-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathboot.php
More file actions
36 lines (31 loc) · 1.26 KB
/
boot.php
File metadata and controls
36 lines (31 loc) · 1.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
<?php
if ('login' === rex_be_controller::getCurrentPage()) {
rex_view::addJsFile(rex_url::addonAssets('be_password', 'javascript/be_password.js'));
rex_view::addCssFile(rex_url::addonAssets('be_password', 'be_password.css'));
}
rex_extension::register('PACKAGES_INCLUDED', static function () {
$bePwdRequest = rex_request('be_password_request', 'string', '');
if (
'' < $bePwdRequest && 2 <= substr_count($bePwdRequest, '/')
) {
$a = explode('/', $bePwdRequest);
$controller = ucfirst($a[1]);
$action = $a[2] . 'Action';
// Validate controller and action names to prevent security issues
if (!preg_match('/^[a-zA-Z][a-zA-Z0-9]*$/', $controller)
|| !preg_match('/^[a-zA-Z][a-zA-Z0-9]*Action$/', $action)) {
return;
}
$arg = $a[3] ?? '';
$controller_class = 'FriendsOfRedaxo\BePassword\Controller\\' . $controller . 'Controller';
// Check if class exists before instantiation
if (class_exists($controller_class)) {
$c = new $controller_class();
if (method_exists($c, $action)) {
$content = call_user_func([$c, $action], $arg);
echo $content;
exit;
}
}
}
});