
			$method = 'index';
10
	} else {
11
			$method = strtolower($method);
12
	}
13
14
	/* Public calls compatibility shim */
15
16
	$public_calls = array("globalUpdateFeeds", "rss", "getUnread", "getProfiles", "share",
17
		"fbexport", "logout", "pubsub");
18
19
	if (array_search($op, $public_calls) !== false) {
20
		header("Location: public.php?".$_SERVER['QUERY_STRING']);
21
		return;
22
	}
23
24
	@$csrf_token = $_REQUEST['csrf_token'];
25
26
	require_once "autoload.php";
27
	require_once "sessions.php";
28
	require_once "functions.php";
29
	require_once "config.php";
30
	require_once "db.php";
31
	require_once "db-prefs.php";
32
33
	startup_gettext();
34
35
	$script_started = microtime(true);
36
37
	if (!init_plugins()) {
38
	    return;
39
	}
40
41
	header("Content-Type: text/json; charset=utf-8");
42
43
	if (ENABLE_GZIP_OUTPUT && function_exists("ob_gzhandler")) {
0 ignored issues
show
The constant ENABLE_GZIP_OUTPUT was not found. Maybe you did not declare it correctly or list all dependencies?
Loading history...
44
		ob_start("ob_gzhandler");
45
	}
46
47
	if (SINGLE_USER_MODE) {
0 ignored issues
show
The constant SINGLE_USER_MODE was not found. Maybe you did not declare it correctly or list all dependencies?
Loading history...
48
		authenticate_user("admin", null);
49
	}
50
51
	if ($_SESSION["uid"]) {
52
		if (!validate_session()) {
53
			header("Content-Type: text/json");
54
			print error_json(6);
55
			return;
56
		}
57
		load_user_plugins($_SESSION["uid"]);
58
	}
59
60
	$purge_intervals = array(
61
		0  => __("Use default"),
62
		-1 => __("Never purge"),
63
		5  => __("1 week old"),
64
		14 => __("2 weeks old"),
65
		31 => __("1 month old"),
66
		60 => __("2 months old"),
67
		90 => __("3 months old"));
68
69
	$update_intervals = array(
70
		0   => __("Default interval"),
71
		-1  => __("Disable updates"),
72
		15  => __("15 minutes"),
73
		30  => __("30 minutes"),
74
		60  => __("Hourly"),
75
		240 => __("4 hours"),
76
		720 => __("12 hours"),
77
		1440 => __("Daily"),
78
		10080 => __("Weekly"));
79
80
	$update_intervals_nodefault = array(
81
		-1  => __("Disable updates"),
82
		15  => __("15 minutes"),
83
		30  => __("30 minutes"),
84
		60  => __("Hourly"),
85
		240 => __("4 hours"),
86
		720 => __("12 hours"),
87
		1440 => __("Daily"),
88
		10080 => __("Weekly"));
89
90
	$access_level_names = array(
91
		0 => __("User"),
92
		5 => __("Power User"),
93
		10 => __("Administrator"));
94
95
	$op = str_replace("-", "_", $op);
96
97
	$override = PluginHost::getInstance()->lookup_handler($op, $method);
98
99
	if (class_exists($op) || $override) {
100
101
		if ($override) {
102
			$handler = $override;
103
		} else {
104
			$handler = new $op($_REQUEST);
105
		}
106
107
		if ($handler && implements_interface($handler, 'IHandler')) {
108
			if (validate_csrf($csrf_token) || $handler->csrf_ignore($method)) {
109
				if ($handler->before($method)) {
110
					if ($method && method_exists($handler, $method)) {
111
						$handler->$method();
112
					} else {
113
						if (method_exists($handler, "catchall")) {
114
							$handler->catchall($method);
115
						}
116
					}
117
					$handler->after();
118
					return;
119
				} else {
120
					header("Content-Type: text/json");
121
					print error_json(6);
122
					return;
123
				}
124
			} else {
125
				header("Content-Type: text/json");
126
				print error_json(6);
127
				return;
128
			}
129
		}
130
	}
131
132
	header("Content-Type: text/json");
133
	print error_json(13);
134