************************************************************************/
// Some security stuff...
-if ((!defined('__SECURITY')) || (!isAdmin())) {
- die();
+if ((!defined('__SECURITY')) || (!isAjaxOutputMode()) || (!isAdmin())) {
+ header('HTTP/1.1 403 Forbidden');
+ die(json_encode(array('reply_content' => 'Access forbidden'), JSON_FORCE_OBJECT));
} // END - if
// "Generates" admin content by loading a message template
function generateAdminContent () {
// Return it
- return displayMessage('{--ADMIN_AJAX_MENU_IS_LOADING--}', true);
+ return displayMessage('{--ADMIN_AJAX_MENU_IS_LOADING--}', TRUE);
}
// Processes AJAX requests for admin menu
// Is the HTTP status still the same? (204 No Content)
if (getHttpStatus() == '204 No Content') {
// We use the current access level 'install' as prefix and construct a template name
- setAjaxReplyContent(loadTemplate('admin_area_' . trim(postRequestElement('tab')), true));
+ setAjaxReplyContent(loadTemplate('admin_area_' . trim(postRequestElement('tab')), TRUE));
// Has the template been loaded?
if (isset($GLOBALS['template_content']['html']['admin_page_' . trim(postRequestElement('tab'))])) {
setHttpStatus('200 OK');
} else {
// Set 404 error
- setHttpStatus('404 NOT FOUND');
+ setHttpStatus('404 Not Found');
}
} // END - if
}
+
// [EOF]
?>