X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fajax%2Fajax_admin.php;h=98af1a46247b525f3fb94ec158fe376267f30321;hb=33a76a20bc94ffe95e9f13906eb7dc5cf354948d;hp=ae95def44ce8c87eefb1bc6fda56883287ae55d5;hpb=6560179e7c8dc565485503f374d4e31f333ffd0e;p=mailer.git

diff --git a/inc/ajax/ajax_admin.php b/inc/ajax/ajax_admin.php
index ae95def44c..98af1a4624 100644
--- a/inc/ajax/ajax_admin.php
+++ b/inc/ajax/ajax_admin.php
@@ -16,7 +16,7 @@
  * $Author::                                                          $ *
  * -------------------------------------------------------------------- *
  * Copyright (c) 2003 - 2009 by Roland Haeder                           *
- * Copyright (c) 2009 - 2012 by Mailer Developer Team                   *
+ * Copyright (c) 2009 - 2013 by Mailer Developer Team                   *
  * For more information visit: http://mxchange.org                      *
  *                                                                      *
  * This program is free software; you can redistribute it and/or modify *
@@ -36,14 +36,17 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((!defined('__SECURITY')) || (!isAdmin())) {
+if (!defined('__SECURITY')) {
 	die();
+} elseif ((!isAjaxOutputMode()) || (!isAdmin())) {
+	header('HTTP/1.1 403 Forbidden');
+	die(json_encode(array('reply_content' => 'Access forbidden'), JSON_FORCE_OBJECT));
 } // END - if
 
 // "Generates" admin content by loading a message template
 function generateAdminContent () {
 	// Return it
-	return displayMessage('{--ADMIN_AJAX_MENU_IS_LOADING--}', true);
+	return displayMessage('{--ADMIN_AJAX_MENU_IS_LOADING--}', TRUE);
 }
 
 // Processes AJAX requests for admin menu
@@ -59,6 +62,7 @@ function doAjaxProcessAdmin () {
 
 	// Again we do a call-back, so generate a function name depending on 'do'
 	$callbackName = 'doAjaxAdmin' . capitalizeUnderscoreString(postRequestElement('do'));
+	$GLOBALS['ajax_callback_function'] = $callbackName;
 
 	// Is the call-back function there?
 	if (!function_exists($callbackName)) {
@@ -96,7 +100,7 @@ function doAjaxAdminRequestContent () {
 	// Is the HTTP status still the same? (204 No Content)
 	if (getHttpStatus() == '204 No Content') {
 		// We use the current access level 'install' as prefix and construct a template name
-		setAjaxReplyContent(loadTemplate('admin_area_' . trim(postRequestElement('tab')), true));
+		setAjaxReplyContent(loadTemplate('admin_area_' . trim(postRequestElement('tab')), TRUE));
 
 		// Has the template been loaded?
 		if (isset($GLOBALS['template_content']['html']['admin_page_' . trim(postRequestElement('tab'))])) {
@@ -104,9 +108,10 @@ function doAjaxAdminRequestContent () {
 			setHttpStatus('200 OK');
 		} else {
 			// Set 404 error
-			setHttpStatus('404 NOT FOUND');
+			setHttpStatus('404 Not Found');
 		}
 	} // END - if
 }
+
 // [EOF]
 ?>