Filter allowed methods in plugin form controller

glpi-project · Sep 14, 2022 · f542ec8 · f542ec8
1 parent 5f5c602
commit f542ec8
Showing 1 changed file with 23 additions and 11 deletions.
diff --git a/front/plugin.form.php b/front/plugin.form.php
@@ -43,16 +43,28 @@
 
 $plugin = new Plugin();
 
-if (
-    isset($_POST['action'])
-    && isset($_POST['id'])
-) {
-    if (method_exists($plugin, $_POST['action'])) {
-        call_user_func([$plugin, $_POST['action']], $_POST['id']);
-    } else {
-        echo "Action " . $_POST['action'] . " undefined";
-    }
-    Html::back();
+$id     = isset($_POST['id']) && is_numeric($_POST['id']) ? (int)$_POST['id'] : null;
+$action = $id > 0 && isset($_POST['action']) ? $_POST['action'] : null;
+
+switch ($action) {
+    case 'install':
+        $plugin->install($id);
+        break;
+    case 'activate':
+        $plugin->activate($id);
+        break;
+    case 'unactivate':
+        $plugin->unactivate($id);
+        break;
+    case 'uninstall':
+        $plugin->uninstall($id);
+        break;
+    case 'clean':
+        $plugin->clean($id);
+        break;
+    default:
+        Html::displayErrorAndDie('Lost');
+        break;
 }
 
-Html::displayErrorAndDie('Lost');
+Html::back();