-
Andrew Dolgov authored
backend: load invoked classes via reflection so object constructor is called after it has been verified as an IHandler implementation. this should prevent a potential router vulnerability if non-IHandler autoloader-enabled class is requested by malicious authorized user *and* invoked class object does something insecurely in its constructor.
63ee91c8