Permalink
Browse files

some security for API #944

  • Loading branch information...
tablatronix committed Oct 30, 2014
1 parent 06df471 commit 4c44b947a3ebb94fc14e972d990e717add1c0b7c
Showing with 6 additions and 2 deletions.
  1. +6 −2 admin/api.php
View
@@ -12,6 +12,12 @@
if (empty($_POST)) exit;
if (!defined('GSEXTAPI')) exit;
// disable libxml error output
libxml_use_internal_errors();
// disable entity loading to avoid xxe
libxml_disable_entity_loader();
#step 1 - check post for data
if (!isset($_POST['data'])) {
$message = array('status' => 'error', 'message' => i18n_r('API_ERR_MISSINGPARAM'));
@@ -36,8 +42,6 @@
$method = (string)$in->method;
echo call_user_func(array($request, $method), '');
exit;
/*

0 comments on commit 4c44b94

Please sign in to comment.