Introduced ext-cron

[mailer.git] / inc / ajax / ajax_admin.php

diff --git a/inc/ajax/ajax_admin.php b/inc/ajax/ajax_admin.php
index ae95def44ce8c87eefb1bc6fda56883287ae55d5..e93830cba66da6138fa31cccc8679a9ea27a7045 100644 (file)
--- a/inc/ajax/ajax_admin.php
+++ b/inc/ajax/ajax_admin.php
@@ -36,14 +36,15 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((!defined('__SECURITY')) || (!isAdmin())) {
-       die();
+if ((!defined('__SECURITY')) || (!isAjaxOutputMode()) || (!isAdmin())) {
+       header('HTTP/1.1 403 Forbidden');
+       die(json_encode(array('reply_content' => 'Access forbidden'), JSON_FORCE_OBJECT));
 } // END - if
 
 // "Generates" admin content by loading a message template
 function generateAdminContent () {
        // Return it
-       return displayMessage('{--ADMIN_AJAX_MENU_IS_LOADING--}', true);
+       return displayMessage('{--ADMIN_AJAX_MENU_IS_LOADING--}', TRUE);
 }
 
 // Processes AJAX requests for admin menu
@@ -96,7 +97,7 @@ function doAjaxAdminRequestContent () {
        // Is the HTTP status still the same? (204 No Content)
        if (getHttpStatus() == '204 No Content') {
                // We use the current access level 'install' as prefix and construct a template name
-               setAjaxReplyContent(loadTemplate('admin_area_' . trim(postRequestElement('tab')), true));
+               setAjaxReplyContent(loadTemplate('admin_area_' . trim(postRequestElement('tab')), TRUE));
 
                // Has the template been loaded?
                if (isset($GLOBALS['template_content']['html']['admin_page_' . trim(postRequestElement('tab'))])) {
@@ -104,9 +105,10 @@ function doAjaxAdminRequestContent () {
                        setHttpStatus('200 OK');
                } else {
                        // Set 404 error
-                       setHttpStatus('404 NOT FOUND');
+                       setHttpStatus('404 Not Found');
                }
        } // END - if
 }
+
 // [EOF]
 ?>