X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fajax%2Fajax_admin.php;h=98af1a46247b525f3fb94ec158fe376267f30321;hb=33a76a20bc94ffe95e9f13906eb7dc5cf354948d;hp=05d9d690f1248b2bf9eff0d83399db937df98aa4;hpb=596c8ab32594401ca84abfbfe35513ddfff31bec;p=mailer.git diff --git a/inc/ajax/ajax_admin.php b/inc/ajax/ajax_admin.php index 05d9d690f1..98af1a4624 100644 --- a/inc/ajax/ajax_admin.php +++ b/inc/ajax/ajax_admin.php @@ -16,7 +16,7 @@ * $Author:: $ * * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * - * Copyright (c) 2009 - 2012 by Mailer Developer Team * + * Copyright (c) 2009 - 2013 by Mailer Developer Team * * For more information visit: http://mxchange.org * * * * This program is free software; you can redistribute it and/or modify * @@ -36,8 +36,11 @@ ************************************************************************/ // Some security stuff... -if ((!defined('__SECURITY')) || (!isAdmin())) { +if (!defined('__SECURITY')) { die(); +} elseif ((!isAjaxOutputMode()) || (!isAdmin())) { + header('HTTP/1.1 403 Forbidden'); + die(json_encode(array('reply_content' => 'Access forbidden'), JSON_FORCE_OBJECT)); } // END - if // "Generates" admin content by loading a message template @@ -59,6 +62,7 @@ function doAjaxProcessAdmin () { // Again we do a call-back, so generate a function name depending on 'do' $callbackName = 'doAjaxAdmin' . capitalizeUnderscoreString(postRequestElement('do')); + $GLOBALS['ajax_callback_function'] = $callbackName; // Is the call-back function there? if (!function_exists($callbackName)) { @@ -104,9 +108,10 @@ function doAjaxAdminRequestContent () { setHttpStatus('200 OK'); } else { // Set 404 error - setHttpStatus('404 NOT FOUND'); + setHttpStatus('404 Not Found'); } } // END - if } + // [EOF] ?>